Cyber Bites

The FBI's cyber division has published a Private Industry Notification warning colleges and universities in the US that higher education credentials are up for sale on the dark web. FBI data suggests that from January 2022, Russian cyber-criminal forums advertised access to credentials from universities and colleges across the US, for prices as high as thousands of dollars. The document also reveals that in May 2021, over 36,000 email and password combinations (it's unknown how...

Remote mobile payments authenticated by biometrics are predicted to reach $1.2 trillion by 2027, according to a new study. In its paper Mobile Payment Biometrics: Key Opportunities, Regional Analysis & Market Forecasts 2022-2027 , Juniper Research has predicted a 365% rise in the value of biometric payments over the next five years. The current value is $332bn. Solutions such as Apple Pay are likely to be a key driver of said growth, alongside the introduction of Strong...

More than 75 vulnerabilities have been added to the Cybersecurity and Infrastructure Security Agency's (CISA)Known Exploited Vulnerabilities Catalogue. Cisco, Microsoft, Adobe, Oracle, Linux vulnerabilities are listed. If an attacker was to exploit these vulnerabilities, they could take control of impacted systems. A considerable number of vulnerabilities were older, ranging from 2010 to 2019, but one more notable vulnerability was a Cisco IOS XR Open Port Vulnerability CVE-2022-20821. “A vulnerability in the health check RPM of Cisco...

Students around the world who were required to use government-endorsed education technology (ed tech) throughout the pandemic had their contact, keystroke and location data plundered and sold to advertising tech companies, according to the Human Rights Watch (HRW).  A staggering 146 out of 164 government-endorsed ed tech products jeopardised children's privacy, with 199 third-party companies receiving personal data, the HRW reported. Out of these, only 35 endorsed vendors disclosed that user data would be collected...

The past two years have seen the energy industry suffer multiple major security breaches, highlighting the need for a collaborative effort in response. During the World Economic Forum (WEF) Annual Meeting 2022, 18 corporations announced their pledge to cooperate on a dedicated solution to strengthen infrastructure across the industry ecosystem. The Cyber Resilience Pledge, according to its website, aims to “mobilize global commitment towards strengthening cyber resilience across industry ecosystems.” “First endorsed by key CEOs...

Crossword Cybersecurity Plc has released a report highlighting anxieties surrounding security strategies soon growing outdated. Over 200 CISOS and senior cybersecurity professionals were surveyed. Key findings include: 40% of respondents expect their current cybersecurity strategy be outdated in the next two years. A further 37% expected their current cybersecurity strategy be outdated in the next three years 61.4% were "fairly confident" in their ability to prevent cyber attacks 44% said they had the means necessary...

Insider threats were responsible for 68% of data breaches at UK law firms, according to new research from the Information Commissioner’s Office (ICO). ICO Data from Q3 2021 was analysed by NetDocuments found that only 32% of breaches in the legal sector were caused by outside threats. Other key findings include: 54% of data breaches were due to human error 52% of breaches occurred from employees sharing data with the wrong person 10% of incidents...

DuckDuckGo, a privacy focused web browser, has come under fire for allowing Microsoft trackers on third-party sites as part of their syndicated search content contract with the company. The search engine takes pride in not tracking user searches or behaviour, and not building user profiles to display targeting advertising, instead using contextual advertisements from their partners. While DuckDuckGo does not store personal identifiers, Microsoft advertising can track your IP address, among other information, when clicking...

A new report from the United States Senate Committee on Homeland Security & Governmental Affairs has revealed that the US government lacks comprehensive data on ransomware attacks. Notably, the report shows that authorities are largely in the dark as to how much is lost in ransom payments. The report is the culmination of a 10-month investigation into ransomware. It cites FBI statistics that reveal the agency received 3729 ransomware complaints with relative losses upwards of $49.2m. The...

US automobile behemoth General Motors (GM) has confirmed that it suffered a credential stuffing attack last month. GM said that it detected malicious login activity between April 11-29 2022, resulting in the exposure of customer information and allowing hackers to redeem gift card reward points. GM sent a data breach notification to affected customers, saying: "We are writing to follow-up on our email to you, advising you of a data incident involving the identification of...