JULY WEEK 1

Spear-phishing attacks are making a comeback: BEC scam with a value of £380 million.

With one of the most profitable spear-phishing campaigns to date whose targets include a Premier Football team and a US law firm. The method of choice? Business Email Compromise Fraud. The apprehended perpetrator is Ramon Abbas, who wasn’t discrete with his amass of funds. Abbas exhibited his extravagant lifestyle on social media with a suite of luxury cars and even a private jet.

 

Click for more details

 

 

Yahoo ex-employee avoids jail for compromising 6000 yahoo accounts.

In September 2019, Reyes Daniel Ruiz, a Software Engineer employed by Yahoo, pled guilty to hacking into customer accounts. Over three years, he primarily targeted the accounts of mostly young women trying to uncover personal private pictures. He was convicted this week and narrowly avoided jail time and was handed a five-year probation sentence.

More details here

 

 

Unpatched home routers exposes further working from home risks during pandemic

 

 

A jaw-dropping study by the Fraunhofer Institute for Communication, Information Processing and Ergonomics has declared that every home router is likely to have vulnerabilities. Out of 127 routers studied, flaws were found in all of them. What was most worrying was the fundamental issues and inability of manufacturers to address the problems in updates. Particular emphasis is placed on Linux OS, which comprised 91% of the routers sampled.  

 

An accumulation of crackable passwords, lack of patching, questionable cryptography, and inconsistent updates were some of the many critiques.  

 

With home and business life coming together, this proves a genuine risk for firms today. 

Home Router Security Report

 

 

Massive increase in Stalkerware apps since March

It would seem some people have far too much time on their hands during the lockdown. While many of us try to learn a new instrument or improve on our fitness, others would rather install unauthorised tracking software on spouses and ex-spouses phones.

Not to be confused with Spyware, the main difference is that stalkerware is deliberately installed and is readily advertised for this very purpose, often under the guise of parental control usage.

 

What can stalkerware do?

  • Trace websites visited
  • Monitor your SMS messages
  • Monitor your social media activity
  • Track the location of the user
  • Tap into phone calls 

UK Anti-malware study has shown an increase of 83% of stalkerware installation since March this year.  In line with a massive increase in domestic abuse cases during the same period.

Click here for more details

 

 

Up to 6000 F5 devices exposed 

This severe security flaw within the configuration interface is an application delivery controller vulnerability. To make matters worse, the mitigation measures can be bypassed and have been “exploited in the wild.”  

48 out of 50 Fortune are F5 customers – not a good look. F5 has issued an apology and recommends users restrict access to the management interface. Both patching and applying mitigation measures are advised.

Further information

 

 

Other Posts...

Vacancy: Security Systems Engineer- (DevSecOps)

Vacancy: Security Systems Engineer- (DevSecOps)

3rd August 2020
Read More
BLACKHAT GUEST SPEAKER: Owanate Bestman

BLACKHAT GUEST SPEAKER: Owanate Bestman

30th July 2020
Read More
10 Free Cyber Security Training Courses

10 Free Cyber Security Training Courses

28th July 2020
Read More