Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

cybersecurity news showing on a tablet on a table with a notebook and coffee

Latest Cybersecurity News

ISA is committed to keeping the security community up to date with the latest cybersecurity news. 


 

Record number of girls apply for CyberFirst courses

The National Cyber Security Centre (NCSC) in the U.K. has reported that its CyberFirst cybersecurity courses held over the summer attracted a record number of registrants, including a 60% increase in female attendees.

According to enrolment figures reported by the NCSC, the number of girls who applied for the virtual courses rose from 930 in 2019 to 1,492 this year. The number of boys who applied rose by 30%, from 1,824 in 2019 to 2,398 this year.

Executives at the NCSC were understandably enthusiastic about the results: earlier this year, the NCSC had pledged to take action to improve inclusion and diversity in the UK workforce in response to a report from the UK’s Department for Digital, Culture, Media & Sport indicating that a scant 15% of the cybersecurity workforce is female.

“I’m delighted to see that more young people are exploring the exciting world of cyber security, and it’s especially encouraging to see such a level of interest from girls,” said the NCSC’s deputy director for cyber growth, Mr. Chris Ensor.

CyberFirst (which was featured in ISA’s cybersecurity news bulletin on May 26, 2020) is a programme of opportunities designed to introduce young people aged 11-17 years to the world of cyber security. The programme features resources, courses, bursaries, apprenticeships, and an annual girls’ competition.

Warner Music suffers data breach affecting xxx

On September 3, Warner Music Group filed a breach notification sample with the California Department of Justice, disclosing that it had suffered a data breach affecting online transactions over the period between April 25, 2020 and August 5, 2020.

According to third party reports, several e-commerce websites owned by Warner Music – but hosted and supported by an unnamed external service provider – were found to have been compromised by malware. Hackers managed to install “data-skimming” code on the sites which intercepted and exfiltrated personal data including customer names, email addresses, telephone numbers, billing and shipping addresses, payment card numbers and expiry dates, and even CVV codes. Payments made through PayPal were reportedly not affected by this incident.

The data skimming malware used reportedly bears resemblance to the tools and tactics used by Magecart, a cybercrime syndicate specializing in compromising online payment forms.

The scope of the breach has not yet been confirmed, and the breach notification failed to identify which of the numerous e-commerce websites owned by Warner Music – which operates in over 70 countries globally – were affected. Warner owns some of the most popular recording labels in the world including Elektra, Warner Records, Atlantic, Warner Classics, Parlophone, and Warner Music Nashville.

As a precaution, Warner advised all customers who executed transactions during the affected window. “While we cannot definitively confirm that your personal information was affected, it is possible that it might have been as your transaction(s) occurred during the period of compromise. If it was, this might have exposed you to a risk of fraudulent transactions being carried out using your details,” read the mail-merge style breach announcement filed with the California DOJ.

The statement went on to advise customers that Warner had been quick to involve law enforcement and the payment card issuers involved, once the breach had been detected. Potentially affected customers have been provided resources on how to track and report suspicious activity on their payment cards, and have been offered a year of identity monitoring services free of charge through Kroll, a global security consulting firm.

WhatsApp launches security advisory page, reports six zero-day vulnerabilities

On September 3, WhatsApp – the world’s most popular messaging app with some two billion users worldwide – launched a new, dedicated security advisory page. The first iteration of the new page was populated with an archive of old reported bugs and a “2020 Updates” section that revealed a half dozen previously undisclosed zero-day vulnerabilities, all of which have been patched.

WhatsApp said five of the six vulnerabilities were fixed on the same day they were reported, while the sixth bug was somewhat more complicated, and took a couple of days to resolve and test. The company said it found no evidence that the bugs had been exploited in the wild.

Some of the vulnerabilities were report through Facebook’s so-called Bug Bounty Program which rewards external security researchers who detect and report vulnerabilities in any of Facebook’s products, including Instagram, WhatsApp, Messenger, and the flagship Facebook app and site. Five of the vulnerabilities were characterized as critical.

According to the introductory comments on the WhatsApp site, the new advisory page is intended to reflect WhatsApp’s commitment to transparency, and is a call-to-action for users to keep their apps current with the latest security patches and updates.

NEWSLETTER

Get exclusively curated cyber insights and news in your inbox

Related Posts

Contact Us Today