Cyber News Weekly 2019
16 – 23 April 2019
FINANCE INDUSTRY
16 – 23 April 2019
Russian cybercriminal group TA505 is spreading remote access trojans (RAT) against financial entities worldwide, especially the US since December 2018.
Read More
GOVERNMENT SECTOR
16 – 23 April 2019
An ongoing DNS hijacking campaign known as Sea Turtle has compromised at least 40 organisations across 13 countries in the Middle East and North Africa.
Read More
TRANSPORT INDUSTRY
16 – 23 April 2019
A ride-hailing company in Iran called Tap30 exposed the personal information of some 300,000 drivers when its Mongo database was inadvertently exposed on the Internet.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
16 – 23 April 2019
A successful ransomware attack was able to knock the Weather Channel off the air and interrupted live TV broadcast for 90 minutes.
Read More
EDUCATION INDUSTRY
16 – 23 April 2019
A former student of a university in New York, US, destroyed more than 60 computers by using a USB killer that would physically damage the computers' electrical system.
Read More
HEALTHCARE INDUSTRY
16 – 23 April 2019
The medical records and personal information of some 150,000 patients could have been exposed after a rehabilitation centre in Ohio failed to secure its Elastic Search database.
Read More
16 – 23 April 2019
A large-scale malvertising campaign prior to the Easter holiday targeted iPhone and iPad users in the US by exploiting a vulnerability in the Chrome browser for iOS to serve pop-up advertisements.
Read More
Cyber News Weekly 2019
09 – 16 April 2019
FINANCE INDUSTRY
09 – 16 April 2019
North Korean state-sponsored group, Lazarus (aka Hidden Cobra), has been planting a new backdoor dubbed HOPLIGHT to maintain persistence in compromised systems.
Read More
GOVERNMENT SECTOR
09 – 16 April 2019
An unknown threat group is using a sophisticated cyber espionage platform known as TajMahal to steal information from a diplomatic entity in Central Asia.
Read More
TRANSPORT INDUSTRY
09 – 16 April 2019
An application that lets users control their car remotely has administrator credentials hardcoded into its source code, leaving tens of thousands of cars vulnerable to hackers.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
09 – 16 April 2019
A recent study discovered that most hotel websites leaked customers' personal data when sharing hotel booking information with advertisers and analytics companies.
Read More
EDUCATION INDUSTRY
09 – 16 April 2019
Two high school students in the US took down their school Wi-Fi signal to avoid taking tests and doing school work.
Read More
HEALTHCARE INDUSTRY
09 – 16 April 2019
A hospital in the US suffered a data breach when an unauthorised third-party hacked into several employee email accounts.
Read More
09 – 16 April 2019
A recent report on distributed-denial-of-service (DDoS) attack landscape reveals that there is a direct correlation between cryptojacking and DDoS attacks.
Read More
Cyber News Weekly 2019
02 – 09 April 2019
FINANCE INDUSTRY
02 – 09 April 2019
The FIN6 cybercriminal group, which typically targets payment card details, has started attacking non-finance entities by using ransomware to extort compromised organisations.
Read More
GOVERNMENT SECTOR
02 – 09 April 2019
UK National Cyber Security Centre (NSCS) revealed that Iranian hackers had launched a series of coordinated attacks against key UK infrastructure since December 2018.
Read More
TRANSPORT INDUSTRY
02 – 09 April 2019
Vietnamese company, FastGo, who is a new entrant in Singapore's ride-hailing market has accidentally exposed the email addresses of about 300 drivers.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
02 – 09 April 2019
One of the largest beverage suppliers in the US, Arizona Beverages, suffered a ransomware attack that shut down its sales operations when more than 200 servers and computers were affected.
Read More
EDUCATION INDUSTRY
02 – 09 April 2019
Unknown threat actors have hacked into the Georgia Institute of Technology (Georgia Tech) in the US and accessed a central database containing the personal information of up to 1.3 million people, including current and former faculty, staff, students and student applicants.
Read More
HEALTHCARE INDUSTRY
02 – 09 April 2019
German pharmaceutical company, Bayer, has contained a cyber attack that it believes originates from China.
Read More
02 – 09 April 2019
The London Blue cybercriminal group has expanded its business email scam (BEC) operations to include Asia Pacific, targeting countries such as Hong Kong, Singapore, Malaysia and Australia.
Read More
Cyber News Weekly 2019
26 March – 02 April 2019
FINANCE INDUSTRY
26 March – 02 April 2019
Three cryptocurrency exchanges were hacked within a seven-day period, resulting in a total estimated loss of US$65 million.
Read More
GOVERNMENT SECTOR
26 March – 02 April 2019
The Nigerian National Assembly website has been serving a DHL-themed phishing page since Jun 2017 that seeks to harvest DHL account credentials for sale in the dark web.
Read More
TRANSPORT INDUSTRY
26 March – 02 April 2019
Toyota Motor Corp. suffered a second data breach in five weeks when hackers accessed a network server containing the information of some three million customers.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
26 March – 02 April 2019
A major US hospitality firm, Earl Enterprises, has exposed at least two million payment cards details skimmed from Point-of-Sales (PoS) devices deployed at more than 100 restaurants.
Read More
EDUCATION INDUSTRY
26 March – 02 April 2019
Untrained staff and students inadvertently sharing information or clicking on links presents the biggest cybersecurity threat against the Education sector in the US.
Read More
HEALTHCARE INDUSTRY
26 March – 02 April 2019
Secur Solutions Group, a Health Sciences Authority contracted vendor, has revealed that the vulnerable server holding Singapore's blood donor database was illegally accessed from several IP addresses and possibly extracted.
Read More
26 March – 02 April 2019
Several threat groups are actively exploiting a recently patched vulnerability in WinRAR, a 23-year-old file archival utility used by over 500 million users worldwide.
