Cyber Bites

The data of more than 600,000 Email.it users is currently being sold on the dark web, ZDNet has learned following a tip from one of our readers. "Unfortunately, we must confirm that we have suffered a hacker attack," the Italian email service provider said in a statement to ZDNet on Monday. Source: ZD Net

Microsoft published this week details about a new project the company has been working for the Linux kernel. Named Integrity Policy Enforcement -- or IPE -- the project is a Linux security module (LSM). LSMs are optional add-ons for the Linux kernel that enable additional security features. According to a documentation page published on Monday, IPE is Microsoft's attempt to solve the code integrity problem for Linux -- an operating system the company broadly uses...

Citizen Lab, a research group within the University of Toronto, has been able to drive a proverbial truck through the encryption used by video conferencing app Zoom. In a report where the group said the video platform was not suitable for sharing secrets nor government or business use, Citizen Lab found Zoom has been rolling its own encryption scheme as part of a custom extension to the real-time transport protocol. Further, instead of using AES-256...

    Researchers at vpnMentor have shared news about a recent data leak which exposed 425 GB in sensitive financial documents. The research team, led by Noam Rotem, uncovered an open database on an app developed by Advantage Capital Funding and Argus Capital Funding. The app, which is now no longer available for download, stored data on an AWS S3 bucket database which apparently did not employ any form of encryptions, authentication, or access credentials....

  Birth certificates being sent to strangers and missing marriage certificates were among almost 400 data breaches reported at the Department of Social Protection last year. The 371 data breaches represent an increase of more than 60 percent compared with the previous year, when 226 incidents were logged, according to records obtained under freedom of information rules. In one case discovered at the department headquarters, three birth certificates and a marriage certificate were sent to...

The Interpol has warned of a significant increase in the number of attempted ransomware attacks against hospitals and other healthcare institutions on the front lines of the fight against the Covid-19 pandemic. At this point, the ransomware appears to be spreading primarily via emails – often falsely claiming to contain information or advice regarding the coronavirus from a government agency, which encourages the recipient to click on an infected link or attachment. Source: Computer Weekly

Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. Attacks began last month, in March, and are believed to be related to the current coronavirus (COVID-19) outbreak. Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide remote access to enterprise and government networks. Source: ZD Net

    A phishing campaign using Office 365 voicemail lures to trick them into visiting landing pages designed to steal their personal information or infect their computers with malware. The phishing emails delivered by the operators behind this series of attacks use the old trick of reversing some of the text elements in the source code and rendering forward within the email displayed to the target, with a twist: this time it involves using Cascading...

Microsoft has started notifying hospitals vulnerable to known threats, the company announced in a blog post earlier this week. Hospitals and other healthcare institutions around the world are being pushed to their limits thanks to the coronavirus outbreak, and hackers are using it as an opportunity to compromise their networks, steal money and data, and wreak havoc in the process. Some of the vulnerabilities are relatively known, at least to Microsoft. The company knows that...

  Led by Noam Rotem and Ran Locar, vpnMentor’s research team of ethical hackers, recently discovered a data leak by the popular app Key Ring, that compromised the privacy and security of their 14 million users. Key Ring allows users to upload scans and photos of membership and loyalty cards onto a digital folder on one’s phone. However, many users also use it to store copies of IDs, driver licenses, credit cards, and more. Source:...