Cyber Bites

Nearly half of firms aren't reporting data breaches, which is a problem since GDPR demands businesses who suffered a breach to report it within 72 hours. However, new figures from cybersecurity firm CrowdStrike suggest many British firms aren’t reporting data breaches in a timely manner, as is required per General Data Protection Regulation (GDPR). Crowdstrike polled 500 decision-makers from the UK and found that less than half (42 percent) of those that had fallen victim...

According to Bleeping Computer, VMware is warning of a critical bug affecting all vCenter Server installs and the company is urging its customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in that impacts all vCenter Server deployments. "These updates fix a critical security vulnerability, and it needs to be considered at once," said Bob Plankers, Technical Marketing Architect at VMware. "This vulnerability can be used by anyone...

In the aftermath of the Colonial Pipeline attack, global IT association and learning community ISACA polled more than 1,200 members in the United States and found that 84 percent of respondents believe ransomware attacks will become more prevalent in the second half of 2021. According to the report, the severe disruptions caused by these attacks has been noted by organisations, along with the requirement to bolster defences against cyberattacks. In fact, over two-thirds are set to...

Bleeping Computer has reported that audio maker Bose disclosed a data breach after ransomware attack that hit the company's systems in early March. A breach notification letter filed with New Hampshire's Office of the Attorney General by Bose stated the company "experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across" its "environment."   Trevor Morgan, product manager at Comforte AG, said: "In ransomware attacks like the one affecting Bose in March, we...

The EU’s General Data Protection Regulation (GDPR) turns three today and since its launch in 2019, hundreds of millions of euros worth of fines have been handed out to companies of the likes of British Airways, Marriott International Hotels, and even Google. But not everyone thinks this piece of legislation is living up to the hype. Access Now’s new report, Three years under the GDPR: An implementation progress report, explores just how far this legislation...

Apple has released its macOS Big Sur 11.4 that expands support for external GPUs, fixes bugs in Safari and more. In addition, this update also makes the system more secure by patching an exploit that let sneaky malware take screenshots without the user being aware.  Jamf, an Apple-focused mobile device management company, reported that the XCSSET malware was using an exploit to take screenshots of Mac computers without asking for any permission. The malware targets...

City police opened 50 per cent more Covid loan fraud probes in February, according to a City AM report. It noted that the City of London police had begun more investigations into fraud connected to the government’s Bounce Back Loan scheme (BBLs) in February than the prior month. In fact, police opened 26 fraud probes in relations to BBLs in February, up from 17 in January, and a further 28 in March- according to international...

Tech Crunch has reported that a recently found Air India passenger data breach indicates that the SITA hack is worse than first anticipated. Three months after air transport data giant SITA reported its own data breach, the damage is still mounting. Air India said this week that personal data of about 4.5 million passengers had been compromised following the security incident at SITA, the data processor for the airline. The stolen information included passengers’ name,...

A pair of TPG TrustedCloud customers were breached, ZDNet reported. The telco said two customers on the legacy TrustedCloud hosting service were breached in a recent security incident that it announced on Monday morning. The company added that it did not believe any other customers were impacted by the breach. "The incident was isolated to the TrustedCloud service. The TrustedCloud service is hosted in a standalone environment that is separate from our telecommunications networks and...

Eufy warned its customers this week after discovering an internal server bug that gave strangers the power to access and control private home-video feeds for an entire day. Customers were also given access to do the same to other users. The vulnerability was the result of a planned server upgrade, which accidentally connected Eufy customers with the home-video streams of other customers. Fortunately, the China-based parent company, Anker, managed to patch the vulnerability quickly.