Cyber Bites

Although the investigation as to how SolarWinds' was compromised by hackers and how these hackers poisoned the company's software updates is still ongoing, new evidence reveals that it could have possibly been a meticulously planned, sophisticated supply chain attack. Today ReversingLabs published a report which revealed that the actors who attacked SolarWinds' most likely do so by compromising the software build and code signing infrastructure of SolarWinds Orion platform. Their access to SolarWinds' networks could...

Although most companies claim that they have well-defined consumer data protection and privacy policies, research has found that three in five US and Canadian companies fail to inform customers that they allow third-party services to use tracking codes on their websites. Zoho, an Austin based productivity app surveyed 1,416 individuals across Canada and the United States, with participants including a range of business leaders from C-level to manager roles, from a variety of business sizes....

Gmail has suffered two outages in 24 hours, as users have been unable to send emails to other Gmail users, while others have experienced unexpected behaviour. However, users are still able to access their Gmail accounts. When Gmail users send an email to another Gmail address they will immediately receive a delivery failure message which states "Address not found". Users of the GSuit who have custom domains are not experiencing any problems. Over 17,000 users...

Security researchers at Lookout have discovered a new strain of malware called Goontact which has surveillance and spying capabilities. The Goontact spyware is currently available on Android and iOS, with the ability to collect data from infected victims. This data includes photos, SMS messages, location information, phone identifiers and contacts. Lookout has reported that the Goontact malware is distributed by third-party sites that are promoting free instant messaging apps that are dedicated to reaching escort...

Users of SingPass, an account used in Singapore to access e-government services, can now use face verification as a two-factor authentication (2FA) method. They are also able to access their accounts using multi-user SMS one-time passwords (OTP) linked to another SingPass user's mobile number. This option has been added to the platform in order to help those who are less digitally literate to navigate the platform with the assistance of others who may have a...

On Monday WhatsApp denied allegations in the U.S Supreme Court that it's encrypted data can be hacked by Pegasus, an Israeli spyware. These allegations led to controversy in 2019, as it was thought that WhatsApp experienced a privacy breach after there were global claims by Indian journalists and human rights activists that they had been spied on by unnamed entities.  

CybelAngel, a world leader in digital risk protection, discovered over 45 million medical imaging files – such as CT scans and X-rays– which were accessible online on unprotected servers. These findings were released in CybelAngels's report “Full Body Exposure”, which is the result of a six-month research investigation into Digital Imaging and Communications in Medicine (DICOM) and Network Attached Storage (NAS), which are the industry standard ways in which medical data is sent and received...

On Monday the cybersecurity firms ReversingLabs and Sophos joined forces in order to release the first-ever production-scale dataset of malware research to be available to the public. They released the dataset in a bid to drive industry-wide improvements in security detection, as well as build defences against attacks. The dataset is called SoReL-20M, which is short for Sophos-ReversingLabs – 20 Million. The dataset contains labels, metadata, and features for 20 million Windows Portable Executable files-...

The Department of Homeland Security (DHS) was breached on Monday as part of an attack on U.S. federal agencies which many speculate to be done by Russian hackers. Alexei Woltornist, DHS spokesperson, said that they have not directly confirmed the breach, but Woltornist told The Hill that “the Department of Homeland Security is aware of reports of a breach” and that they “are currently investigating the matter.” Those who are involved in the matter have...

Microsoft Office 365's SharePoint has got a dangerous remote code execution flaw. On Tuesday, Office365 released their latest patches which addressed bugs affecting Microsoft Edge and Office apps, like Excel and Outlook. The recent Patch Tuesday release, and the last patch release for 2020, had over 58 overall fixes, with nine critical bug fixes. The most pressing of issues mentioned in the patch release affects SharePoint, with two critical remote code execution flaws discovered in...