Cyber Bites

An elusive hacking operation is using a previously unreported backdoor in a malware campaign targeting diplomats and government departments around the world. The Ke3chang advanced persistent threat group is thought to operate out of China and has conducted cyber-espionage campaigns using remote access trojans and other malware since at least 2010. Now cybersecurity researchers at ESET have identified new attacks by Ke3chang - also known as APT 15 -which use an updated version of their Ketrican malware, alongside...

You can’t spend hours combing through archives of breached data to see if your login credentials were leaked, so Mozilla’s rebranded in-browser password manager, Lockwise, will soon notify users if their saved usernames or passwords were exposed in a data breach, and recommend that they change them. Mozilla’s feature, pointed out by TechDow based on Mozilla bug reports, is already available through third-party password managers like 1Password, but is being introduced as part of Mozilla’s Lockwise service that’s integrated right into...

The older people’s charity Independent Age has had a data security breach that resulted in personal information, including the bank details and salaries of almost all of its staff, being sent to a former colleague. Third Sector understands that the breach was on 11 June and consisted of personal information for the charity’s staff being accidentally disclosed to a former employee while complying with a subject access request. Details passed on included employees’ names, dates of birth, addresses,...

More than half of Manx people risk falling foul of online scams after admitting they use the same password for several accounts, a survey has found. Nearly all respondents said they had received a fraudulent email, while only two thirds were confident in their online security. The poll also found almost 40% did not know how to report a cyber-crime. The statistics were based on the responses of more than 600 people. The government survey...

In March 2015, the business messaging service and enterprise communications hub, Slack, was breached and a database of usernames and passwords compromised. The attackers were able to insert code to log passwords in plain text as they were typed. Unsurprisingly, Slack was quick to reset passwords of users that were confirmed to have been impacted by the ensuing investigation. A little more surprising, however, is the confirmation that Slack is now resetting passwords for another...

Another clinical lab ensnared in the AMCA data breach has come forward. Clinical Pathology Laboratories (CPL) says 2.2 million patients may have had their names, addresses, phone numbers, dates of birth, dates of service, balance information and treatment provider information stolen in the previously reported breach. Another 34,500 patients had their credit card or banking information compromised. The breach was limited to U.S. residents, the company said. Source: TechCrunch

Tampa-based community radio station WMNF 88.5-FM is stepping up cybersecurity after its computer systems were hobbled by ransom-seeking hackers last month. Interim general manager Cindy Reichard said the ordeal began June 18 when a programmer noticed a computer in one of the studios was acting strangely. The station then received a digital message: Your files have been encrypted. Pay us, and you can have them back. Source: Tampa Bay

FaceApp, the latest viral challenge, is keeping the selfies of its users, according to its privacy policy. The app, which encourages users to age themselves after uploading pictures, was developed by a group in St Petersburg, Russia. The trend has since amassed millions of users across the world. But following security concerns, politicians have been warned not to use the app. According to USA TODAY, the app’s privacy policy states it collects the pictures uploaded...

Lenovo has confirmed that a "high severity" security vulnerability has left users of specific network-attached storage devices with data exposed to anyone who went looking for it. How much data? How does at least 36TB grab you? That's the number that the security researchers who uncovered the vulnerability in the Lenovo-EMC storage products put on the data leak at the time of the discovery. According to the Vertical Structure report, security researchers found "about 13,000 spreadsheet...

An overwhelming majority of cyber security professionals (93%) say they are moderately to highly concerned about public cloud security, a survey reveals. Only 3% of respondents said they were not concerned, while 4% said they were slightly concerned. While 18% said they were moderately concerned, roughly the same proportion said they were “very concerned” (37%) or “extremely concerned” (38%), according to a poll by Synopsys of 400,000 members of the Cybersecurity Insiders information security community. Source: Computer Weekly