News

Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The collection, dubbed “BlueLeaks” and made searchable online, stems from a security breach at a Texas web design and hosting company that maintains a number of state law enforcement data-sharing portals. The collection — nearly 270 gigabytes in total — is the latest release from Distributed Denial of Secrets (DDoSecrets), an alternative to Wikileaks that publishes caches of previously secret...

As lockdown and isolation measures were enacted across the world in response to the global COVID-19 pandemic, engagement in at-home entertainment activities predictably skyrocketed – gaming, in particular, saw massive increases in user engagement. Kaspersky noticed this trend, and upon investigation, unsurprisingly found many instances of cyber attackers exploiting this increased engagement in video games: in April there was a 54% increase in the daily number of attempts to direct users to malicious sites from...

Cyber security experts warn some of the country is in need of online password education after a survey revealed more than a quarter of Britons reuse up to five passwords across all their financial accounts and one in five admitted to writing them down. SOURCE: This Is Money

When a company suffers a ransomware attack, many victims feel that the attackers quickly deploy the ransomware and leave so they won't get caught. Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked so hard to control. Instead, ransomware attacks are conducted over time, ranging from a day to even a month, starting with a ransomware operator breaching a network. SOURCE: Bleeping Computer

The Commonwealth Scientific and Industrial Research Organisation's (CSIRO) Data61, together with Samsung Research and South Korea's Sungkyunkwan University, have developed a solution to protect consumers from voice spoofing attacks. The Voice liveness detection (Void) has been designed to be embedded in a smartphone or a voice assistance software to identify the difference between a live human voice and voice replayed through a speaker to detect when hackers are attempting to spoof a system. SOURCE: ZDNet

The Cloud Security Alliance has released a report examining privacy and security of patient data in the cloud. In the wake of COVID-19, health delivery organizations (HDOs) have quickly increased their utilization of telehealth capabilities (i.e., remote patient monitoring (RPM) and telemedicine) to treat patients in their homes. These technology solutions allow for the delivery of patient treatment, comply with COVID-19 mitigation best practices, and reduce the risk of exposure for healthcare providers. SOURCE: Help...

Singapore, Japan, and the US are amongst six nations reportedly targeted in a COVID-19 themed phishing campaign that is scheduled to take place June 21. North Korean state hacker group Lazarus are said to be behind the massive attack that will see more than 5 million businesses and individuals receiving phishing email messages from spoofed government accounts. This would include 8,000 organisations in Singapore where the business contacts highlighted in an email template were addressed to...

The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat (APT) group. InvisiMole was first uncovered by ESET in 2018, with cyberespionage activity dating back to 2013 in operations in Ukraine and Russia. More recently, from late 2019 until at least this month, researchers have spotted the group attacking a few high-profile organizations in the military sector and diplomatic missions, both in Eastern...

A credential-phishing attempt that relies on impersonating Bank of America has emerged in the U.S. this month, with emails that get around secure gateway protections and heavy-hitting protections like DMARC. The campaign involves emails that ask recipients to update their email addresses, warning users that their accounts could be recycled if this isn’t done. “The email language and topic was intended to induce urgency in the reader owing to its financial nature,” according to analysis...

Wells Fargo customers are being targeted by a phishing campaign impersonating the Wells Fargo Security Team and luring potential victims to phishing pages with the help of calendar invites. Wells Fargo is a multinational financial services (banking, investment, and mortgage) provider with roughly 263,000 employees in 7,400 locations in 31 countries and territories. It serves one-third of all US households and it was ranked No. 30 on Fortune’s 2020 rankings of America’s largest corporations. The phishing messages spotted...