News

According to a report released by the Intelligence and Security Committee, the UK is one of the 'top targets' in the West for Russia. The committee has criticised the government for delaying its release and urges for 'immediate action' to assist intelligence services in tackling this 'capable adversary'. Among other topics covered, the ISC's report looks at disinformation campaigns, cyber tactics as well as Russian expatriates in the UK.

Officials from the Israeli Water Authority have announced that their water management facilities have been hit with two more cyber-attacks. These attacks occurred in June but fortunately, did not cause any damage to the affected organisations. One hit an agricultural water pump in upper Galilee and the second hit water pumps in Mateh Yehuda. Source: ZDNet

A new malware called BlackRock has been recently identified by the cybersecurity firm ThreatFabric. This malware has affected over 337 Android app and utilises an overlay with keylogger functionality on top of the legitimate app. It then encourages users to enter in their payment card details in order to 'access' the app. Moreover, with the app installed, the malware requests permission to the Accessibility feature, allowing bad actors to intercept SMS messages, spam contacts etc....

The Open Rights Group (ORG) have accused England's test and trace programme of breaking a key data protection law since it launched on the 28th of May. The system asks individuals to share sensitive data including name, date of birth, postcode, who they live with, where they have recently visited as well as the name and details of those they have been in close contact with. Nevertheless, the government has maintained that there is no...

According to WizCase, a VPN comparison site, four misconfigured and unencrypted AWS S3 buckets, as well as an unsecured Elasticsearch server, led to the exposure of almost a million online student records. This includes the personal information of children, their parents and teachers. Full names, home addresses, emails, phone numbers, date of birth etc. were all revealed, putting these e-learners at risk of identity fraud, phishing, and even stalking. Source: Infosecurity Magazine  

Data from twenty enterprise customers of the French telecommunications company, Orange, have been exposed following a ransomware attack on the 15th of July. The operators behind this Nefilim ransomware supposedly breached the company through their "Orange Business Solutions" division. This division offers business remote support, virtual workstations, system security as well as cloud backups. Source: Bleeping Computer

According to an advisory issued by the National Cyber Security Centre (NCSC) and counterparts in Canada and America, Russian state-sponsored hackers, APT29 or Cozy Bear, have been attacking organisations working towards a coronavirus vaccine. The campaign has been targeting government agencies, diplomatic bodies, healthcare organisations, thinktanks and the energy sector looking to steal intellectual property. Source: Computer Weekly  

Armorblox researchers have recently noted a number of campaigns utilising Amazon as a means of lifting credentials and personal information. This is in light of a growing dependence on the e-commerce giant during COVID-19. With many expecting to receive deliveries, one campaign takes advantage through counterfeit notices of a failed delivery attempt. Another campaign utilises voice phishing, or vishing. Source: Threatpost

Private hacker forums have typically been exclusive to only elite, and highly-skilled cybercriminals. In order to gain access to such forums. Members have to undergo a "rigorous application and interview process," said researchers. However, a report recently published by Digital Shadows has found that the forum, CryptBB has become increasingly inclusive. Less-experienced hackers are now being invited to learn from the experts and hone their expertise. Source: Threatpost  

The latest clash between Facebook (FB.O) and Austrian privacy activist Max Schrems could disrupt hundreds of thousands of companies as Europe’s top court rules on Thursday on the legality of tools companies use to transfer Europeans’ data around the world. At stake are standard contractual clauses used by Facebook, banks, industrial giants, carmakers and others to transfer personal data to the United States and other parts of the world for services ranging from cloud infrastructure,...