Read More
Cyber News Weekly 2019
19 – 26 March 2019
FINANCE INDUSTRY
19 – 26 March 2019
The FIN7 cybercriminal group's activities continued unabated despite the arrest of three prominent group members in August 2018.
Read More
GOVERNMENT SECTOR
19 – 26 March 2019
Some 50,000 Singapore government email accounts are being sold on the Dark Web over the last two years, but majority of the credentials are either outdated or bogus.
Read More
TRANSPORT INDUSTRY
19 – 26 March 2019
A former government employee was charged for unauthorised intrusion into a US Federal Motor Carrier Safety Administration's database to obtain sensitive information for his current work at a transport safety company.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
19 – 26 March 2019
Popular Content Management System (CMS) WordPress is urging site owners to upgrade two vulnerable plugins that are being actively exploited in the wild. The Easy WP SMTP plugin (version 1.3.9), with 300,000 active installations, contains a bug that lets hackers modify a vulnerable website's overall setting.
Read More
EDUCATION INDUSTRY
19 – 26 March 2019
A British school in Dubai has warned parents about possible phishing attempts after it successfully defended against a password spraying attack targeting staff accounts.
Read More
HEALTHCARE INDUSTRY
19 – 26 March 2019
Medical device maker Medtronic has warned that its heart defibrillators are prone to manipulation, which may result in life threatening situation for users.
Read More
19 – 26 March 2019
Norwegian firm Norsk Hydro, one of the world largest aluminium producer, suffered a ransomware attack that shut down its production facilities across the globe.
Read More
Cyber News Weekly 2019
12 – 19 March 2019
FINANCE INDUSTRY
12 – 19 March 2019
A recent United Nation Security Council report indicated that North Korea had circumvented international sanctions by stealing millions from financial institutions and cryptocurrency exchanges.
Read More
GOVERNMENT SECTOR
12 – 19 March 2019
Indonesia's National Election Commission has revealed that hackers are targeting the voter database ahead of the Presidential and Legislative elections scheduled to take place on 17 April.
Read More
TRANSPORT INDUSTRY
12 – 19 March 2019
A malspam campaign is using the recent Boeing 737 Max 8 crash in Ethiopia to spread the H-Worm remote access tool and Adwind information stealer.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
12 – 19 March 2019
Point-of-sale (PoS) malware, which used to be only available through private sales are increasingly being sold in dark web marketplaces.
Read More
EDUCATION INDUSTRY
12 – 19 March 2019
A school in the UK suffered a ransomware attack after a staff opened a phishing email attachment that triggered the infection.
Read More
HEALTHCARE INDUSTRY
12 – 19 March 2019
Singapore's Health Sciences Authority (HSA) has apologised to some 800,000 blood donors after a third-party vendor, who was handling data update, left a database unsecured without a password since 4 January.
Read More
12 – 19 March 2019
A new Mirai botnet variant has emerged since January 2019 with 27 built-in exploits to enslave vulnerable IOT devices such as routers, modems, security cameras, DVRs, smart signage TVs and wireless presentation systems.
Read More
Cyber News Weekly 2019
05 – 12 March 2019
FINANCE INDUSTRY
05 – 12 March 2019
A recent survey reveals that cybercriminals targeting the finance industry are becoming more sophisticated and taking counter-measures to thwart responders rather than just avoiding detection.
Read More
GOVERNMENT SECTOR
05 – 12 March 2019
Jackson County in Georgia, US, suffered a Ryuk ransomware attack that crippled government operation since 1 March and forced a US$400,000 ransom payment to decrypt affected files.
Read More
TRANSPORT INDUSTRY
05 – 12 March 2019
Up to three million vehicles installed with the Viper or Pandora car alarms could be hacked remotely due to an insecure direct object reference vulnerability at the associated applications.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
05 – 12 March 2019
A marketing company called Verification.io has exposed over two billion records containing email addresses, phone numbers and business leads when its Mongo database was left unsecured without a password.
Read More
EDUCATION INDUSTRY
05 – 12 March 2019
Chinese hackers have targeted at least 27 universities in the US, Canada and Southeast Asia since 2017 to steal research about maritime technology developed for military use.
Read More
HEALTHCARE INDUSTRY
05 – 12 March 2019
A new threat group dubbed Whitefly has targeted organisations based in Singapore from 2017 to mid-2018 and could be responsible for the SingHealth cyber attack in July 2018.
Read More
05 – 12 March 2019
Google's Threat Analysis Group has revealed that the Chrome patch issued on 1 March was to address a zero-day vulnerability (CVE-2019-5786) that was used together with a Windows 7 zero-day flaw to run malicious code in vulnerable systems.
Read More
Cyber News Weekly 2019
26 February – 05 March 2019
FINANCE INDUSTRY
26 February – 05 March 2019
An ongoing point-of-sales (POS) malware campaign has been targeting finance, and insurance organisations in the US, Japan and India since February 2019.
Read More
GOVERNMENT SECTOR
26 February – 05 March 2019
The operators behind the DanaBot trojan have been spear phishing employees at an Australian government agency, with intentions to gain a foothold in the targeted network.
Read More
TRANSPORT INDUSTRY
26 February – 05 March 2019
The International Civil Aviation Organization (ICAO) apparently suffered a large-scale cyberattack in 2016 that affected its web and email servers.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
26 February – 05 March 2019
Hackers from the Anonymous group defaced multiple Israeli websites, including the webpages of Israeli cities and major news agencies, to post a political message supporting Palestine.
Read More
EDUCATION INDUSTRY
26 February – 05 March 2019
A Nigerian-based group called Scarlet Widow has recently switched from phishing large corporations to attacking education institutions and non-profit organisations.
Read More
HEALTHCARE INDUSTRY
26 February – 05 March 2019
The University of Connecticut Health Center recently suffered a breach that affected some 326,000 people.
