News

Earlier this week, a newly discovered Android spyware family dubbed 'RatMilad' has been observed trying to infect an enterprise device in the Middle East. It appears that the discovery comes from security researchers at Zimperium, who said the original variant of the previously unknown RatMilad spyware hid behind a VPN and phone number spoofing app called Text Me. In recent news, after identifying the RatMilad spyware, the Zimperium team also uncovered a live sample of the...

Earlier today, WhatsApp parent company Meta announced that they are suing three Chinese developers for allegedly tricking users into downloading fake versions of the app that harvested their login details. It appears that WhatsApp and Meta are listed as plaintiffs in the case, filed in the US District Court for the Northern District of California this week, against Hong Kong’s Rockey Tech HK and Beijing Luokai Technology, and Taiwan’s ChitChat Technology. Reports have said the...

Adarma has today announced the expansion of its executive team to support the business at a time of rapid growth. The additions to the company include Niall O’Sullivan, Chief Finance and Operations Officer; Sarah Coleman, Chief People Officer; and Dan Baker, Chief Delivery Officer, all of whom bring valuable experience in driving business transformation. The appointment of these three critical roles is indicative of the growth journey Adarma has been on to transform the shape...

Earlier this morning, Chartered Institute of Information Security (CIISec) announced the launch of a new initiative aimed at attracting talent, developing skills and encouraging best practices in the UK’s nuclear industry. Reports have said that the Nuclear Sector Hub will be led by Mark Kendrew, CISO of the National Nuclear Laboratory, and is set to focus on the key challenges which may be exposing the sector to unnecessary cyber risk. The new initiative will look...

Earlier this week, KFC and McDonald's customers were targeted via phishing campaigns across Saudi Arabia, UAE and Singapore, with payment details of some of them successfully stolen by attackers. Security researchers at CloudSEK were the first to spot that these campaigns worked via a domain impersonating the Google Play Store and displaying a malicious, browser–based application for Chrome. They found that after landing on the malicious URL and clicking on the download button, the text...

Earlier last week, Microsoft announced that they are working on updating Microsoft Defender for Office 365 to allow Microsoft Teams users to alert their organization's security team of any dodgy messages they receive. As of now, Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection or Office 365 ATP) protects organizations from malicious threats from email messages, links, and collaboration tools. It appears that this in-development feature aims to allow admins to filter...

Earlier today, the second largest school district in the US has warned that hackers have begun posting data they claim to have stolen from the institution last month In early September. the Los Angeles Unified School District (LAUSD), which serves over 600,000 students from kindergarten to twelfth grade, was compromised by the Vice Society group. For now, it’s unclear exactly how much or what type of data may now have been exposed by the group, although...

Yesterday, data breach notification website Leakbase said someone allegedly hacked the Swachhata Platform in India and stole 16 million user records. Security researchers at CloudSEK , reported the news as they discovered a post by Leakbase sharing data samples containing personally identifiable information (PII), including email addresses, hashed passwords and user IDs. Earlier this week, an advisory published by CloudSEK reported that 6GB of compromised data from the  Swachhata Platform – an initiative in association...

Earlier this week, researchers at security firm Cisco Talos discovered a malicious campaign in August 2022 that relied on modularized attack techniques to deliver Cobalt Strike beacons and used them in follow–on attacks. It was reported that the company published a new advisory about the campaign on Wednesday saying the threat actors behind it used a phishing email impersonating either a government organization in the US or a trade union in New Zealand with a malicious...

Optus, an Australian telecoms provider, has become the latest high-profile victim of a data breach - with the alleged attacker demanding payment to buy back millions of customer records, having already made 10,000 public online.  In the most recent developments, the attacker has now rescinded threats and deleted them from a data breach website. However, it does not change the fact that someone was able to access these customer records, including names, dates of birth,...