Cyber Bites

Numerous members of the cryptocurrency community have been hit by SIM swapping attacks over the past week, ZDNethas learned, in what appears to be a coordinated wave of attacks. SIM swapping, also known as SIM jacking, is a type of ATO (account take over) attack during which a malicious threat actor uses various techniques (usually social engineering) to transfers a victim's phone number to their own SIM card. The purpose of this attack is so...

Yesterday the U.S. State Department began implementing its requirement that nearly all U.S. visa applicants submit their social media usernames, previous email addresses and phone numbers as part of the application process. The new requirement, which could affect up to 15 million would-be ravelled to the U.S., is part of a broad expansion of enhanced screening under the Trump administration. First proposed in March 2018, the State Department only just updated the application forms to...

Smart TVs selling under SUPRA brand-name have been found vulnerable to an unpatched remote file inclusion vulnerability that could allow WiFi attackers to broadcast fake videos to the television screen without any authentication with the television. SUPRA is a lesser-known Russia electronics brand on the Internet that manufactures several affordable audio-video equipments, household appliances and car electronics, most of which are being distributed through Russian, Chinese, Russian and UAE-based e-commerce websites. Discovered by Dhiraj Mishra...

A new phishing campaign is underway that pretends to be a list undelivered email being held for you on your Outlook Web Mail service. Users are then prompted to decide what they wish to do with each mail, with the respective links leading to a fake login form. This campaign is just as interesting as it uses the subject line of "Notifications | undelivered emails to your inbox" and pretends to be a list of...

Standard security practices among IT companies do not necessarily carry over to the IT departments of other firms, leading to products sold without basic security measures in place. Vulnerabilities discovered in industrial equipment increased 30% in 2018, according to security research firm Positive Technologies, which announced Thursday the discovery of vulnerabilities in APROL industrial process automation systems made by B&R Automation. Source: Techrepublic

US government workers may be placing America's national security at risk as there is no official policy banning them from running their smartphones' personal and official internet traffic through untrustworthy foreign-hosted VPN services. Source: The Register

Oman continues to live up to its reputation as a regional cybersecurity heavyweight, after it was revealed that the country thwarted more than 2.6 billion malicious attempts to access its public and private systems in 2018 – at least three times as many as in 2017. Source: The Daily Swig

British universities are facing a barrage of cyber attacks as hackers attempt to steal government-funded scientific, medical and defence research. A survey of senior IT leaders at 68 universities found that 24 per cent believed their security and defence research had been infiltrated, while 53 per cent said they feared they had been subject to a cyber attack carried out by foreign hackers. Source: New Statesman

Canadian government regulators are using the country’s powerful new anti-spam law to pursue hefty fines of up to a million dollars against Canadian citizens suspected of helping to spread malicious software. Source: Krebs on Security

A research project called PhishFarm suggests otherwise, claiming that mobile browsers protected by Google’s anti-phishing mechanism failed to detect any phishing sites between mid-2017 and late 2018. Source: NakedSecurity