Read More
26 February – 05 March 2019
Adobe has issued an emergency patch for a critical vulnerability (CVE-2019-7816) in Adobe ColdFusion web application development platform that is being exploited in the wild.
Read More
Cyber News Weekly 2019
19 – 26 February 2019
FINANCE INDUSTRY
19 – 26 February 2019
Cybercriminals who have gained a foothold in banks and financial institutions are likely to carry out attacks beyond its initial targets by leveraging on the victim's infrastructure for social engineering.
Read More
GOVERNMENT SECTOR
19 – 26 February 2019
APT 28 (aka Fancy Bear, Sofacy, Sednit) is targeting political organisations, think tanks and non-profit organisations engaged in the May 2019 European Parliament election.
Read More
TRANSPORT INDUSTRY
19 – 26 February 2019
The British Airways Entertainment System installed on Boeing 777-36N(ER) and possibly other aircraft, is vulnerable to a privilege escalation flaw tracked as CVE-2019-9019.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
19 – 26 February 2019
A US-based point-of-sales (POS) solution provider, North Country Business Products (NCBP), recently discovered a data breach that exposed customers' payment information at 137 US restaurants.
Read More
EDUCATION INDUSTRY
19 – 26 February 2019
Bangladeshi police have arrested two students for hacking into more than 20 websites and stealing 36GB of files from the victims.
Read More
HEALTHCARE INDUSTRY
19 – 26 February 2019
A private hospital in Melbourne, Australia, was unable to access its patient database for three weeks after a ransomware scrambled the server containing the patients' medical database.
Read More
19 – 26 February 2019
Formjacking has overtaken ransomware and cryptojacking as the top cyber threat of 2018. Formjacking is the use of malicious JavaScript code to steal payment details from e-commerce checkout pages.
Read More
Cyber News Weekly 2019
12 – 19 February 2019
FINANCE INDUSTRY
12 – 19 February 2019
Malta's largest bank, Bank of Valetta (BOV) was forced to suspend all operations after hackers broke into its systems and transferred US$14.6 million overseas.
Read More
GOVERNMENT SECTOR
12 – 19 February 2019
Pakistani Ministry of Foreign Affairs websites in several countries were inaccessible following rising tensions in the northern Indian state of Jammu and Kashmir.
Read More
TRANSPORT INDUSTRY
12 – 19 February 2019
An ongoing phishing scheme is harvesting email credentials from transportation contractors by spoofing the Texas Department of Transportation (TxDOT) bidding portal.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
12 – 19 February 2019
An anonymous email service provider, VFEmail, suffered a ransomware attack that wiped out 18 years' worth of customer emails, including data held in backup servers.
Read More
EDUCATION INDUSTRY
12 – 19 February 2019
Stanford University is hit by a second data breach in 15 months, exposing student's personal information via a student portal known as NolijWeb. The portal, which has reached end-of-life and is pending replacement, is a content management repository that stores admission-related documents.
Read More
HEALTHCARE INDUSTRY
12 – 19 February 2019
A US healthcare provider was able to stop a targeted GandCrab ransomware attack by adopting layered defence to protect its data and resources.
Read More
12 – 19 February 2019
A hacker known as Gnosticplayers has released a third round of stolen accounts for sale in Dream Market.
Read More
Cyber News Weekly 2019
4 – 12 February 2019
FINANCE INDUSTRY
4 – 12 February 2019
IcedID trojan operators have been targeting e-commerce vendors in the US to steal access credentials and payment card data since November 2018.
Read More
GOVERNMENT SECTOR
4 – 12 February 2019
Australia is investigating an intrusion attempt against its Federal Parliament network to determine if any information is stolen during the attack.
Read More
TRANSPORT INDUSTRY
4 – 12 February 2019
Several major airlines are exposing passengers’ personal information by sending check-in links over HTTP instead of HTTPS. These links are typically sent via email or SMS and they are used to initiate the check-in process.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
4 – 12 February 2019
An ongoing phishing campaign is using Google Translate to hide the real phishing domain that is designed for stealing Google and Facebook login credentials.
Read More
EDUCATION INDUSTRY
4 – 12 February 2019
Public schools in the US reported 122 cybersecurity incidents in 2018, of which nearly 60% resulted in students' personal data being compromised.
Read More
HEALTHCARE INDUSTRY
4 – 12 February 2019
CarePartners, a Canadian home care service provider, is still trying to contain the fallout from a data breach that took place in June 2018.
Read More
4 – 12 February 2019
The login credentials from 16 compromised websites are now available for sale in the darknet market for a total estimated price of US$20,000 in Bitcoin.
Read More
Cyber News Weekly 2019
29 January – 4 February 2019
FINANCE INDUSTRY
29 January – 4 February 2019
India's largest bank, State Bank of India (SBI), has leaked the financial records belonging to millions of customers after failing to secure a Mongo database with a password.
Read More
GOVERNMENT SECTOR
29 January – 4 February 2019
OceanLotus (APT 32) has been targeting private sectors across multiple industries and foreign governments to install a custom downloader known as KerrDown.
Read More
TRANSPORT INDUSTRY
29 January – 4 February 2019
Aircraft manufacturer, Airbus, is investigating a cyber incident and data breach at its commercial aircraft business after intruders gained access to employees' personal information.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
29 January – 4 February 2019
Insecure third-party extensions in Magento e-commerce platform have been identified as the main source of Magento hacks for the last three months, affecting several thousand stores.
Read More
EDUCATION INDUSTRY
29 January – 4 February 2019
A trojan known as XinGe (鑫哥) has infected at least 75,000 computers at nine universities and over 60 Internet cafes in China.
Read More
HEALTHCARE INDUSTRY
29 January – 4 February 2019
A healthcare organisation based in California, US, suffered two phishing attacks in November 2018 and January 2019 and exposed an unknown number of medical records and employee data.
