The Open Rights Group (ORG) have accused England's test and trace programme of breaking a key data protection law since it launched on the 28th of May. The system asks individuals to share sensitive data including name, date of birth, postcode, who they live with, where they have recently visited as well as the name and details of those they have been in close contact with. Nevertheless, the government has maintained that there is no...
Read more
According to WizCase, a VPN comparison site, four misconfigured and unencrypted AWS S3 buckets, as well as an unsecured Elasticsearch server, led to the exposure of almost a million online student records. This includes the personal information of children, their parents and teachers. Full names, home addresses, emails, phone numbers, date of birth etc. were all revealed, putting these e-learners at risk of identity fraud, phishing, and even stalking. Source: Infosecurity Magazine
Read more
Data from twenty enterprise customers of the French telecommunications company, Orange, have been exposed following a ransomware attack on the 15th of July. The operators behind this Nefilim ransomware supposedly breached the company through their "Orange Business Solutions" division. This division offers business remote support, virtual workstations, system security as well as cloud backups. Source: Bleeping Computer
Read more
According to an advisory issued by the National Cyber Security Centre (NCSC) and counterparts in Canada and America, Russian state-sponsored hackers, APT29 or Cozy Bear, have been attacking organisations working towards a coronavirus vaccine. The campaign has been targeting government agencies, diplomatic bodies, healthcare organisations, thinktanks and the energy sector looking to steal intellectual property. Source: Computer Weekly
Read more
Armorblox researchers have recently noted a number of campaigns utilising Amazon as a means of lifting credentials and personal information. This is in light of a growing dependence on the e-commerce giant during COVID-19. With many expecting to receive deliveries, one campaign takes advantage through counterfeit notices of a failed delivery attempt. Another campaign utilises voice phishing, or vishing. Source: Threatpost
Read more
Private hacker forums have typically been exclusive to only elite, and highly-skilled cybercriminals. In order to gain access to such forums. Members have to undergo a "rigorous application and interview process," said researchers. However, a report recently published by Digital Shadows has found that the forum, CryptBB has become increasingly inclusive. Less-experienced hackers are now being invited to learn from the experts and hone their expertise. Source: Threatpost
Read more
The latest clash between Facebook (FB.O) and Austrian privacy activist Max Schrems could disrupt hundreds of thousands of companies as Europe’s top court rules on Thursday on the legality of tools companies use to transfer Europeans’ data around the world. At stake are standard contractual clauses used by Facebook, banks, industrial giants, carmakers and others to transfer personal data to the United States and other parts of the world for services ranging from cloud infrastructure,...
Read more
A new malware family has been linked to the threat group behind Trickbot, a popular information-stealing Trojan. The Cybereason Nocturnus research team said that since April this year, the backdoor has been used in attacks against organisations across the US and Europe. In particular, organisations in the healthcare, IT, manufacturing, logistics, and travel industries are at risk. The cybersecurity researchers documented how the first variants of the malware appeared in the wild during April, but...
Read more
Billionaires Jeff Bezos, Bill Gates and Elon Musk amongst other prominent US figures have been targeted by hackers on Twitter in an apparent Bitcoin scam. The official accounts of Joe Biden, Barack Obama and Kanye West were also reportedly hacked to request donations in the cryptocurrency. "Everyone is asking me to give back," a tweet from Bill Gates' account read. "You send $1,000, I send you back $2,000." Source: BBC
Read more
The impacted products include routers, IP cameras, DVRs, and smart TVs. Nearly four years after Mirai first demonstrated how ordinary Internet-connected devices could be turned into remotely controlled attack systems, variants of the malware continue to surface with troubling regularity. This week, researchers from Trend Micro discovered a brand-new Mirai variant designed to exploit a set of previously disclosed vulnerabilities in routers, IP cameras, DVRs, and other products from multiple vendors, including Comtrend, D-Link, MV...
Read more