Cyber Bites

Microsoft announced last week that it will make generally available a feature dubbed "Autopatch" included in Windows Enterprise E3 in July 2022. Lior Bela, senior product marketing manager at Microsoft, said in a post last week: "This service will keep Windows and Office software on enrolled endpoints up-to-date automatically, at no additional cost. The second Tuesday of every month will be 'just another Tuesday." The feature is currently set to work with all supported versions...

Salt Labs has uncovered a Server-Side-Request Forgery on a major FinTech platform, enabling an administrative account takeover. Researchers identified API vulnerabilities allowing them to launch attacks where:  Attackers could gain administrative access to the banking platform Attackers could leak users’ personal data  Attackers could access users’ banking details and financial transactions Attackers could perform unauthorised funds transfers into their own bank accounts  This discovery is especially concerning as FinTech platforms are near-irresistible targets for threat...

A new study from Vectra AI has revealed that half of UK cybersecurity leaders consider leaving their jobs due to the pressure they face at work. The security vendor polled 200 security chiefs in the UK in order to better understand the emerging industry health crisis. The study revealed that two out of five security leaders had been forced to seek help as a result of work-related stresses including panic attacks, high blood pressure and...

Gazprom Neft, the oil arm of Russian state gas company Gazprom, has allegedly suffered a hack on Wednesday bringing down its website. A statement allegedly from Gazprom CEO Alexie Miller was displayed on the website, appearing to criticise Russia's invasion of Ukraine. Miller is a close friend of President Vladimir Putin. The website went down soon afterward. “The information published on the site on the morning of April 6 ... is not true and cannot...

Researchers have claimed that a misconfiguration has exposed millions of internal records, including employees' personally identifiable information, belonging to Fox News. The exposure was discovered by a team at Website Planet led by Jeremiah Fowler, who claimed that theoretically, anyone with an internet connection could have found the 58GB of internal records, which was left open with no password protection. The data trove contained almost 13 million records of content management data, including an unspecified...

Zoom has awarded researchers $1.8 million in bug bounties over 2021, and $2.4 million since the programs launch. Bug bounties have emerged as a popular cybersecurity method recently, amidst the industry's skill shortage. Estimates suggest that there will be roughly 3.5 million unfilled job openings by 2025 in the US alone. Zoom has experienced a huge rise in popularity in recent years, as COVID-19 forced many employees into a work-from-home or hybrid working environment. An...

Electric vehicle owners in the Isle of Wight, UK, were surprised yesterday when public charging points displayed pornography. Service screens at the council-owned car parks across Quay Road, Cross Street, Cowes and Moa Place, Freshwater were supposed to display the council website, but hackers changed several of them to show explicit images. The Isle of Wight County Press first reported the incident, after being notified by its readers. A council spokesman has made a statement...

Cash App, a popular stock trading app, has suffered a data breach impacting up to 8.2 million former and current users. It has been reported that the breach was caused by a former employee illegitimately accessing customer information. Block, Cash App's owner, notified the Security and Exchange Commission (SEC) of the breach on Monday. The filing reported that a former employee downloaded investing reports containing information belonging to US customers, including full names, brokerage account numbers,...

The Hydra Market, a Russian-language darknet marketplace formerly specialising in the sale of illicit drugs, forged documents, intercepted data and illegal digital service, has been shut down by German Federal police. Working in conjunction with the United States Justice Department, authorities closed German servers of the marketplace on Tuesday, seizing $25m in Bitcoin of alleged dirty money. Prosecutors in Frankfurt have said that Hydra, active since 2015, was the largest darknet market in the world...

The Works has reported that five of its 526 shops were forced to close last week as hackers gained access to its computer systems and caused issues with its tills. While customers are experiencing longer delivery times for online orders, the company has said that no shoppers' payment details had been compromised. The Works said in a statement: "Customers can continue to shop safely at The Works, both in store and online." All debit and...