Read More
29 January – 4 February 2019
On 1 Feb 2019, major DNS software and service providers have ceased implementing DNS resolver workarounds for systems that are non-compliance with the Extension to DNS (EDNS) protocol.
Read More
Cyber News Weekly 2019
22-29 January 2019
FINANCE INDUSTRY
22-29 January 2019
Threat actors, probably from the financially-motivated Cobalt Group, have been using Google Cloud Platform (GCP) for distributing malware to government and financial institutions worldwide.
Read More
GOVERNMENT SECTOR
22-29 January 2019
Recent research has indicated possible linkages between two prolific advanced persistent threat groups that likely operate out of Russia.
Read More
TRANSPORT INDUSTRY
22-29 January 2019
Hackers from the Syrian Revolutionary Group defaced the Beirut Rafik Hariri International Airport's website to post a political message accusing Lebanon of mistreating Syrian refugees.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
22-29 January 2019
An online casino group has inadvertently leaked information on 108 million bets, which included users’ personally identifiable information, IP addresses, browser and OS details.
Read More
EDUCATION INDUSTRY
22-29 January 2019
US universities are refraining from using telecom equipment made by Huawei Technologies and other Chinese companies to avoid losing research grant and government funding.
Read More
HEALTHCARE INDUSTRY
22-29 January 2019
Singapore's Ministry of Health (MOH) suffered a data breach, which exposed a sensitive database containing information of some 14,200 HIV positive individuals.
Read More
22-29 January 2019
The US Department of Homeland Security has issued an emergency directive to halt a widespread domain name system (DNS) hijack campaign.
Read More
Cyber News Weekly 2019
15–22 January 2019
FINANCE INDUSTRY
15–22 January 2019
West African financial institutions have been targeted in a series of cyber attacks that leverage living off the land tactics and off-the-shelf, commodity malware.
Read More
GOVERNMENT SECTOR
15–22 January 2019
A US government department which deals with securities cases and investigation exposed an estimated 3TB of data that included personally identifiable information, email exchanges and FBI investigation records.
Read More
TRANSPORT INDUSTRY
15–22 January 2019
The Amadeus ticket booking system contains a vulnerability that allows anyone to access and change private information on flight bookings.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
15–22 January 2019
A new Magecart group, labelled as Group 12, has compromised a French advertising network to distribute card skimming scripts.
Read More
EDUCATION INDUSTRY
15–22 January 2019
The Glasgow Caledonian University (GCU) has warned its staff and students that an ongoing phishing campaign is collecting email credentials to take over accounts for malicious purposes.
Read More
HEALTHCARE INDUSTRY
15–22 January 2019
Health Sciences North (HSN), a public hospital and academic health science centre in Ontario, Canada, suffered a malware attack that forced its IT systems to shut down as a precaution to contain the outbreak.
Read More
15–22 January 2019
A huge collection of exposed login credentials totalling 87GB was recently discovered in file hosting service, Mega.nz.
Read More
Cyber News Weekly 2019
08-15 January 2019
FINANCE INDUSTRY
08-15 January 2019
The Hong Kong credit bureau of Chicago-based TransUnion apologised after it discovered that unauthorised individuals could access mortgage information on its website. However, TransUnion refused to admit that any data leak had happened.
Read More
GOVERNMENT SECTOR
08-15 January 2019
Australian government contractors were recently targeted in a new tender-themed phishing scam that sought to lure users into divulging their account credentials by registering for eligibility to bid on commercial projects in 2019.
Read More
TRANSPORT INDUSTRY
08-15 January 2019
The Singapore Airlines (SIA) has warned customers of a phishing scam that offers free air tickets while requesting for personal information.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
08-15 January 2019
Daniel Kaye, the British hacker who knocked the whole of Liberia offline by carrying out a powerful cyberattack on Liberia’s leading internet company Lonestar in 2016, has been jailed. Kaye had been hired by an employee working for Cellcom, a competitor of Lonestar, to attack Lonestar in 2015.
Read More
EDUCATION INDUSTRY
08-15 January 2019
The University of Kentucky in Kentucky, United States, was targeted in a new gift card email scam in which scammers impersonated a university executive and requested for gift cards.
Read More
HEALTHCARE INDUSTRY
08-15 January 2019
Integrated Health Information Systems (IHiS) has fired two employees and imposed a ‘significant’ financial penalty on five members of its senior management over the SingHealth cyberattack, which exposed the personal information of 1.5 million patients.
Read More
08-15 January 2019
This week we received reports on two prominent APT groups – APT 10 and an unnamed group with connections to Iran.
Read More
Cyber News Weekly 2019
31 December-08 January 2019
FINANCE INDUSTRY
31 December-08 January 2019
Hacker group TA554 has been using the sLoad dropper to distribute the Ramnit banking trojan in attacks targeted at financial institutions in the UK and Italy.
Read More
GOVERNMENT SECTOR
31 December-08 January 2019
Unknown attackers had been publishing stolen personal data from approximately 1,000 German politicians, including Chancellor Angela Merkel, on Twitter since December.
Read More
TRANSPORT INDUSTRY
31 December-08 January 2019
The personal details of 285 KrisFlyer members were exposed due to a software glitch affecting Singapore Airlines’ (SIA) website. The breach happened when any two KrisFlyer members accessed transactions displaying their membership information at the same time, while also being assigned the same server by the system.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
31 December-08 January 2019
South Korea’s Ministry of Unification said that 77 reporters of the ministry’s press corps that cover relations with North Korea received an email with a compressed file attachment, which contained two malicious executable files disguised as PDF and HWP files.
Read More
EDUCATION INDUSTRY
31 December-08 January 2019
At least three employees of Wichita State University in Kansas, United States, lost their paychecks after falling prey to a phishing email with a malicious link.
