News

  A Huawei executive and a US Department of Defense official got onstage together Wednesday at the RSA Conference in San Francisco, and the conversation got heated. Katie Arrington, an official in charge of acquisition at the Defense Department, insisted that lawmakers and President Donald Trump had good reason to remove Huawei products from government use. Huawei USA Chief Security Officer Andy Purdy said the decision was the wrong approach. Source: CNET

Cloud services provider Bretagne Télécom was hacked by the threat actors behind the DoppelPaymer Ransomware using an exploit that targeted servers unpatched against the CVE-2019-19781 vulnerability. Bretagne Télécom is a privately held French cloud hosting and enterprise telecommunications company that provides telephony, Internet and networking, hosting, and cloud computing services to roughly 3,000 customers, operating around 10,000 managed servers. Source: Bleeping Computer

Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that's used as a two-factor authentication (2FA) layer for many online accounts. Google launched the Authenticator mobile app in 2010. The app works by generating six to eight-digits-long unique codes that users must enter in login forms while trying to access online accounts. Source: ZD Net

A council has admitted its IT service was targeted by hackers, who scrambled files and made a demand for money. Systems at Redcar and Cleveland Council have been down for almost three weeks after the ransomware attack. It said it had been prioritising frontline services and has now built a new server and website, as well as mobilising a temporary call centre. Source: BBC

Clearview AI, the company whose database has amassed over 3 billion photos, has suffered a data breach, it has emerged. The data stolen in the hack included the firm’s entire customer list–which will include multiple law enforcement agencies–along with information such as the number of searches they had made and how many accounts they’d set up. Clearview AI said the huge database of images was not part of the breach. The firm’s attorney, Tor Ekeland,...

It was reported yesterday that French sporting retail giant Decathlon leaked over 123 million records through an improperly secured ElasticSearch server, leaving customer and employee details exposed. The leak was spotted by security researchers Noam Rotem and Ran Locar at VPNmentor on 12th February, Decathlon were notified four days later, the leak was investigated, and the server pulled down shortly after. In light of the data breach affecting the retail firm, which has 44 UK...

Cybercriminals are taking advantage of the recent security flaws reported recently in popular WordPress plugins and are targeting websites that still run vulnerable versions. At least two threat actors are actively attacking unpatched variants of ThemeGrill Demo Importer, Profile Builder, and Duplicator plugins which are installed on.What the three WordPress components have in common are recent reports of a critical severity bug that could be exploited to compromise the website they run on. Source: Bleeping...

Irish IT services group Ergo is forecasting further growth as it reported revenues of €85.2 million last year as the company said it recently foiled a major ransomware attack. Ergo said it immediately moved to lock down servers late last Wednesday after becoming aware of a serious security incident. It was able to recover most of the data lost from the attack within hours and without paying a ransom demand. However, the incident led to...

The Financial Conduct Authority has admitted it had revealed the confidential details of consumers on its website in a data breach last year.In a statement published today (February 25) the regulator said it had referred itself to the Information Commissioner’s Office over the incident, which occurred in November 2019. In response to a Freedom of Information request the FCA mistakenly published on its website the details of individuals who had made a complaint to the...

French sports giant Decathlon has leaked over 123 million records via an improperly secured ElasticSearch server, according to security researchers Noam Rotem and Ran Locar at VPNmentor. The two spotted the database on February 12 and notified the company four days later. (They say they typically need “days of investigation before we understand what’s at stake or who’s leaking”). Decathlon has 44 stores around the UK, and is present in 46 countries. It employs over...