News

Several members-only dark web forums are reportedly auctioning what appears to be a stolen government database featuring the personal information of 92 million Brazilian citizens. The 16GB SQL database contains such information as name, birth date, mother’s name, gender and tax details including taxpayer IDs, according to BleepingComputer, which credits the discovery to a researcher with the Twitter user name Breach Radar. Source: SC Magazine

Instagram has added a new feature to its app to help users work out if an email was sent by the Facebook company or if it’s an attempted phishing scam. Now, if you receive an email claiming to be from Instagram, you can check if it’s genuine by heading over to the “Emails from Instagram” option in the app’s Security settings, which lists every email the service has sent you over the last 14 days....

Mimecast (NASDAQ: MIME), a leading email and data security company, announced the availability of its latest Email Security Risk Assessment (ESRA). The quarterly assessment is an aggregated report of tests that measure the efficacy of widely used email security systems. This quarter’s ESRA report found a significant increase in Business Email Compromise (BEC) attacks, emails containing dangerous file types, malware attachments and spam being delivered to users’ inboxes from incumbent email security systems. BEC attacks, also referred to as email-based impersonation...

Signal fixed a bug that could have allowed attackers to eavesdrop on victims by placing and then immediately auto-answering a call, without the callee's permission. The bug is reminiscent of Apple's FaceTime bug discovered in January, which similarly allowed attackers to eavesdrop on other iPhone users by placing and auto-approving a FaceTime audio or video call. This time, the bug only works via Signal audio calls, and not video, as the Signal app requires users to manually...

The United States and Baltic states on Sunday agreed to beef up cooperation to protect the Baltic energy grid from cyber attacks as they disconnect from the Russian electricity grid. US Energy Secretary Rick Perry and his Lithuanian, Latvian and Estonian counterparts termed the agreement "a critical moment for the Baltic States in strengthening cybersecurity" in strategic energy infrastructure. Source: France24

Alabama-based DCH Health System said it has paid off the hackers behind a ransomware attack that severely disrupted operations at three hospitals beginning on Tuesday morning, according to a Saturday report by Tuscaloosa News. The news closely follows an FBI warning that the number of sophisticated attacks on businesses and state and local governments is continuing to climb. Source: Gizmodo

Gaming company Electronic Arts (EA) has plugged a website glitch that has accidentally leaked the personal details of approximately 1,600 users who signed up on one of its websites. The website was for EA's FIFA 20 Global Series, a competitive tournament for the company's recently launched FIFA 20 soccer-themed game. The company launched the website yesterday, on October 3, and the glitch was spotted right away by players signing up for the upcoming competition. Source: ZDNet

The information technology systems at a number of hospitals and health services in Gippsland and south-west Victoria have been impacted by a cyber security incident. The cyber incident, which was uncovered on Monday September 30, blocked access to several systems by the infiltration of ransomware, including financial management. Emergency surgery and emergency departments were not compromised in the incident. Hospitals isolated and disconnected a number of systems such as the internet to quarantine the infection....

The FBI yesterday issued a new public service announcement regarding the ongoing ransomware epidemic, emphasizing that attacks are becoming more targeted since early 2018, with losses increasingly significantly in that time. The alert is intended to update and supplement a previous ransomware warning that the FBI issued back in September 2016, and specifically identifies state and local governments, health care providers, industrial companies and the transportation sector as key targets. Source: SC Magazine

Google has added a new feature to its password manager that will study a person’s passwords and then inform them on its strength and whether it has been compromised. Password Checkup will not only check a user’s personal choices, but also make personalized recommendations, wrote Andreas Tuerk, product manager for Password Manager. The three primary areas Checkup will test are whether the passwords have been compromised in a third-party breach, if they are being used across different...