News

Users of SingPass, an account used in Singapore to access e-government services, can now use face verification as a two-factor authentication (2FA) method. They are also able to access their accounts using multi-user SMS one-time passwords (OTP) linked to another SingPass user's mobile number. This option has been added to the platform in order to help those who are less digitally literate to navigate the platform with the assistance of others who may have a...

On Monday WhatsApp denied allegations in the U.S Supreme Court that it's encrypted data can be hacked by Pegasus, an Israeli spyware. These allegations led to controversy in 2019, as it was thought that WhatsApp experienced a privacy breach after there were global claims by Indian journalists and human rights activists that they had been spied on by unnamed entities.  

CybelAngel, a world leader in digital risk protection, discovered over 45 million medical imaging files – such as CT scans and X-rays– which were accessible online on unprotected servers. These findings were released in CybelAngels's report “Full Body Exposure”, which is the result of a six-month research investigation into Digital Imaging and Communications in Medicine (DICOM) and Network Attached Storage (NAS), which are the industry standard ways in which medical data is sent and received...

On Monday the cybersecurity firms ReversingLabs and Sophos joined forces in order to release the first-ever production-scale dataset of malware research to be available to the public. They released the dataset in a bid to drive industry-wide improvements in security detection, as well as build defences against attacks. The dataset is called SoReL-20M, which is short for Sophos-ReversingLabs – 20 Million. The dataset contains labels, metadata, and features for 20 million Windows Portable Executable files-...

The Department of Homeland Security (DHS) was breached on Monday as part of an attack on U.S. federal agencies which many speculate to be done by Russian hackers. Alexei Woltornist, DHS spokesperson, said that they have not directly confirmed the breach, but Woltornist told The Hill that “the Department of Homeland Security is aware of reports of a breach” and that they “are currently investigating the matter.” Those who are involved in the matter have...

Microsoft Office 365's SharePoint has got a dangerous remote code execution flaw. On Tuesday, Office365 released their latest patches which addressed bugs affecting Microsoft Edge and Office apps, like Excel and Outlook. The recent Patch Tuesday release, and the last patch release for 2020, had over 58 overall fixes, with nine critical bug fixes. The most pressing of issues mentioned in the patch release affects SharePoint, with two critical remote code execution flaws discovered in...

Subway UK has revealed that their marketing campaign's system was hacked, which resulted in malware-ridden phishing emails being sent to customers on Friday. As of Friday morning, Subway's customers in the UK began to received emails from 'Subcard' about a Subway order that they had supposedly placed. The email included links to documents which claimed to contain the order confirmation details. Once the emails had been analysed it was discovered that they were in fact...

Microsoft has revealed that a well-organized threat campaign is distributing malware across web browsers, including Edge, Chrome, and Firefox. The attacks can result in users having malicious extensions added to their browser, malicious ads injected into search results, and users having their credentials stolen in the worst cases of the attack. In order to avoid any of these issues that can be caused as a result of these attacks, Microsoft recommends that users should re-install...

It has been speculated that Russian hackers have been monitoring internal email traffic of U.S. Treasury and Commerce departments. Those who are involved in the matter are fearing that this specific hack is only a small part of a much larger attack. The hack has led a National Security Council meeting on Saturday to discuss the matter, and how it should be handled. The Commerce Department confirmed the breach and have asked for the Cybersecurity...

Ledger wallet users have been targetted by a phishing scam which used a fake data breach notification in order to steal cryptocurrency. The wallets were secured using a 24-word recovery phrase and support 12, 18, or 24-word recovery phrases used by other wallets. If someone knows the recovery phrase then they are able to access the funds inside the wallet. Therefore, the phrase must be kept private and offline. Ledger suffered a data breach in...