Cyber Bites

The U.S. Federal Bureau of Investigation (FBI) has issued a statement about the Mamba ransomware, also known as HDDCryptor, as a weakness has been found in the ransomware's encryption process. This weakness means that organisations targeted by the ransomware can recover from an attack without having to pay the ransom. The weakness has been found in the open-source software solution, called DiskCryptor, that Mamba uses to encrypt victim's computers using a key defined by the attacker....

Two vulnerabilities were discovered across the Legacy Themes and plugins in the popular suite of tools for WordPress websites from the marketing platform Thrive Themes.  The purpose of Thrive Themes is to help WordPress websites "convert visitors into leads and customers." The suite of products affected is called Thrive Suite, in which the Legacy Themes tools are included, along with various other plugins. The flaws discovered could be chained together to allow attackers to upload...

Security engineer Rob Dyke recently reported a data leak to the Apperta Foundation, which is a non-profit, supported by NHS England and NHS Digital. The organisation thanked him for responsible reporting, however later 'thanked him' with legal correspondence and police intervention. Dyke discovered an exposed GitHub repository earlier this month, which was exposing passwords, API keys and sensitive financial records belonging to the Apperta Foundation. The repository had been public since at least 2019. The...

On Wednesday, Facebook revealed that it has blocked a group of hackers based in China, known as Evil Eye or Earth Empusa, from using the platform to spy on Uighurs living abroad. The hackers were using Facebook to trick Uighurs into clicking on links infected with malware which enabled them to spy on the victim's devices. Facebook has said that the hacker group were targetting journalists, activists and dissidents who were predominantly Uighurs. In an...

FatFace, a British fashion retailer, suffered a cyber attack in January which may have resulted in both employees' and customers' data being compromised. Yesterday FatFace sent customers an email informing them that their personal data could have possibly been compromised in the hack. In the email FatFace also asked customers to keep the details of the hack "strictly private and confidential". However, a number of angry customers tweeted about how it took two months for...

The new attacks are part of an ongoing phishing operation, dubbed the "Compact" Campaign, which has been active since early 2020. The campaign, which has already stolen an estimated 400,000 OWA and Office 365 credentials has now begun abusing new legitimate services in an effort to bypass secure email gateways (SEGs). As a result, Microsoft security experts have issues a warning: "Phishers continue to find success in using compromised accounts on email marketing services to...

A California State Controller's Office employee fell for a phishing link, leading to a data breach that resulted in the theft of around 9,000 records. The employee, who worked in the Unclaimed Property division clicked on a phishing link received in an email and then proceeded to enter a user ID and password. This gave an attacker access to the employee login details, and consequently the employee's account, on the 18th and 19th of March....

Deepanshu Kher has been sentenced to two years in prison after hacking into the network of a Carlsbad, California-based firm. The former IT contractor worked for the IT consultancy firm for around 1 year in 2017, helping a client with migration to a Microsoft 365 Office environment. The client was not satisfied with Kher's work, who was fired once this feedback reached the head office. Two months after returning to India, Kher took revenge on...

The Michigan based bank Flagstar, has contacted its customers informing them of a data breach during which hackers accessed their SSNs. The bank finally admitted that the attack resulted in the loss of customers' Social Security Numbers, home addresses, full name and phone numbers - a detail that was not publicly disclosed when the data breach was announced two weeks ago. It appears the breach even affected people who are no longer Flagstar customers. According...

Royal Dutch Shell has revealed that they have been affected by the Accellion FTA file transfer appliance hack. Last week Shell posted a company statement which said, "Shell has been impacted by a data security incident involving Accellion’s File Transfer Appliance. Shell uses this appliance to securely transfer large data files." According to the statement posted on their website, Shell has said that there is no evidence that their core IT systems have been impacted...