Cyber Bites

As if times weren't hard enough for the travel industry, BleepingComputer revealed that the cruise line operator Carnival Corporation has disclosed that one of their brands suffered a ransomware attack over the past weekend. When it comes to passenger travel, data breaches and ransomware can be especially catastrophic. Biographical information, travel details and potentially passport information are like gold dust on the black market. Perhaps this is why airlines, hotels and cruise operators are so...

According to BleepingComputer, the Office of the Chief Information Office of Government of Canada has admitted that its online portal, GCKey, had fallen victim to a cyberattack. This portal allows the public to gain access to numerous government services, not least services for immigration, taxes, benefits. The attack was supposedly an attempt to steal COVID-19 relief payments. Through 'credential stuffing', 9,041 GCKey out of 12 million accounts were accessed by hackers.  

At the end of July, Konica Minolta, the business technology giant, fell victim to a ransomware attack that interrupted its operations for close to a week, shares BleepingComputer. The multinational corporation made over $9 billion in revenue in 2019 and has nearly 44,000 employees, offering various services and products - including healthcare technology and printing solutions. Their website first displayed a message indicating that the site was not accessible on the 30th of July, before...

The South African financial services group, Momentum Metropolitan, has suffered a cyberattack last Thursday, according to Business Insider. Data from one of its subsidiaries has now been accessed by hackers but, investigations suggest that client information has not been stolen.  “Information accessed contains administrative and financial data that is not expected to prejudice any stakeholders of the Group,” the company said. The company is said to have their IT teams working around the clock to...

CI Security has released today its healthcare data breach report, which analysed data from the US Department of Health and Human Services (HHS). The analysis found that healthcare breach reports in the first half of this year were down 10.4% compared to the second half of 2019, with the number of breached records falling by nearly 83%. Cybersecurity experts were rather skeptic of the figure, and rather than rejoicing at cybercriminals having taken a break from...

It was reported this week by Naked Security that Linux systems are affected by a vulnerability that can render those Linux servers unbootable. BootHole leverages a vulnerability in both GRUB2 and Secure Boot, explains TechRepublic. To make BootHole a bit more daunting, it's actually a really easy hack to pull off. The only thing blocking ne'er do wells from making it happen is having remote access to the server. Once inside, however, all an attacker...

Security researchers at Check Point have discovered the Amazon Alexa assistant can be hacked to make it hand over sensitive data including voice recordings due to flaws within the services subdomains. The researchers explained that these critical issues could occur because the services subdomains are prone to Cross-Origin Resource Sharing (CORS) misconfiguration and cross-site scripting (XSS) attacks.   If exposed, a hacker would have the ability to:   These vulnerabilities would have allowed an attacker...

Cybercriminals have infiltrated a Gun Exchange in Utah, US and released highly sensitive information on a cybercrime forum. It is estimated that records over 200,000 user records were stolen from a variety of linked sites which include 195,000 user records for the utahgunexchange.com, 45,000 records for their video site, 15,000 records from the hunting site muleyfreak.com, and 24,000 user records from the Kratom site deepjunglekratom.com. After further analysis of the database, which was stored on...

Some Google Chrome users can expect a big change in how the browser displays URLs as the company tests out how domain names are seen in a bid to thwart online scams. The test is expected on Chrome 86 which is slated for release at the end of August. The experiment will involve some “randomly assigned” users of Chrome 86 who will have the choice to choose when to view a full URL or when...

Ethical hackers have discovered 350 million exposed email addresses on an unsecured server which were likely to have either been stolen or acquired back in October 2018.   The find was made after the CyberNews threat researchers came across an unprotected depository (also known as a bucket) on an Amazon S3 server which is said to have been left online for 18 months and available to view or download before it was taken down in...