Cyber Bites

A report by Motherboard says that the US military has been mining data from the Muslim prayer app, Muslim Pro. Muslim Pro is one of the "most popular Muslim apps", boasting over 98 million downloads. The app reminds users of their daily prayers and provides them with readings from the Quran. The app also tracks users' locations with this data sold to brokers. One of the buyers of the app's data is reportedly the US...

Microsoft has recently alerted governments across the globe that the North Korean hacker groups Cerium and Zinc, as well as the Russian hacker group Strontium, have been targeting organisations involved in COVID-19 vaccine research using brute-force, credential stuffing and spear-phishing attacks. Tom Burt, Microsoft's Corporate Vice President for Customer Security & Trust, said in a blog post that nation-state actors have been targetting research organisations in France, Canada, South Korea, India, and the United States....

Coveware, the ransomware negotiation firm, have recently placed DarkSide operation on an internal restricted list following the threat actor's announcement to host infrastructure in Iran. DarkSide ransomware operation usually encrypts a network from which their affiliates will steal an unencrypted file from, which they will then threaten to release if their ransom is not paid. Therefore, their recent announcement for operations in Iran has caused concern among industry key figures.

Pluto TV are an online TV provider who offers ad-supported channels for various topics such as gaming, as well as real-life networks, such as NBC. Unfortunately, Pluto TV has recently suffered a security breach, affecting the millions of accounts linked to the platform since 2018, with the details for these accounts now available online. The hacking group ShinyHunters instigated the breach, and they have previously released the customer records of over 17 other companies and...

The World Economic Forum and the University of Oxford have published a 14-month long study examining the shift in technology and the impact it will have on the cybersecurity industry. The study is based on the expertise of over 100 leaders in the cybersecurity space, including those in businesses, government, civil society and academia. The study reports that the future of the cybersecurity industry, as well as that of everyone's personal data, relies on four...

Cybercriminal groups are scaling up their operations. According to BleepingComputer, the DarkSide Ransomware operation have claimed they are creating a distributed storage system in Iran to store and leak data stolen from victims. Since double-extortion ransomware became threat actors' attack of choice, law enforcement and security firms have been actively searching the stolen data in order to disrupt extortion demands. "Ransomware gangs are increasingly copying the models used by legitimate businesses. From Ransomware and Phishing-as-a-Service, it...

The Outbound Email Security Report by Egress has recently found that tired and stressed employees are the cause of 4 in 10 of the most severe data breaches. As stress levels rise and remote working increase, rushed employees are more likely to make easy mistakes such as attaching the wrong file to an email or sending an email to the wrong person. All the distractions of working from home and increased stress levels due to...

The Australian government have recently sent out a security alert encouraging health sector organisation to check their cyber-security defences, and most importantly their controls for detecting ransomware attacks. Australia’s Cyber Security Centre said that it "observed increased targeting activity against the Australian Health sector by actors using the SDBBot Remote Access Tool (RAT)." This warning comes after a recent increase in attacks on health service organisations worldwide since the COVID-19 pandemic.

The stock photo service 123RF has recently suffered a data breach after their database containing 8.3 million users records has been hacked and put up for sale on a hacker forum. Over the weekend a data breach broker put 123RF’s database of 8.3 million users records online following a data breach. The database includes personal data such as 123RF members’ names, email addresses, company names, phone numbers, PayPal emails, IP addresses, and MD5 hashed password....

The UK's ex-chief of National Cyber Security Centre (NCSC), Ciaran Martin, has warned that we should avoid arming ourselves with new weapons and instead maintain a strong defence in the cyber realm. Martin added that if we do weaponise then we do so 'at our peril'. Martins remarks follow on from reports that nations such as the UK are using offensive cyber-techniques. Martin went on to say that although he is not a digital pacifist,...