News

First there was Brangelina, TomKat and Bennifer and now Kaspersky has presented the world with BRATA, or Brazilian RAT Android. BRATA is not a power celebrity couple, but is a relatively new Android remote access tool family that, at least so far, has exclusively targeted Brazilians using Android 5.0 or higher, according to Kaspersky’s GReAT team. GReAT has found it hosted primarily in the Google Play store, and to a lesser extent on third-party Android outlets,...

A data breach at flight booking site Option Way exposed personal details on passengers and their flight and travel plans. Researchers at vpnMentor led by Noam Rotem and Ran Locar were “able to access over 100 GB of data, a massive amount of customers’ unencrypted Personally Identifiable Information (PII),” including names, birth dates, gender email addresses, destinations, flight prices and flight departure and return dates. Source: SC Magazine

The forums of the XKCD webcomic created by Randall Munroe in 2005 are currently offline after being impacted by a data breach which exposed the information of 561,991 users on July 1. The compromised user information including usernames, emails, and IP addresses, as well as hashed and salted passwords stored in MD5 phpBB3 format, was added to Have I Been Pwned's database on September 1, after being provided by security researcher and data analyst Adam Davies. Source: Bleepingcomputer

Phishers behind a new campaign have switched to using compromised SharePoint sites and OneNote documents to redirect potential victims from the banking sector to their landing pages. The attackers take advantage of the fact that the domains used by Microsoft's SharePoint web-based collaborative platform are almost always overlooked by secure email gateways which allows their phishing messages to regularly reach their targets' inboxes. Source: Bleepingcomputer

Today, Nominet announces its Cyber Security and the Cloud research, finding that 61 percent of security professionals believe the risk of a security breach is the same or lower in cloud environments compared to on-premise. The research, surveying nearly 300 UK & US C-level security professionals, marks a major tipping point in the perception of security of the cloud. That said, the cloud’s perceived superiority over on-premise does not mean that respondents considered cloud systems...

By Barry McMahon, Senior International Marketing Manager at LastPass When it comes to the workplace, who would have thought that your identity would be so important? Yet, for IT security professionals, identity and access management is an ongoing thorn in their side, particularly when organisations lack the necessary tools to keep data secure. In the office, your identity ensures that you have access to the right resources and that you can work securely and uninterrupted....

During the second quarter of 2019 Kaspersky experts detected multiple mailshots pretending to be offers for tax refunds worldwide. This period traditionally used as a deadline for filing tax returns and refunds in many countries. Using the scheme criminals, were trying to steal valuable information, or in some cases, install dangerous spyware. This and other findings are revealed in the Spam and Phishing in Q2 2019 Report. Spam and phishing malicious letters usually contain links...

By Danielle VanZandt, Industry Analyst, Security, Frost & Sullivan The significant breach and vulnerabilities recently discovered by vpnMentor researchers within Suprema’s BioStar 2 database are enough to scare any potential end user away from biometric security measures. With potentially over 1 million fingerprint biometrics and user passwords exposed in the breach, BioStar 2 has become the first major example of how biometric access still has its own vulnerabilities that vendors, integrators, and end users must...

With this latest integration, joint customers can now leverage the Flashpoint API to import Finished Intelligence reports, Risk Intelligence Observables (RIOs), and Technical Indicators into ThreatConnect. The ThreatConnect Platform provides a central place for users to see and analyse their team’s threat intelligence and then take well-informed, decisive action. The Flashpoint API grants users access to intelligence reports, technical data, and uniquely sourced conversations from illicit threat communities. Vice President of Product at ThreatConnect, Andy...

One year on from the introduction of the General Data Protection Regulation (GDPR) and it is becoming clear that when it comes to Data Subject Access Requests (DSAR), organisations are confused regarding a desire to balance the rights of an individual with the needs of an organisation, John Potts (Head of DPO DSAR and Breach Support) GRCI Law, outlines the essential processes that companies must put in place to avoid falling foul of DSAR breach....