Read More
HEALTHCARE INDUSTRY
31 December-08 January 2019
Chaplaincy Health Care, a hospice in Washington, United States, suffered a breach in late November after an employee fell prey to a phishing attack in which attackers stole his or her email login credentials.
Read More
31 December-08 January 2019
Hackers had a blast in 2018. How about cybersecurity providers and other companies?
Read More
Cyber News Weekly 2018
24-31 December 2018
FINANCE INDUSTRY
24-31 December 2018
The Electrum wallet suffered a phishing attack that led to a loss of 245 bitcoins (S$1,261,664).
Read More
GOVERNMENT SECTOR
24-31 December 2018
A computer at a state-run resettlement centre in North Gyeongsang province, South Korea, was hacked by unknown hackers, exposing the personal data of approximately 1,000 North Korean defectors.
Read More
TRANSPORT INDUSTRY
24-31 December 2018
Researchers found that attackers had been targeting the Italian automotive sector with RevengeRAT malware.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
24-31 December 2018
A cyberattack hit a shared newspaper production platform in Los Angeles, United States, and disrupted distribution for several news outlets, including the Los Angeles Times, Chicago Tribune, and Baltimore Sun.
Read More
EDUCATION INDUSTRY
24-31 December 2018
The Westminster College in Utah, United States, issued a notification saying that the college had been the victim of a phishing attack in which an unauthorised third party gained access to eleven employees’ email accounts.
Read More
HEALTHCARE INDUSTRY
24-31 December 2018
A federal judge has approved a settlement between Alabama-based Flowers Hospital and the 1,200 patients whose data had been stolen from the hospital in 2014.
Read More
24-31 December 2018
Hackers had a blast in 2018. How about cybersecurity providers and other companies?
Read More
Cyber News Weekly 2018
11-18 December 2018
FINANCE INDUSTRY
11-18 December 2018
The Donot APT group, also known as APT-C-35, has been targeting a Pakistani businessman working in China since May.
Read More
GOVERNMENT SECTOR
11-18 December 2018
Researchers discovered a new global campaign dubbed Operation Sharpshooter that targets 87 nuclear, defence, energy, and financial entities across the world.
Read More
TRANSPORT INDUSTRY
11-18 December 2018
The latest edition of a cybersecurity guide published by a conglomerate of 21 international shipping associations and industry groups disclosed several previously unknown cyberattacks that happened on ships and ports.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
11-18 December 2018
Facebook has identified a bug that may have exposed the private photos of up to 6.8 million users.
Read More
EDUCATION INDUSTRY
11-18 December 2018
Analysis published by SecurityScorecard, an information security company based in the United States, shows that the education industry has been ranked the worst in cybersecurity out of 17 major industries in 2018.
Read More
HEALTHCARE INDUSTRY
11-18 December 2018
The Pre-Hospital Emergency Care Council (PHECC), an independent statutory health organisation in Ireland, erroneously exposed the email addresses of 200 job applicants in an email to inform them that their applications had been unsuccessful.
Read More
11-18 December 2018
This week there were multiple reports about cyberattacks on critical information infrastructure sectors around the world, raising concerns about the potential damages on the national security of affected countries.
Read More
Cyber News Weekly 2018
04-11 December 2018
FINANCE INDUSTRY
04-11 December 2018
Researchers found that cybercriminals had raided the ATMs of several East European banks between 2017 and 2018 using a toolkit dubbed KoffeyMaker.
Read More
GOVERNMENT SECTOR
04-11 December 2018
One of the polyclinics of the Presidential Administration of Russia suffered an APT attack at the end of November, after victims received a lure document that exploited an Adobe Flash zero-day (CVE-2018-15982) to download a malware with self-destruction functions.
Read More
TRANSPORT INDUSTRY
04-11 December 2018
TheDarkOverLord hacked Channel Ship Services, a specialist offshore maritime recruitment and placement company operating out of the Channel Islands, and pilfered confidential documents such as seafarer agreements and contracts that specify contractors’ names, passport numbers, wage rates, and other contractual provisions.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
04-11 December 2018
Attackers have been disseminating phishing emails in the name of Netflix to fool unsuspecting recipients.
Read More
EDUCATION INDUSTRY
04-11 December 2018
The Stolen Pencil APT campaign, which has links to North Korea, has been targeting academic institutions since at least May 2018.
Read More
HEALTHCARE INDUSTRY
04-11 December 2018
An error with the keying in of patient information for a patient satisfaction survey at Thielen Student Health Center (TSHC) enabled 600 patients to see the names, appointment dates, and medical providers of other patients.
Read More
04-11 December 2018
While some APT groups have been avoiding the use of custom malware and adopting off-the-shelf tools to minimise suspicion and attribution of attacks, still there are prominent groups that continue to invest heavily in developing and refining custom backdoors, as well as hunting for zero-days.
Read More
Cyber News Weekly 2018
27 November-04 December 2018
FINANCE INDUSTRY
27 November-04 December
Research shows that four North Korean hacker groups – Lazarus, TEMP.Hermit, APT37, and APT38 – continue to attack South Korean companies, financial institutions, and public corporations despite rapprochement between North and South Korea.
Read More
GOVERNMENT SECTOR
27 November-04 December
Russian hacker group Fancy Bear, also known as Sofacy and APT28, has been sending Brexit-themed phishing emails with a macros-laden document that promised information about the recent Brexit negotiations between the UK and the EU.
Read More
TRANSPORT INDUSTRY
27 November-04 December
Customers who used service and emotional support animals claimed that the American budget airline Allegiant Air had violated their privacy by exposing their names and personal email addresses to hundreds of passengers in an email announcing policy changes.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
27 November-04 December
Marriott International, an American multinational hospitality company, said that its Starwood reservation system was hacked, exposing the personal data of up to 500 million customers, including their passport and credit card details.
Read More
EDUCATION INDUSTRY
27 November-04 December
A former PhD student and a university employee have been accused of hacking into the Embry-Riddle Aeronautical University’s system.
