We have added a new Guidance category on Zero Trust concepts (several blogs in preparation). This is a concept that goes beyond the use of VPN’s for secure access to corporate resources when working remotely or at home. The general idea is that that the organisation no longer assumes that users, systems or services operating from within the security perimeter ( and for that include via a VPN) should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access. We have isolated a number of blogs that support this concept and we will be blogging about this once our research is complete.
Stories from the web
This is a selection of the newsworthy articles we saw reporting on a variety of security and privacy incidents and taken from our Twitter Feed.
- There have been numerous reports of phishing attempts using fake UK Council Tax refunds.
- New wave of voice phishing attacks targets VPN credentials
- Office 365 phishing scam uses Google Ad domains to evade security.
- Hundreds of millions of Instagram, TikTok, YouTube accounts compromised by data breach | TechRadar
- Reported Data Breaches Down by 52% in 2020 (yeah right!!)
- Hackers Breach into Over 10,000 Canadian Government Accounts, Targeting COVID-19 Relief Package
- Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users
- Intel hacked: Confidential files, backdoors obtained and leaked by anonymous hacker
- Startups disclose data breaches after massive 386M records leak
- Save the Children Statement on Blackbaud Security Breach
- National Trust joins victims of Blackbaud hack
- Apple Sued Over Alleged $1 Billion App Store And iTunes Card Scam
- NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug
- Thousands of Instacart customer details sold online.
- Which websites and services are banned in Russia?
- Which websites and online services are banned in China?
- Huawei ban expanded to include foreign-made chips using US tech
- TikTok and WeChat face imminent US ban after Trump signs executive order.
Malicious Apps & Extensions:
- Malicious code reportedly found in iOS apps installed by billions of users
- Chrome extensions with 80 million+ users found engaging in ad fraud.
Malware & Security Threats:
- U.S. urges Linux users to secure kernels from new Russian malware threat
- Microsoft enables TLS 1.3 by default in latest Windows 10 builds
- Amazon Alexa security bug could have let hackers listen in to your chats
- Privacy-centric Tor Browser struggling to contain a major security issue
- Beware – that email from Google or Amazon could be malware
- Attackers Hone in on MFA Bypass Options for Account Takeovers
- Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks
- Hospitals worldwide hit by wave of cyberattacks seeking to crash websites during Covid-19 pandemic
- Vulnerable perimeter devices: a huge attack surface
- Facebook Seen as Riskiest Online Platform
- FBI sees surge in online shopping scams, FTC says most reports ever
- Linux users, beware: TrickBot malware is no longer Windows-exclusive
- 79 Netgear routers are at risk of hacking, but over half won’t be patched
- EU sanctions hackers from China, Russia, North Korea who’re wanted by the FBI
- Google: Eleven zero-days detected in the wild in the first half of 2020
- 17-Year-Old ‘Mastermind’, 2 Others Behind the Biggest Twitter Hack Arrested
- Microsoft to remove all SHA-1 Windows downloads next week
- Billions of Devices Impacted by Secure Boot Bypass
- North Korean hackers created VHD ransomware for enterprise attacks
- Emotet malware now steals your email attachments to attack contacts
- Broadened CIA cyberattack powers put businesses on alert
- UK and US warn QNAP owners to upgrade firmware to block malware.
- Travelex Forced into Administration After Ransomware Attack
- Netwalker ransomware earned $25 million in just five months
- Canon confirms major ransomware attack has taken down its systems.
Every week Bleeping Computer publish a report of all the Ransomware attacks happing that week. We usually re-tweet this on our Twitter feed (where a lot of threat intelligence can be gathered). For this month we will post the August bulletins here:
- The Week in Ransomware – August 7th 2020
- The Week in Ransomware – August 14th 2020
- The Week in Ransomware – August 21st 2020.
Site development news
All the usual updates on our blogs and guidance sections. This also includes:
- Several Guidance pages have been updated:
- Changed the headline picture for our guidance section
- Extensive updates to our Glossary of Terms – this is an ongoing process, but this is a major back-fill from various sources as well as from our blogs
- Added a new Guidance category on Zero Trust concepts (several blogs in preparation)
- Re-branded our Twitter feed as a Threat Intelligence source
- Removed the search function from the main menu as this is covered by other means.
Join our newsletter mailing list
Sign-up for regular news by joining our newsletter mailing list. This is separate to following our blog on this site.