New blog
My latest blog on the scary current phishing trend of conversation hiijacking.
Phishing attacks, end of quarter
As the tax year rolls over into 2019/20, cybercrims have started belching out phishing emails and tax-themed malware, according to infosec researchers.
Proofpoint, one of those companies which keeps a close eye on the world of online badness, "observed the expected seasonal increase in tax-themed campaigns" as Q4FY19 clicked over into Q1FY20, with this year seeing ever more remote-access trojans (RATs) being deployed in the hope of stealing finance-related login details from unwitting marks.
Data Leaks
Stealing data from a company doesn’t have to involve complex hacking techniques. A lot of organizations leave their data wide open for anyone to access and leaks involving this kids of data are constantly in the news.Chinese companies have leaked over 590 million resumes via open databases
Chinese citizens put a lot of faith in Human Recruitment firms to find them employment. CVs contain a ton of sensitive data but these companies never seemed to care enough to protect it correctly. This figure is the result of numerous different leaks so it looks like negligence is common in the countries industry.Georgia Tech reveals data breach, 1.3 million records exposed
The Georgia Institute of Technology has revealed a data breach which has potentially exposed information belonging to 1.3 million employees and students.
This week, Georgia Tech said the security failure occurred due to a web application which was vulnerable to outside entry.
An unknown threat actor managed to access a database connected to the application. The database contained personal information belonging to "some current and former faculty, students, staff and student applicants," according to the academic institution.
Names, addresses, Social Security numbers, and dates of birth may have been exposed.
However, reports suggest that the institute's current enrollment is just under 27,000 students, and so the data breach may have included years' worth of historical data to reach over one million records.
Facebook: We stored hundreds of millions of your passwords in plain text
On the back of a huge password leak a just a few weeks ago, Facebook is back in the news as 540 million leaked user records have surfaced online.Whereas the March breach involved the company storing customer’s data incorrectly on its own servers this new leak involves negligence on the part of Facebook’s partners and the fact that data is often scraped from open or hacked accounts.
The first server contained most of the data, and belonged to Cultura Colectiva, a Mexico-based online media platform operating across Spanish-speaking Latin America countries.
At a size of 146GB, this AWS server stored over 540 million records detailing user account names, Facebook IDs, comments, likes, reactions, and other data used for analyzing social media feeds and user interactions.The second AWS server stored data recorded by the "At the Pool" Facebook game. This included details such as the Facebook user ID, a list of Facebook friends, likes, photos, groups, checkins, and user preferences like movies, music, books, interests, and other, along with 22,000 passwords.
Targeted Attacks
Bayer points finger at Chinese-based group after blocking cyber attackBayer, Germany’s largest drugmaker, said it had contained a cyber attack on its computer networks it believes was hatched in China, highlighting the risk to big business of data theft and disruption.