Cyber Bites

Citizen Lab, a research group within the University of Toronto, has been able to drive a proverbial truck through the encryption used by video conferencing app Zoom. In a report where the group said the video platform was not suitable for sharing secrets nor government or business use, Citizen Lab found Zoom has been rolling its own encryption scheme as part of a custom extension to the real-time transport protocol. Further, instead of using AES-256...

Read more

    Researchers at vpnMentor have shared news about a recent data leak which exposed 425 GB in sensitive financial documents. The research team, led by Noam Rotem, uncovered an open database on an app developed by Advantage Capital Funding and Argus Capital Funding. The app, which is now no longer available for download, stored data on an AWS S3 bucket database which apparently did not employ any form of encryptions, authentication, or access credentials....

Read more

  Birth certificates being sent to strangers and missing marriage certificates were among almost 400 data breaches reported at the Department of Social Protection last year. The 371 data breaches represent an increase of more than 60 percent compared with the previous year, when 226 incidents were logged, according to records obtained under freedom of information rules. In one case discovered at the department headquarters, three birth certificates and a marriage certificate were sent to...

Read more
computer

The Interpol has warned of a significant increase in the number of attempted ransomware attacks against hospitals and other healthcare institutions on the front lines of the fight against the Covid-19 pandemic. At this point, the ransomware appears to be spreading primarily via emails – often falsely claiming to contain information or advice regarding the coronavirus from a government agency, which encourages the recipient to click on an infected link or attachment. Source: Computer Weekly

Read more
Dark web cybercriminals

Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. Attacks began last month, in March, and are believed to be related to the current coronavirus (COVID-19) outbreak. Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide remote access to enterprise and government networks. Source: ZD Net

Read more
phishing keyboard

    A phishing campaign using Office 365 voicemail lures to trick them into visiting landing pages designed to steal their personal information or infect their computers with malware. The phishing emails delivered by the operators behind this series of attacks use the old trick of reversing some of the text elements in the source code and rendering forward within the email displayed to the target, with a twist: this time it involves using Cascading...

Read more

Microsoft has started notifying hospitals vulnerable to known threats, the company announced in a blog post earlier this week. Hospitals and other healthcare institutions around the world are being pushed to their limits thanks to the coronavirus outbreak, and hackers are using it as an opportunity to compromise their networks, steal money and data, and wreak havoc in the process. Some of the vulnerabilities are relatively known, at least to Microsoft. The company knows that...

Read more
Data breach

  Led by Noam Rotem and Ran Locar, vpnMentor’s research team of ethical hackers, recently discovered a data leak by the popular app Key Ring, that compromised the privacy and security of their 14 million users. Key Ring allows users to upload scans and photos of membership and loyalty cards onto a digital folder on one’s phone. However, many users also use it to store copies of IDs, driver licenses, credit cards, and more. Source:...

Read more
data

  The feature, criticized for “undisclosed data-mining,” is only the latest privacy faux pas for Zoom this month. Zoom has nixed a feature that came under fire for “undisclosed data mining” of users’ names and email addresses, used to match them with their LinkedIn profiles. The feature, the LinkedIn Sales Navigator, is a LinkedIn service used for sales prospecting. When users enter a web conference meeting, the tool automatically sent their user names and email...

Read more

OGUsers, one of the most popular hacking forums on the internet, disclosed today a security breach, the second such incident in the past year. "It appears that someone was able to breach the server through a shell in avatar uploading in the forum software and get access to our current database dating April 2, 2020," said Ace, the forum's administrator. The attacker is believed to have stolen the details of more than 200,000 users, the...

Read more
Page 1 of 121 1 2 121