News

Threat researchers at Lookout have discovered more than 300 loan apps that exhibit predatory behavior, such as exfiltrating excessive user data and harassing borrowers for payment in both Google Play and the Apple App Store. The apps, which were found across countries in Africa, Southeast Asia and South America, including India, Colombia, Nigeria and Mexico, purportedly offer quick, fully-digital loan approvals with reasonable loan terms. The research revealed 251 were Android and 35 iOS lending apps were...

KnowBe4 has announced that its new SecurityCoach product now integrates with Netskope. The two security organisations have collaborated together to help reduce risky behaviour with product integration to support real-time security coaching of users. SecurityCoach helps IT/security professionals to develop a strong security culture by enabling real-time security coaching of their users in response to risky security behaviour. Leveraging an organisation’s existing security stack, security teams and administrators can configure their real-time coaching campaigns to...

Since 2014, the US government has suffered 822 breaches affecting nearly 175 million records. Based on the average cost per breached record (as reported by IBM each year), Comparitech estimate these breaches have cost government entities over $26 billion from 2014 to October 2022. In 2018 and 2019, the number of government breaches hit an all-time high with 116 and 118 breaches respectively. In 2020, breaches decreased to 107 before increasing again to 116 in...

It has been reported that a credential phishing attack targeted 22,000 students at national educational institutions through a campaign where hackers impersonated Instagram. The advisory was highlighted by security experts at Armorblox in an advisory released on the 17th November 2022. The advisory says: "The subject of this email encouraged victims to open the message... The goal of this subject was to induce a sense of urgency in the victims, making it seem an action...

With the 2022 Qatar World Cup now underway, Specops Software, a leading provider of password management and user authentication solutions, has today released its findings which observed the commonality of passwords that contained a likely player, country or World Cup-related term within a password. According to the research by Specops, which analysed over 800 million compromised passwords (a subset of a larger list included within its Breached Password Protection list of over 3 billion passwords), it was found ‘Kane’, possibly in reference to England forward Harry Kane, was third in the list of most popular names. In total, Kane appeared within breached password lists over 133,000 times. Digging deeper into...

Today, Comparitech released the results of its most recent study, looking at the true cost of ransomware on healthcare organisations around the world. It found that, since 2018, there have been 500 publicly-confirmed ransomware attacks; and this excludes those that may have not been disclosed at all. In total, these have crippled nearly 13,000 separate facilities and have impacted almost 49 million patient records. As such, Comparitech was able to estimate that these attacks exceed...

Obrela Security Industries recently launched their H1 2022 Digital Universe Study, which provides detailed insight into this year’s security and threat landscape. The results provide a ‘funnel’ view of real-time visibility data, and allow organisations to gain a better understanding of how threats are security are developing, and how they can better protect themselves.   To put together this report, Obrela collected and analysed 1 PBs of logs as well as 100,000 devices. In this time,...

Late Monday night, the popular file-hosting site Dropbox announced that it suffered a phishing attack. While no content, passwords or payment information was accessed, the hacker did "successfully access some of the code store in GitHub".  The company revealed that on October 14, they became aware that an attacker stole employee credentials, using them to access source code containing "primarily, API keys - used by Dropbox developers". While it's currently unclear what those API keys...

Earlier today it was reported that former UK Prime Minister Liz Truss’s personal phone was hacked earlier this year by suspected foreign agents, putting national security at risk, according to a new report on Sunday. Further to this, unnamed “security sources” told the Mail on Sunday that the incident was discovered during the Conservative Party leadership contest over the summer, causing Truss sleepless nights as she worried it may impact her chances of winning. In addition,...

Earlier today, the the world’s second largest copper producer has been hit by a cyber-attack which forced IT systems offline. Further to this, Hamburg-headquartered Aurubis revealed in a brief statement that the attack struck on Friday evening. “This was apparently part of a larger attack on the metals and mining industry,” it said. “As a result, numerous systems at Aurubis sites had to be shut down and disconnected from the internet as a preventive measure.” At...