Cyber Bites

On Monday, popular end-to-end encrypted messaging service Signal disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1900 users. Signal said, "for about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. All users can rest assured that their message history, contact lists, profile information, whom they'd blocked, and other personal data remain private...

Alphabet Inc's Google Unit was ordered by Australia's Federal Court to pay A$60million in penalties for misleading users on collection of their personal location data, according to Australia's competition watchdog. The court found that Google mislead some customers about their personal location data that was being collected through their Android mobile devices between January 2017 and December 2018. Google misled users into believing that the "location history" setting on their Android phones was the only...

Vulnerabilities in Xiaomi's mobile payment could lead to an attacker stealing private keys used to sign Chinese social media Wechat Pay control and payment packages. The flaws were found by Check Point Research (CPR) in Xiaomi's trusted execution environment (TEE), the system element responsible for storing and managing sensitive information such as passwords and keys. Slava Makkaveev, security researcher at Check Point, said: “We discovered a set of vulnerabilities that could allow forging of payment packages...

Last week, Advanced, a key NHS IT partner was hit by a ransomware attack. The IT company has said that it could take three to four weeks for systems to resume normal service. Advanced runs several key systems within the health service. One of its most important clients is the NHS 111 service. The UK Government tried to downplay the seriousness of the incident last week by claiming "minimal disruption." However, reports suggested that it...

Interpol has launched a new awareness campaign that aims to urge individuals not to become money mules, after 15 suspects were arrested in connection with a major romance scam conspiracy. The international policing organisation's Financial Crime and Anti-Corruption Centre (IFCACC) said the two-week global campaign aims to highlight the critical role mules play in modern crime. The campaign will use the hashtag #YourAccountYourCrime on social media in an attempt to remind people that they are...

Hackers have found that a robot dog carrying a submachine gun has a kill switch that can be accessed using a tiny handheld hacking tool. The discovery was posted on Twitter by hackers going by the handles KF@d0tslash and MavProxyUser on GitHub and Twitter. “Good news!” KF@d0tslash said on Twitter. “Remember that robot dog you saw with a gun!? It was made by @UnitreeRobotic. Seems all you need to dump it in the dirt is...

Action has been taken against two cyber espionage operations in South Africa, according to Meta. Action has been taken against Bitter APT and APT36. The announcement was made by the company last Thursday in its Quarterly Adversarial Threat Report, Second Quarter 2022. In the report, Meta's Global Threat Intelligence Lead, Ben Ninmo, and Director of Threat Disruption, David Agranovich, provided insight into the risks Meta saw worldwide and across multiple policy violations. The report stated:...

7-Eleven stores in Denmark closed their doors yesterday after a cyberattack disrupted store payment and checkout systems throughout the country. The attack occurred early on the 8th August, with the company posting on Facebook that they were likely "exposed to a hacker attack". The translated statement says that the company has closed all the stores in the country while investigating the security incident. The statement read: "Unfortunately, we suspect that we have been exposed to...

Twilio, the communications giant, has confirmed that hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. The company, based in San Francisco, allows users to build voice and SMS capabilities, such as two-factor authentication (2FA), into applications, said that it became aware that someone gained "unauthorised access" to information related to some Twilio customer accounts on 4th August. These findings were published in a blog post on Monday 9th....

Reportedly, a number of health and care systems delivered by business software and services provider Advanced are currently experiencing major outages. Advanced has 26 NHS clients, according to Digital Health Intelligence. The company supply services to thousands of healthcare professionals. The company's Adastra software works with 85% of NHS 111 services. The following systems are currently experiencing major outages: Adastra, Carenotes, Caresys, Crosscare, Staffplan. All outages are being treated as 'critical incidents' and with the...