Read More
HEALTHCARE INDUSTRY
27 November-04 December
The United States indicted two Iranians for deploying the SamSam ransomware in a major hacking campaign and sanctioned two others for exchanging the ransom payments from Bitcoin into rials.
Read More
27 November-04 December
How did your businesses fare security-wise over Black Friday and Cyber Monday?
Read More
Cyber News Weekly 2018
20-27 November 2018
FINANCE INDUSTRY
20-27 November 2018
The Singapore police and DBS bank cautioned customers of a reappearance of phishing SMSes, after more than 50 DBS customers fell prey to the scam over the past two months.
Read More
GOVERNMENT SECTOR
20-27 November 2018
The Indiana Department of Revenue and the US Internal Revenue Service warned of email scams in which senders posed as the revenue agencies to deceive recipients into downloading the Emotet banking trojan.
Read More
TRANSPORT INDUSTRY
20-27 November 2018
The US Postal Service (USPS) fixed a website flaw that allowed any user who has an account at usps[.]com to view the account details of 60 million users and modify some of them.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
20-27 November 2018
High Tail Hall, an adult furry video game, was hacked in August, exposing the personal data of close to half a million members.
Read More
EDUCATION INDUSTRY
20-27 November 2018
The University of Illinois (UIC) warned of gift cards email scams targeting faculty and employees last week.
Read More
HEALTHCARE INDUSTRY
20-27 November 2018
The Ohio Valley Medical Center and East Ohio Regional Hospital, both owned by parent company Ohio Valley Health Services & Education Corporation, ceased emergency service transports after suffering ransomware attacks last Friday.
Read More
20-27 November 2018
How did your businesses fare security-wise over Black Friday and Cyber Monday?
Read More
Cyber News Weekly 2018
13-20 November 2018
FINANCE INDUSTRY
13-20 November 2018
Two hacker groups – Silence and MoneyTaker – have been targeting Russian financial institutions with phishing emails designed to look like they come from the Central Bank of Russia (CBR) and Financial Sector Computer Emergency Response Team (FinCERT).
Read More
GOVERNMENT SECTOR
13-20 November 2018
Russian hackers have been found impersonating US State Department aides like public affairs specialist Susan Stevenson and government official Heather Nauert in a new phishing operation aimed at infecting computers of US government agencies, think tanks, and businesses.
Read More
TRANSPORT INDUSTRY
13-20 November 2018
Privacy4Cars, the first mobile application designed to eliminate personally identifiable information from modern vehicle infotainment systems, has publicly disclosed a vehicle hack dubbed CarsBlues.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
13-20 November 2018
Malaysia’s leading media group Media Prima, which owns newspapers New Straits Times, Berita Harian and TV3, suffered a ransomware attack in which attackers demanded RM 26 million worth of bitcoins in ransom.
Read More
EDUCATION INDUSTRY
13-20 November 2018
Thousands of students from UK universities have been hit by a significant volume of fake tax refund emails in the past three to four weeks.
Read More
HEALTHCARE INDUSTRY
13-20 November 2018
The Midlands Regional Hospital, a public hospital in Ireland managed by the Irish Government’s Health Service Executive, suffered a ransomware attack that affected its Laboratory Information System and associated IT infrastructure.
Read More
13-20 November 2018
With the festive season approaching, security companies are cautioning consumers and online merchants of the potential surge of cyberattacks over the next two months.
Read More
Cyber News Weekly 2018
05-13 November 2018
FINANCE INDUSTRY
05-13 November 2018
HSBC Bank’s American clients were hit by a data breach after hackers obtained access to customers’ account information, statement and transaction histories, and personal data between 04 and 14 October.
Read More
GOVERNMENT SECTOR
05-13 November 2018
Malaysia’s centre-left multiracial political party Parti Keadilan Rakyat (PKR), led by Anwar Ibrahim, suspended the voting results from Julau division in Sarawak after the tablets used for voting were allegedly compromised with a malicious anti-theft software called Prey Anti Theft.
Read More
TRANSPORT INDUSTRY
05-13 November 2018
The delivery tracking tool of the Canada Post, the primary postal operator in Canada, was hacked by an unidentified individual.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
05-13 November 2018
Reporters Without Borders (RSF), an international non-profit organisation that conducts political advocacy on issues relating to freedom of information and freedom of the press, has called on journalists to stay vigilant after a dissident Saudi reporter repeatedly received phishing emails in which hackers impersonated journalists and attempted to trick him into clicking malicious links.
Read More
EDUCATION INDUSTRY
05-13 November 2018
Scotch College, a private boys’ school in Melbourne, Australia, has cautioned parents of an email scam asking them to send college fees to a different bank account.
Read More
HEALTHCARE INDUSTRY
05-13 November 2018
Huntsville Hospital in Alabama, United States, has disclosed Jobscience’s data breach, which may have involved information of individuals who applied for jobs at the hospital.
Read More
05-13 November 2018
As the festive season approaches, more shoppers are going online to shop for year-end gifts and snap up commodities on festive promotions.
Read More
Cyber News Weekly 2018
30 October - 05 November 2018
FINANCE INDUSTRY
30 October - 05 November 2018
Turkish police arrested 11 suspects in an alleged hack of cryptocurrency accounts that led to a loss of more than US$80,000.
Read More
GOVERNMENT SECTOR
30 October - 05 November 2018
Austral, an Australian shipbuilder and defence contractor, has reported a data breach in which personnel files from its data management system were hacked by an unknown hacker.
Read More
TRANSPORT INDUSTRY
30 October - 05 November 2018
Eurostar, a high-speed railway service that connects London with other European countries, has reset customer passwords after detecting attempts to hack into customer accounts.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
30 October - 05 November 2018
Federal Group, a privately-owned family company that operates casino, tourism, and retail assets in Tasmania, Australia, suffered a data breach after hackers compromised a third-party email distribution service and disseminated spam emails to customers.
