Cyber Bites

Security concerns have recently arisen concerning the popular audio chatroom app Clubhouse. The app's users privacy policy has been questioned in the past, with the app saying it would take steps to ensure user data could not be accessed by malicious hackers. However, news has broken that the app has now suffered a data breach after a third-party developer created an open-source app that enabled Android users to access the iPhone service.  

A new report from Virtana reveals that most organisations are forcing to revert some of their applications back to on-prem infrastructure. 350 IT professionals were included in the report, which found that 72% had moved at least one app back onto on-prem, siting various reasons for their decision to do so. Some realised after that apps shouldn't have been moved in the first place, or there were too many issues with public cloud provisioning. On...

Automatic Funds Transfer Services was targeted in a ransomware attack on the 3rd of February. The  payment processor is used by many cities and agencies throughout the US. The data used for billing and verifying customers and residents is extremely varied, leading researchers to believe the attack could have had a massive and widespread impact. The cybergang responsible, known as "Cuba Ransomware", stole unencrypted files and deployed the ransomware, causing significant disruption to AFTS' business...

The People's Postcode Lottery has issued a statement warning players of a phishing scam which offers £1,000 in exchange for personal details. The scam claims to be from the People's Postcode Lottery and states that players have won £1,000 after their postcode was drawn fourth place. In order to retrieve the cash prize, players must send over a picture of their passport or driving licence along with a selfie. The statement by the People’s Postcode...

The Californian Department of Motor Vehicles (DMV) has suffered a data breach that could have possibly exposed over a year's worth of data after a third-party contractor was compromised during a cyberattack. During this breach customer addresses and licence plate numbers were exposed, but the DMV has confirmed that social security numbers, birthdates, voter registration, immigration status or driver’s licence information were not. Automatic Funds Transfer Services (AFTS) is a financial service and data management...

An urgent warning has been issued by the U.S Internal Revenue Service (IRS) about a phishing scam that is trying to steal Electronic Filing Identification Numbers. The scam emerged in early February, just before the start of tax filing season on Feb. 12 2021. The scam phishing emails are impersonating the IRA, and the subject line of the email says "verifying your EFIN before e-filing." The body of the email then goes on to ask...

New research by Barracuda has found that cybersecurity protection organisations have missed millions of email attacks. The research discovered 2,029,413 unique attacks in 2,600,531 unique mailboxes. The cybersecurity firm said that an average of 512 attacks were found per organisation out of the 4550 organisations that took part in the research. They also said that 14 per cent of organisations had at least one attack currently in their company mailbox, even though the messages were...

Over 3.2 billion email addresses and paired passwords have been posted online in what is being called one of the biggest breaches of all time. The database of passwords and emails are thought to have been compiled following data breaches carries out on various platforms, such as Netflix, Gmail, LinkedIn and many more. According to one news report, it is thought that the data includes almost 70 per cent of global internet users' data. Users...

Several members of the Egregor ransomware group were arrested following a joint operation between Ukrainian and French law enforcement. French law enforcement officers made the arrests after they were able to trace ransom payments to group members based in Ukraine. The investigation on the Egregor attacks was first initiated by the Tribunal de grande instance de Paris after a number of French companies, such as Ouest France, Gefko, and Ubisoft, suffered attacks, and so issued...

Researches from RiskSense, a risk-based vulnerability management service, discovered 223 different vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database that were used in ransomware attacks throughout 2020. This is four times the number of vulnerabilities related to ransomware than found in 2019 by RiskSense. The findings also show that ransomware families are not only growing but they are also becoming more complex. The previous report from 2019 found that there were 19 separate ransomware...