Cyber Bites

Mike McGuire a senior lecturer in criminology at the University of Surrey has conducted a study, called Nation States, Cyberconflict and the Web of Profit using publicly available reports into state-sponsored attacks along with interviews with various experts. The study reveals that the world is coming increasingly close to nation state retaliating against cyber-attacks with violence. In his report, McGuire reveals that there has been a 100% increase in "significant" state-backed attacks over the past...

Analysts stumbled across a scraped data set from LinkedIn, in which the data from over half a billion users is being sold online. This marks the second major cybersecurity incident in the past week. The information scraped includes the full names, email addresses, phone numbers, professional titles and other work-related data. CyberNews analysts have been able to confirm that the data found on the online forum for hackers can be associated with LinkedIn user accounts,...

Have I been Pwned reported that the data breach exposed users' email addresses, hashed passwords, usernames, and IP addresses. Of the 500,000 users of the hacking forum, 297,744 have been affected; however, the forum operators have not yet notified their users. The founder of Have I Been Pwned has confirmed the authenticity of the stolen data. Troy Hunt stated that the carding site recognised the leaked email addresses through the "forgot password" feature. It failed,...

VISA has issued a warning about the increase of web shells being used by threat actors to steal credit card details. VISA has seen a rise in the number of threat actors using web shells on compromised servers in order to extract credit card details stolen from customers making payments online. VISA has said that in the last year they have seen growing trends in web shell usage, especially for web skimming attacks where the...

In March a number of European Union organisations, including the European Commission, were hit by a cyber-attack. A spokesperson from the European Commission has revealed that the incident, thought to have taken place last week, impacted the IT infrastructure of several EU institutions. The spokesperson told BleepingComputer, "we are working closely with CERT-EU, the Computer Emergency Response Team for all EU institutions, bodies and agencies and the vendor of the affected IT solution."  They also...

Active cyberattacks have been reported on known security vulnerabilities in widely deployed SAP applications, giving the attackers access for full take over and the ability to infest an organisation completely. Researchers warn that these attacks could lead to full control of unsecured SAP applications. An alert issued by SAP informs that threat actors are carrying out various attacks, which include the theft of sensitive data, financial fraud, disruption of mission-critical business processes among other operational...

A zero-click vulnerability has been discovered in Apple's macOS Mail which allows attackers to take over a users account by adding or modifying any arbitrary file in Apple Mail’s sandbox environment. The bug known as CVE-2020-9922 can be exploited by sending an email with two .ZIP files attached. Once a user has received these emails Apple's Mail app will parse it to find any attachments which have x-mac-auto-archive=yes in the header, and automatically unpack the...

A number of US agencies, such as the Federal Bureau of Investigations (FBI) and the Infrastructure Security Agency (CISA), have issued a joint warning that advanced persistent threat (APT) groups are exploiting vulnerabilities found in Fortinet FortiOS. The groups are exploiting the vulnerabilities in order to compromise both government and commercial organisations using the software. The alert warned that the cybercriminals have been scanning for systems that have not patched Fortinet FortiOS vulnerabilities. The vulnerabilities...

At the LORCA Live online event, Rob Meyerson, founder and CEO at Delalune Space claimed that the commercial space industry needs support from the cybersecurity sector in order to build trust and resilience. Former employee of NASA and Blue Origin, Meyerson is now focused on investing in new businesses that aim to operate in the space sector. This more recently includes cybersecurity. As a society, we are already reliant on the space industry to run...

Already, DDoS attacks have set a new record and taken the extortion trend that started in August 2020 to the next level. Akamai, an internet security company has already reported the largest known DDoS (RDDoS) attack. The company has said the attack was more complex than previously seen incidents of DDoS attacks. In February of 2021, Akamai dealt with "three of the six biggest volumetric DDoS attacks" that have ever been recorded. The most recent...