News

Apple has announced that, in 2021, it prevented over 1.6 million risky and untrustworthy apps and app updates from reaching the App Store and stopped over $1.5 billion in fraudulent transactions. Apple produced its first fraud prevention analysis last year with information about 2020. Last year's report showed that Apple had prevented one million potentially bad apps from the App Store and protected customers from nearly $1.5 billion in potentially fraudulent transactions. In 2021, Apple...

A suspected state-aligned threat actor has been linked to a fresh set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities across the U.S. and Europe. Proofpoint, an enterprise security firm, said that it blocked attempts at exploiting the remote code execution flaw. The flaw is being tracked CVE-2022-30190 (CVSS Score: 7.8). More than 1,000 phishing messages containing a lure document were sent to the various targets. Proofpoint said in a series...

In an attempt to streamline information flows across a fragmented global supply chain, Singapore has officially launched a centralised data platform. The data exchange has already gained the support of more than 70 participants, including banks, logistics operators, and energy companies. The new common data platform, called Singapore Trade Data Exchange (SGTraDex), was introduced in November 2020 as a pilot scheme. The scheme aimed to improve data efficiencies in container flow and financial processes. The...

The website for Russia's Ministry of Construction, Housing and Utilities has reportedly been hacked. An internet search for the site lead users to a "Glory to Ukraine" sign in Ukrainian. On Sunday, Russia's state news agency, RIA, quoted a representative from the ministry, revealing that the site was down, however users' personal data was unaffected. According to the RIA, the hackers were demanding a ransom to prevent the disclosure of sensitive data to the public....

A budget Turkish airline has misconfigured an AWS bucket, resulting in the exposure of flight and source code data, alongside the personal information of crew members. A research team in the employ of SafetyDetectives discovered the cloud data trove was publicly available on February 28. Some of the information was traced back to Electronic Flight Bag (EFB) software developed by Pegasus Airlines. An EFB is an information management tool designed to aid in the productivity...

Italy's Computer Security Incident Response Team (CSIRT) issued an urgent alert on Monday, warning organisations of the significant risk of cyberattack against national entities. The Italian organisation is referring to DDoS (distributed denial-of-service) attacks which, while not necessarily catastrophic, can cause significant damage due to service outages and disruptions. “There continue to be signs and threats of possible imminent attacks against, in particular, national public entities, private entities providing a public utility service or private...

The FBI's cyber division has published a Private Industry Notification warning colleges and universities in the US that higher education credentials are up for sale on the dark web. FBI data suggests that from January 2022, Russian cyber-criminal forums advertised access to credentials from universities and colleges across the US, for prices as high as thousands of dollars. The document also reveals that in May 2021, over 36,000 email and password combinations (it's unknown how...

Remote mobile payments authenticated by biometrics are predicted to reach $1.2 trillion by 2027, according to a new study. In its paper Mobile Payment Biometrics: Key Opportunities, Regional Analysis & Market Forecasts 2022-2027 , Juniper Research has predicted a 365% rise in the value of biometric payments over the next five years. The current value is $332bn. Solutions such as Apple Pay are likely to be a key driver of said growth, alongside the introduction of Strong...

More than 75 vulnerabilities have been added to the Cybersecurity and Infrastructure Security Agency's (CISA)Known Exploited Vulnerabilities Catalogue. Cisco, Microsoft, Adobe, Oracle, Linux vulnerabilities are listed. If an attacker was to exploit these vulnerabilities, they could take control of impacted systems. A considerable number of vulnerabilities were older, ranging from 2010 to 2019, but one more notable vulnerability was a Cisco IOS XR Open Port Vulnerability CVE-2022-20821. “A vulnerability in the health check RPM of Cisco...

Students around the world who were required to use government-endorsed education technology (ed tech) throughout the pandemic had their contact, keystroke and location data plundered and sold to advertising tech companies, according to the Human Rights Watch (HRW).  A staggering 146 out of 164 government-endorsed ed tech products jeopardised children's privacy, with 199 third-party companies receiving personal data, the HRW reported. Out of these, only 35 endorsed vendors disclosed that user data would be collected...