News

BlockFi disclosed a data breach that potentially leaked the physical addresses and account activity of its customers, highlighting the risks of KYC finance platforms. Crypto lending provider BlockFi reported on Tuesday that it suffered a data breach that may put some of its clients in physical danger. According to its incident report, some of the company’s client data was breached through a SIM card swap attack performed on one of its employees. The attackers successfully...

A host of unpatched security bugs that allow BIAS attacks affects Bluetooth chips from Apple, Intel, Qualcomm, Samsung and others. Academic researchers have uncovered security vulnerabilities in Bluetooth Classic that allows attackers to spoof paired devices: They found that the bugs allow an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint. This allows attackers to capture sensitive data from the other device. The bugs allow Bluetooth Impersonation...

A cyber attack on budget airline EasyJet has resulted in the exposure of the email addresses and flight details of nine million of its customers, and the credit card details of 2,208 of them says the airline. A cyber attack on budget airline EasyJet has resulted in the exposure of the email addresses and flight details of nine million of its customers, and the credit card details of 2,208 of them. The attack, described by...

Verizon published today its yearly Data Breach Investigation Report, based on real-world data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide. The report provides a most useful snapshot of the current state of the fight against cybercrime, and highlights not only the weaknesses in organisations' approach to security, but also the areas where cybercriminals seem to be focussing their efforts. IT...

The FBI says hackers are exploiting a three-year-old vulnerability in a Magento plugin to take over online stores and plant a malicious script that records and steals buyers' payment card data. This type of attack is known as web skimming, e-skimming, or Magecart, and the FBI previously warned about a rise in attacks in October, last year. In this recent campaign, attackers are exploiting CVE-2017-7391, a vulnerability in MAGMI (Magento Mass Import), a plugin for...

 A bug introduced in an iOS software update on the Edison Mail app allowed emails to be viewed by strangers. Edison Mail, a popular third-party email app, has warned thousands of iOS users that their emails may have been compromised after a security flaw exposed emails to complete strangers. Edison Mail, owned by Edison Software Inc., is in the top 100 productivity apps on the Apple app store, and touts itself as “lightning fast and...

The hacker group behind last week's REvil (Sodinokibi) ransomware attack on New York-based law firm Grubman Shire Meiselas & Sacks is now demanding $42 million and threatening to release controversial information on U.S. President Donald Trump. Last week, the hacker group infiltrated the law firm's network and stole personal data and contractual information belonging to celebrities like Elton John, Madonna, Nicki Minaj, Bruce Springsteen, Mariah Carey, and Jessica Simpson. The massive breach took place after...

ProLock is relatively new, but already the ransomware is making waves by using QakBot infections to access networks, gain persistence and avoid detection. A relatively new ransomware, ProLock, has paired up with the QakBot banking trojan to access victims’ networks. ProLock’s leveraging of QakBot gives it bolstered persistence, anti-detection and credential-dumping techniques. ProLock ransomware first emerged in March as a successor to another recent malware strain, PwndLocker, and has made its mark targeting financial, healthcare,...

The plague of enterprises leaving cloud storage holding private data unprotected is starting to show up in the security statistics and is one of the few attacks on the rise, according to the Verizon Data Breach Investigation Report for 2020. That reality is both good and bad, said Gabe Bassett, senior information security data scientist at Verizon Enterprise. The bad news is that misconfiguration errors still exist. The good news is that companies are reporting...

The topic of the NHSX COVID-19 contact tracing app has been at the centre of many security debates lately. The discussion has been fuelled by security professionals, conspiracy theorists, and everyone in-between. However, many of the voices have not represented the British population that the application is designed to protect. With this in mind, Anomali, a cybersecurity company specialising in threat intelligence and analysis, conducted a survey of the British public in order to ascertain...