Security News > 2022 > August > Zoom patches make-me-root security flaw, patches patch

"In most cases, the vulnerabilities exist because the software fully trusted data coming from the PLC without performing extensive security checks," Team82 said.

Security researchers at Accenture have highlighted the following point: the type of data being sold online after ransomware attacks is exactly the sort of stuff that's ideal for launching business email compromise attacks.

According to Accenture, its team "Found that the most disclosed data types overlap with the data types most useful for conducting BEC and VEC attacks: financial, employee, and communication data, and operational documents."

"The utility of dedicated leak site data has historically been limited by the difficulty of interacting with large quantities of poorly stored data," the researchers said.

The researchers pointed to at least two data leak sites that offer searchable indexed data on easily used, publicly-accessible sites, with individual records available for as little as a dollar.

Based on the types of data being stolen and sold, and the rise of indexed black data markets, Accenture said it "Assesses that the primary factor driving an increased threat of BEC and VEC attacks is the availability of data like that described above."

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/22/in-brief-security/