News

According to Outpost 24's Web Application Security for Retail & E-commerce Report, US retailers are more vulnerable to web application attacks than retailers based in the EU. Outpost 24, a cybersecurity firm, calculated that web apps used by American retailers have a larger aggregated average risk score of 35, compared to their EU counterparts smaller risk scores of 31. US retailers were also found to have a wider attack surface, running more publicly exposed web...

Mashable, a major tech and culture news website has recently experienced a data breach which has resulted in the personal data of their users being exposed online. On Sunday 8 November Mashable issued a statement confirming that their database had breached and that they had discovered that reader who use their social media sign-in feature to access the site have had their details posted online. The data that has been exposed includes users full names,...

A threat actor is selling the RedDoorz database containing 5.8 million user record on a hacking forum following a data breach in September. RedDoorz is a hotel management and booking platform based in Singapore, which manages bookings for over 1,000 properties in Southeast Asia. Users can register an account to browse hotels and book reservation using the platform via the website or mobile app. After RedDoorz experienced the breach in September they believed that none...

Luxottica, the world's largest eyewear company, has recently suffered a data breach which has resulted in the exposure of the personal information of Lenscrafters patients. The attack also affected Optical, EyeMed and other eye practices. Luxottica warned that “the personal information involved in this incident may have included: full name, contact information, appointment date and time, health insurance policy number, and doctor or appointment notes that may indicate information related to eye care treatment, such...

The Spanish developer Prestige software has experienced a data breach after misconfiguring an AWS bucket. The breach has lead to the exposure of their cloud database, and the data of millions of hotel guests. Prestige software is a platform which enables hotels to automate their availability on booking site such as Expedia. The misconfigured S3 bucket contained more than 100 individual login details, dating back to as far as 2013. Mark Holden, a Website Planet...

An alert warning has been sent out by the Federal Bureau of Investigation warning of threat actors abusing misconfigured SonarQube application in order to steal source code form US government agencies as well as private businesses. An alert sent out last month by the FBI was made public on their website this week detailing the intrusions which have taken place since at least April 2020. The alert provides a warning to the owners of SonarQube,...

This week UK residence have been targeted by an advanced HM Revenue and Customs (HMRC) tax rebate text messages (SMS) scam. The smishing campaign (phishing scam via SMS) is especially worrying as it employs multiple HMRC phishing domains and tactics with the scam evolving by adding new domains daily as older domains get flagged by spam filters. The smishing scam is especially effective as it mimics HMRC's web interface meticulously, while also having the entire...

Earlier this month the ransomware gang DoppelPaymer released unencrypted data that they have stolen from Hall County, Georgia during a cyberattack. The attack affected Hall County's networks and phone system. At the time of the attack, there were no signs that the unencrypted data had been stolen by the hackers.  A spokesperson for Hall County said that "at this time, there is no evidence to show that citizen or employee data has been compromised. However,...

A large number of universities, including Standford University and the University of Oxford, are suffering from cyber attacks in which their email accounts are hijacked. Once hijacked the emails accounts are then used to trick the victims into exposing their email credentials and even installing malware. CEO and co-founder of INKY, Dave Bagget, said that there are no signs of how the emails accounts are being compromised. However, he believes that the victims of the...

The US Cyber Command has recently revealed information about the malware implants used by Russian hackers to target national parliaments, ministries of foreign affairs, and embassies. The malware was identified by the US Cyber Command's Cyber National Mission Force (CNMF) unit, alongside the Cybersecurity and Infrastructure Security Agency (CISA). The information was uploaded yesterday to the Virus Total online virus scan platform. The CISA published two advisories in association with the CNMF and the FBI...