Read More
EDUCATION INDUSTRY
30 October - 05 November 2018
Kristi Sims, a former contractor who handled administrative tasks for the Office of Safety and Security at Chicago Public Schools, was arrested last Thursday after stealing information of 80,000 employees, volunteers, and vendors from a database.
Read More
HEALTHCARE INDUSTRY
30 October - 05 November 2018
The attackers behind the SamSam ransomware remain highly active this year, having had targeted 67 different targets, most of which are in the US and belong to the healthcare sector.
Read More
30 October - 05 November 2018
Some observers may argue that ransomware is no longer the most prevalent malware this year after being overtaken by crypto miners, but ransomware is not any less sophisticated and damaging than before.
Read More
Cyber News Weekly 2018
23 – 30 October 2018
FINANCE INDUSTRY
23 – 30 October 2018
A Pakistani bank known as Bank Islami has allegedly lost US$6 million during a cyber heist involving fraudulent debit card transactions originating from the US and Brazil.
Read More
GOVERNMENT SECTOR
23 – 30 October 2018
A Moscow-based laboratory, Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM), has been linked to the Triton malware that disrupted production at a Saudi Arabian critical infrastructure facility in December 2017.
Read More
TRANSPORT INDUSTRY
23 – 30 October 2018
Hong Kong's Cathay Pacific Airways has suffered a data breach that may affect as many as 9.4 million customers.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
23 – 30 October 2018
The adaptive Magecart group continues to devise new methods for injecting its skimmer script at online retail stores.
Read More
EDUCATION INDUSTRY
23 – 30 October 2018
Schools in New Zealand have reported a surge in cyber attacks that aim to take down school websites through distributed denial of service (DDoS) attacks.
Read More
HEALTHCARE INDUSTRY
23 – 30 October 2018
Phishing attacks continue to pose significant threats to the healthcare sector as the vector is often associated with compromised credentials that can lead to attacks such as ransomware and business email compromise.
Read More
23 – 30 October 2018
A researcher by the Twitter handle SandboxEscaper has released another zero-day vulnerability on social media without first coordinating disclosure with the vendor.
Read More
Cyber News Weekly 2018
16-23 October 2018
FINANCE INDUSTRY
16-23 October 2018
Hackers defaced the Future Investment Initiative website and left messages that criticised the Saudi regime over the alleged killing of journalist Jamal Khashoggi, the war in Yemen, and financing terrorism.
Read More
GOVERNMENT SECTOR
16-23 October 2018
Researchers discovered an espionage campaign dubbed Operation Oceansalt that targets Koreans using an unknown data reconnaissance implant, which appears to be a reuse of code from the Seasalt implant previously linked to Chinese hacker group Comment Crew.
Read More
TRANSPORT INDUSTRY
16-23 October 2018
Researchers found four several authentication and encryption firmware vulnerabilities in marine diesel engine controllers and their Android applications by Norwegian marine supplier Auto-Maskin.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
16-23 October 2018
A group of hacktivists dubbed the Ghost Squad Hackers has claimed responsibility for a Distributed Denial of Service (DDoS) attack that took YouTube offline last week.
Read More
EDUCATION INDUSTRY
16-23 October 2018
The Durham University’s employee data had been compromised after its benefits portal, which is supplied by food services and facilities management firm Sodexo, was hacked.
Read More
HEALTHCARE INDUSTRY
16-23 October 2018
The Health Promotion Board’s (HPB) HealthHub portal had been hacked over four days between September and October. The attack was discovered after a user suspected that her account had been accessed without her authorisation.
Read More
16-23 October 2018
This week, we received several reports about router vulnerabilities.
Read More
Cyber News Weekly 2018
09-16 October 2018
FINANCE INDUSTRY
09-16 October 2018
The Ministry of Finance issued an advisory on how to spot fake SG Bonus SMSes that have been circulating of late. The fake SMSes state the sender’s name as Gov.sg and include the link ‘sg-gov[.]com’.
Read More
GOVERNMENT SECTOR
09-16 October 2018
Unidentified hackers had breached travel records at the U.S. Department of Defense, giving them access to the personal and credit card information of as many as 30,000 military and civilian personnel.
Read More
TRANSPORT INDUSTRY
09-16 October 2018
Researchers found that more than 30 systems used by airlines to analyse data from airplane sensors were available online and could be used to pivot into datacentre systems and servers vulnerable to legacy security issues.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
09-16 October 2018
Penguin Random House North America and Pan Macmillan have warned of a series of phishing attacks targeted at stealing manuscripts.
Read More
EDUCATION INDUSTRY
09-16 October 2018
A schoolgirl at Manor Lakes P-12 College in Melbourne, Australia, discovered confidential student files on her iPad’s Google Documents folder that contained photos, medical details, and family information of other students at the school.
Read More
HEALTHCARE INDUSTRY
09-16 October 2018
The Committee of Inquiry (COI) into the SingHealth cyberattack in June heard that the attacker had installed a customised malware that had not been seen elsewhere and used modified open source tools that evaded anti-virus software.
Read More
09-16 October 2018
The recent attacks on financial institutions, healthcare institutions, and government organisations in Singapore and around the world have thrust APT groups into the limelight again.
Read More
Cyber News Weekly 2018
02-09 October 2018
FINANCE INDUSTRY
02-09 October 2018
The Monetary Authority of Singapore (MAS) has warned the public of phishing emails impersonating the authority to deceive recipients into disclosing personal and financial information.
Read More
GOVERNMENT SECTOR
02-09 October 2018
A French police officer who worked for a French intelligence agency had sold sensitive police files in a dark web market known as Black Hand, allowing criminals to create forged documents using the stolen files.
