Cyber Bites

A French security researcher, Wassime Bouimadaghene, has discovered a critical vulnerability in Grindr, which enables hackers to easily highjack users accounts by using the victim's email. The vulnerability takes advantage of the 'forgotten password' feature on the app. This token allows hackers to easily change the password of an account and highjack it.  This method is “one of the most basic account takeover techniques” according to one of the researchers who discovered the vulnerability. Wassime...

The Facebook security team have revealed more information about one of the most advanced malware attacks on the social media site at the Virus Bulletin 2020 security conference yesterday. The malware gang, known as SilentFade are based in China and were active between late 2018 and February 2019, when Facebook put an end to their attacks. Despite their intervention, the gang still managed to defraud users of over $4 million. The group used a combination...

In an oversight report published yesterday, investigators at the UK Huawei Cyber Security Evaluation Centre (HCSEC) found a significant vulnerability that would have national implications. These issues were so severe that they were withheld from the company. These vulnerabilities are typically design-related failures that would allow certain actors, such as the Chinese government to carry out a cyberattack. The National Cyber Security Centre (NCSC) has stated that it doesn't believe these vulnerabilities are a result...

The health insurance company behind Blue Cross-Blue Shield, Anthem, will pay almost $40 million in order to settle a cyberattack from 2015 which compromised the personal information of around 79 million people, according to officials. On Wednesday the health insurance company announced that they have agreed to pay $39.5 million in order to settle an investigation by a number of state attorneys general. This was the last open investigation into the cybersecurity attack from 2015....

Microsoft Outlook was down for four hours worldwide, with Outlook.com, as well as the Outlook desktop and mobile applications all being affected. The outage began at 2 AM ET, with some users still struggling to load or access their emails worldwide. Microsoft published a support update which said, “we’re collecting additional data from the affected infrastructure to aid in our investigation to determine the cause of impact.” It appears that the outage may be due...

Amazon has announced the launch of their new payment system, Amazon One, for use in shops which processes secure payments through the wave of a hand. The scanners work by registering an image of a user's palm when they hover their hand in-mid air for a few seconds. The scanners will be trialled in two of Amazon's physical Seattle stores where Amazon already use a check-out free system. Amazon is already in conversation with other...

Twitter has hired a new CISO, Rinki Sethi, following their very high profile breach back in July. The breach saw hackers targeting the company's internal admin tools, allowing hackers access to high profile accounts, spreading cryptocurrency scams. Sethi has a long history working in cybersecurity with previous employers including IBM, Palo Alto Networks and Rubrik. Twitter hasn't had an active CISO since last December when Mike Convertino left to join Arceo. https://techcrunch.com/2020/09/30/twitter-ciso-rinki-sethi/

As some of you may be aware, October is European Cybersecurity Month. Although more and more people are becoming aware of how cyber secure their technology is, more work needs to be done. According to research from ESET of 2,000 Brits, 31% of them remain unconcerned by cybersecurity. There is no better time than now to raise more awareness about cybersecurity and how important it is in protecting our assets. Particularly now, as more of...

Microsoft had released its Digital Defence Report detailing how cybercriminals are becoming more sophisticated in how they carry out their attacks. Looking at data from the past year, the report shows how these attacks are becoming harder to spot, meaning they are targeting even the savviest of people. What's more, the report shows that ransomware was the most common incident response engagement from October 2019 to July this year. In total, a staggering 13 billion...

After the detection of an attack on the weekend, Swatch has shut down some of their technology systems, affecting some of their operations. The shutdown was carried out on a precautionary basis to ensure no further damage was done.  Swatch has stated that they hope their services will resume to normal soon. https://www.itnews.com.au/news/swatch-shuts-down-some-technology-systems-after-cyber-attack-554090