Cyber Bites

The multinational energy company, Enel Group, have suffered another ransomware attack for the second time this year. This attack was by Netwalker, who are demanding $14 million ransom for the decryption key and for them not to release stolen data. Enel is one of the largest companies in the European energy sector, spanning across 40 countries, with over 61 million customers. In August they ranked 87th in the Fortune Global 500, with a revenue of...

Cybercriminals have recently hacked Vastaamo, a psychotherapy giant, and are trying to contact patients threatening to reveal their confidential patient files if they do not pay a ransom. The Finnish psychotherapy company has over 40,000 patients, with customers registered between November 2018 and March 2019 likely to be affected by the breach, although it is unclear why the data is only surfacing now. The breach and the blackmailing of patients has resulted in an emergency...

Amazon has fired a number of employees responsible for a recent data leak which resulted in the exposure of customers data, including their email addresses to an unaffiliated third-party, violating the companies policies Users were alerted of the incident following an email announcement to those who were affected. During the weekend there were reports across Twitter by multiple Amazon customer who had received the email about the data leak, with a number of the customers...

Law firm Fragomen, Del Rey, Brensen and Loewy have confirmed they have suffered a data breach which involved the personal information of both current and former Google employees. The law firm based in New York provides companies with employment verification screening services in order to determine whether potential employees are authorized to work in the United States. In order to work in the United States, every employer must have a Form I-9 file of every...

An issue has arisen with users accessing the NHS contact tracing app on the new iPhone 12 and iPhone 12 Pro that were released on Friday last week. Although the new iPhone's have no issues running the app, when the app is transferred over from a different iPhone through the cloud, it doesn't ask users to enable permissions. As a result, the app can't use the phone's Bluetooth required for the app to work. Users...

The FBI and CISA have announced that Russian hackers have breached US governmental networks. The group has been identified under the codename Energetic Bear and are backed by the Russian state. Government officials have said this group have been targeting several local, territorial and tribal government networks since February. As of the 1st of October, Energetic Bear had successfully lifted data from at least two servers. https://www.zdnet.com/article/fbi-cisa-russian-hackers-breached-us-government-networks-exfiltrated-data/

Cybercriminals have impersonated Marks & Spenser's CEO, Steve Rowe, in order to trick customers into revealing their bank account details. The scammer's poster fraudulent adverts promising victims the opportunity to win a gift voucher as part of a prize draw promotion while under the guise of CEO Steve Rowe. Once victims had clicked the ad they were taken to an M&S-branded portal which asked for their name, mobile phone number, address and bank details including...

Facebook and Twitter chief's, Mark Zuckerberg and Jack Dorsey, will be ordered to testify over the alleged censorship of a New York Post article shared on their platforms. The article reveals emails and photographs copied from Hunter Biden, Joe Biden's son's laptop. Twitter said that the article had violated its "hacked materials" policy and was blocking users from sharing the article, but it later changed its stance. Facebook limited the spread on the article on...

A new report from the US National Security Agency outlines the 25 vulnerabilities most commonly targeted by Chinese sponsored hackers. Exploits for these vulnerabilities are already publicly available, but so are the patches for these flaws. Ciaran Byrne, head of platform operations at Edgescan, provided the follwing analysis: The details published today by the NSA of the top 25 vulnerabilities being leveraged by state-sponsored hackers is a stark reflection on patching policies of organizations. There...

PayPal has recently announced that its customers will be able to use Bitcoin and other virtual currencies while buying and selling items using their PayPal accounts. PayPal has revealed that they will be allowing this option to be used in the US in the next upcoming weeks. They plan to have the option available to all users worldwide by early 2021, with users being able to buy items with cryptocurrency from the 26 million sellers...