Cyber Bites

  On Tuesday, March 3, the smartphones of tens of millions of Iranian citizens beeped in unison. “Dear compatriots, before going to the hospital or health center, install and use this software to determine if you or your loved ones have been infected with the coronavirus,” said the message, which claimed to come from the Ministry of Health. Source: Vice

The WordPress developer team is working on adding an auto-update mechanism to themes and plugins, a common source of website hacks, primarily because site owners usually install themes and plugins, and then forget to update them. Source: ZD Net

UPDATED A higher education institution in Victoria, Australia, has disclosed a data breach impacting the personal data of around 90,000 staff, students, and suppliers. In a security alert issued yesterday (March 11), Melbourne Polytechnic said Victoria Police had notified them that an individual who attended the campus in late 2018 had “obtained unauthorised access to Melbourne Polytechnic’s computer systems by hard logging onto the network; overcoming security measures”. Source: Portswigger

Open Exchange Rates has announced a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. Open Exchange Rates provides an API that allows organizations to query real-time and historical exchange rates for over 200 world currencies. The service's web site states that their API is used by companies such as Etsy, Shopify, Coinbase, Kickstarter, and more. Source: Bleeping Computer

The US is at risk of a "catastrophic cyber attack" and the government needs to adopt sweeping structural changes to address cyber security challenges, according to a report from the US Cyberspace Solarium Commission following a year-long investigation. "Our country is at risk, not only from a catastrophic cyber attack but from millions of daily intrusions disrupting everything from financial transactions to the inner workings of our electoral system" the report warns . Source: Computing.com

 People copy all sorts of information to their clipboard. It's something that we've been doing for decades, and it's a practice that's deeply ingrained. While most of that information is likely to be mundane and boring, there are times when we copy important information, such as passwords, telephone numbers, or financial details. When it comes to iOS and iPadOS, Apple has given apps unrestricted access to the system clipboard -- called Pasteboard on the iPhone...

While ransomware is a serious problem, it is also one that can be handled with proper preparation. An organization that fully backs up its systems at regular intervals can usually avoid a payment simply by restoring files. Cyber crime is a world of constant adaptation and escalation, however, and there has been a dangerous mutation. The new DoppelPaymer ransomware doesn’t just lock up data, but also threatens to post the victim’s data to a public...

  Nearly 76,000 unique fingerprints were exposed online in an unprotected database bellowing to a Brazilian firm that develops fingerprint identification systems for corporations. Also in the bucket were email addresses and telephone numbers of the employees whose prints were being stored by the company Anteus Tecnolgia. The fingerprint data included ridge bifurcation and ridge ending data, both of which describe characteristics used to tell fingerprints apart. Source: Daily Mail

  Aviation giant Cathay Pacific has been slapped with a US$650,000 fine by the UK’s Information Commissioner’s Office (ICO) for failing to protect customer personal data. According to a statement issued by the regulator, approximately 9.4 million customers had their personal data compromised. The breach encompasses, in varying quantities, details such as names, nationalities, passport details, and historical travel information. Source: Tech Wire Asia

  Security researchers have uncovered a new phishing scam which lures users into opening a malicious Excel document by pretending to offer their HIV test results. Phishing campaigns have seen a huge increase over the past year as the scammers behind them have begun employing new tactics to trick users into falling for their schemes. Source: TechRadar