NIST’s Privacy Framework Reaches Version 1.0 Release

It is becoming extremely critical for organizations to build innovative products and services that use personal data while still safeguarding user’s privacy. To lend a hand to them in this shared mission, the National Institute of Standards and Technology (NIST) has released version 1.0 of its Privacy Framework, a tool designed to help organizations manage privacy risks. NIST published a preliminary draft of the Privacy Framework in September 2019, when it requested public feedback. The agency had initially hoped to release version 1.0 by the end of 2019, but it was officially announced only on January 16. NIST further said that the Privacy Framework is meant to complement the NIST Cybersecurity Framework; both are slated to go on periodic revisions. The NIST Privacy Framework is available here in PDF format.

 

Multiple weaknesses in ICS can expose Organizations to serious risks

A new analysis of Industrial control systems (ICS) sheds light on how some legitimate and deeply rooted product features and functions can actually pose a threat to organizations. ICS systems are widely used in the networks oil & gas, power generation, refining & chemicals, pulp & paper, and mining industries. According to a study conducted by PAS Global, over 10,000 industrial points have been found to be affected by over 380,000 known vulnerabilities. The study unfolded that many of the industrial control systems used by these organizations are affected by design flaws and weaknesses that could be used by malicious actors for a wide range of purposes. This includes causing disruption and physical damage. A majority of the vulnerabilities were found impacting software made by Microsoft. The exploitation in most cases only requires network access or basic privileges. In particular, the study has identified two types of issues: ubiquitous weaknesses, which affect a wide range of products and unique weaknesses that are specific to a product.

 

Fake Amazon Representatives Involved in UK's Phone Scam

Recently, scammers impersonating representatives from Amazon were reported calling up Amazon users and offering them a variety of services including free delivery, but only when users follow their commands. Many users took the bait, only to realize later that it was a scam. As per media reports, a caller claiming to represent Amazon Prime, Amazon’s paid subscription service, would offer the users in Malvern access to services such as free two-day delivery. The scams start with an automated telephone call. It ends with the victim downloading a piece of software on their system. This gives the criminal access to the victim’s computer. In the final stage of the scam, the crooks ask victims to log on to their online banking account.  It is when the fraudster seizes the opportunity to steal their banking details, or even deflect the victim’s attention elsewhere while money is being deducted from their account. The scam has been reported across the country. As per Action Fraud, the U.K’s national reporting center for fraud and cybercrime, there have been multiple call complaint about the scam since September 2019.

 

Over 2000 Wordpress Sites Hacked to Propagate Scam Campaign

More than 2000 WordPress sites have been hacked by cybercriminals for a scam campaign that redirects visitors to several scam sites. Discovered by researchers from Sucuri, the hacking campaign makes use of previously known vulnerabilities in WordPress plugins. Some of the vulnerable plugins exploited include the ‘CP Contact Form with PayPal’ and the ‘Simple Fields’. Website owners are urged to disable the modification of primary folders to block hackers from inserting malicious files. Meanwhile, experts claim that attackers will continue to register new domains or leverage existing unused domains to conduct such scam campaigns in the future.

 

New Faketoken Trojan Variant Sends Mass Texts to Premium-rate Cell Numbers

Faketoken Android banking trojan has reappeared after being revamped. Kaspersky researchers have detected some 5,000 smartphones infected by Faketoken that had started sending offensive text messages. The cooks behind Faketoken Trojan have begun hijacking users’ devices and sending SMS messages to premium foreign numbers. Researchers found that many of the infected smartphones were made to text a foreign number, the cost of which was borne by the owners of the infected devices. So far, it’s unclear as to how Faketoken is targeting devices, and for how long these attacks may continue. But, to avoid getting ensnared, users should follow the below-mentioned tips.

 

Edited and compiled by cyber security specialist James Aguilan.