News

Microsoft has recently started a brand new bug bounty program for their Teams desktop application. The bug bounty program is offering up to $30,000 as a reward for finding security vulnerabilities, with the highest payouts going to whoever has the ability to expose the most Teams user data. The program manager, Lynn Miyashita, said, “The Teams desktop client is the first in-scope application under the new Apps Bounty Program, we look forward to sharing updates...

The U.S. Federal Bureau of Investigation (FBI) has issued a statement about the Mamba ransomware, also known as HDDCryptor, as a weakness has been found in the ransomware's encryption process. This weakness means that organisations targeted by the ransomware can recover from an attack without having to pay the ransom. The weakness has been found in the open-source software solution, called DiskCryptor, that Mamba uses to encrypt victim's computers using a key defined by the attacker....

An information leakage can result in grave consequences. Consider the recent SolarWinds supply chain attack which transpired from the exposure of a critical, and inanely simple, internal password (solarwinds123). In this way, making the recent findings by the Synopsys Cybersecurity Research Center (CyRC) especially troubling. The analysis of over 3,000 popular Android mobile apps showed information leakage to be commonplace. Passwords, user credentials, email addresses and tokens are among the information found. With this information,...

Two vulnerabilities were discovered across the Legacy Themes and plugins in the popular suite of tools for WordPress websites from the marketing platform Thrive Themes.  The purpose of Thrive Themes is to help WordPress websites "convert visitors into leads and customers." The suite of products affected is called Thrive Suite, in which the Legacy Themes tools are included, along with various other plugins. The flaws discovered could be chained together to allow attackers to upload...

Security engineer Rob Dyke recently reported a data leak to the Apperta Foundation, which is a non-profit, supported by NHS England and NHS Digital. The organisation thanked him for responsible reporting, however later 'thanked him' with legal correspondence and police intervention. Dyke discovered an exposed GitHub repository earlier this month, which was exposing passwords, API keys and sensitive financial records belonging to the Apperta Foundation. The repository had been public since at least 2019. The...

On Wednesday, Facebook revealed that it has blocked a group of hackers based in China, known as Evil Eye or Earth Empusa, from using the platform to spy on Uighurs living abroad. The hackers were using Facebook to trick Uighurs into clicking on links infected with malware which enabled them to spy on the victim's devices. Facebook has said that the hacker group were targetting journalists, activists and dissidents who were predominantly Uighurs. In an...

FatFace, a British fashion retailer, suffered a cyber attack in January which may have resulted in both employees' and customers' data being compromised. Yesterday FatFace sent customers an email informing them that their personal data could have possibly been compromised in the hack. In the email FatFace also asked customers to keep the details of the hack "strictly private and confidential". However, a number of angry customers tweeted about how it took two months for...

The new attacks are part of an ongoing phishing operation, dubbed the "Compact" Campaign, which has been active since early 2020. The campaign, which has already stolen an estimated 400,000 OWA and Office 365 credentials has now begun abusing new legitimate services in an effort to bypass secure email gateways (SEGs). As a result, Microsoft security experts have issues a warning: "Phishers continue to find success in using compromised accounts on email marketing services to...

Feedzai, the cloud-based financial risk management platform, today announced a $200 million Series D investment round led by leading global investment firm KKR, with participation from existing investors Sapphire Ventures, and Citi Ventures. The company states that the new investment will be used to accelerate its global expansion, further develop its product offerings, and boost its partner strategy to strengthen its position as one of the most comprehensive financial crime prevention and risk management solution...

A California State Controller's Office employee fell for a phishing link, leading to a data breach that resulted in the theft of around 9,000 records. The employee, who worked in the Unclaimed Property division clicked on a phishing link received in an email and then proceeded to enter a user ID and password. This gave an attacker access to the employee login details, and consequently the employee's account, on the 18th and 19th of March....