Read More
TRANSPORT INDUSTRY
02-09 October 2018
Hackers have been using fake sites that closely resemble that of the Japanese delivery company Sagawa to spread a new FakeSpy Android malware variant. One of the fake sites has no SSL certificate and its page layout is broken.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
02-09 October 2018
The Islam Channel, a UK-based TV station that streams programmes into Russia and Central Asia, said that Russian intelligence agents had launched a cyberattack on the station in July 2015, giving hackers full control over the broadcaster’s computer networks and infrastructure.
Read More
EDUCATION INDUSTRY
02-09 October 2018
University of Hawaii employees were targeted by a phishing attack that impersonated university officials to deceive victims into disclosing personal information.
Read More
HEALTHCARE INDUSTRY
02-09 October 2018
The Committee of Inquiry (COI) into the SingHealth cyberattack in June heard that the attacker had installed a customised malware that had not been seen elsewhere and used modified open source tools that evaded anti-virus software.
Read More
02-09 October 2018
The recent attacks on financial institutions, healthcare institutions, and government organisations in Singapore and around the world have thrust APT groups into the limelight again.
Read More
Cyber News Weekly 2018
25 September-02 October 2018
FINANCE INDUSTRY
25 September-02 October 2018
The financially motivated Cobalt Gang has been targeting financial institutions with a new hacking tool dubbed SpicyOmelette, which is typically delivered through a phishing email with a shortened link that downloads the tool.
Read More
GOVERNMENT SECTOR
25 September-02 October 2018
A flawed phone app for the Conservative Party (UK) Conference had allowed members of the public to login as anyone attending the party conference and view and modify their personal information after entering an email address.
Read More
TRANSPORT INDUSTRY
25 September-02 October 2018
The Port of San Diego suffered a ransomware attack that disrupted the port’s information technology systems and public services related to park permits, public records requests, as well as business services.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
25 September-02 October 2018
In the worst breach in Facebook’s history, hackers had stolen access tokens for 50 million accounts by exploiting a previously unknown vulnerability found on Facebook’s ‘View As’ feature.
Read More
EDUCATION INDUSTRY
25 September-02 October 2018
A small number of students from Brighton Secondary School in Adelaide, Australia, hacked the school’s computer systems last Friday using stolen staff login details.
Read More
HEALTHCARE INDUSTRY
25 September-02 October 2018
The Committee of Inquiry (COI) into the SingHealth cyberattack in June heard that the management of Integrated Health Information Systems (IHiS) had not acted on addressing an alleged security loophole discovered in the electronic medical records (EMR) system, which could have contributed to the recent cyberattack.
Read More
25 September-02 October 2018
Popular messaging applications like Telegram and WhatsApp are not void of security risks.
Read More
Cyber News Weekly 2018
18-25 September 2018
FINANCE INDUSTRY
18-25 September
The Monetary Authority of Singapore (MAS) found three fake bitcoin sites that were using the names of Singapore leaders–Prime Minister Lee Hsien Loong and Deputy Prime Minister Tharman Shanmugaratnam–to solicit investments.
Read More
GOVERNMENT SECTOR
18-25 September
Researchers found suspected infection of the Pegasus spyware in 45 countries, including Singapore.
Read More
TRANSPORT INDUSTRY
18-25 September
Comparitech, a UK tech research company, found several dark web marketplaces peddling frequent flyer miles from airline reward programmes, including Kris Flyer, Delta SkyMiles, and British Airways.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
18-25 September
ABS-CBN, one of the largest media and entertainment groups in the Philippines, took down two of its online shopping sites last week after they were found infected by the MageCart skimmer.
Read More
EDUCATION INDUSTRY
18-25 September
The U.S. Department of Education’s financial aid office was hit by a phishing campaign that attempted to obtain access to student accounts at several colleges.
Read More
HEALTHCARE INDUSTRY
18-25 September
Further investigation into the cyberattack on SingHealth, which compromised the personal and health data of 1.5 million patients, showed that the attacker had entered the healthcare group’s network as early as August last year by infecting workstations with malware.
Read More
18-25 September
MageCart skimmer attacks continue to be in the limelight this week. Online tech retailer Newegg and ABS-CBN, one of the largest media and entertainment groups in the Philippines, are the latest MageCart victims after attackers injected the skimmer on their websites to pilfer credit card details.
Read More
Cyber News Weekly 2018
11-18 September 2018
FINANCE INDUSTRY
11-18 September
Amazon is investigating allegations that some of its employees have been leaking internal data to third party merchants in China to help them increase their sales on the e-commerce website.
Read More
GOVERNMENT SECTOR
11-18 September
Government Payment Service Inc., a US credit card payment processing company that serves the government sector, leaked more than 14 million customer records due to a technical issue on its website.
Read More
TRANSPORT INDUSTRY
11-18 September
Bristol Airport in Bristol, UK, suffered a ransomware attack last Friday morning.
Read More
MEDIA AND ENTERTAINMENT INDUSTRY
11-18 September
Chinese cyber espionage group APT10 has been targeting the Japanese media sector by sending spear phishing emails with macros-laden Microsoft Word documents that download a newer version of the UPPERCUT backdoor.
Read More
EDUCATION INDUSTRY
11-18 September
Iranian hackers had hacked into top universities in the United Kingdom and stolen millions of essays, which were subsequently sold to customers in Iran for cash over Telegram and WhatsApp, as well as in the dark web.
Read More
HEALTHCARE INDUSTRY
11-18 September
The Gisborne branch of the Veterinary Enterprises Group, New Zealand’s largest vet company, suffered a ransomware attack last Saturday night that affected all affiliated clinics across the country.
Read More
11-18 September
Microsoft’s Patch Tuesday for September issued security updates to address 61 vulnerabilities, of which 17 have been rated critical.
Read More
Ensign InfoSecurity Singapore
30A Kallang Place
#08-01
Singapore 339213
Tel: +65 6788 2882
Fax: +65 6788 3883