Attack

Cyber Security Hub takes a deep dive into smart devices and whether they can hold up against cyber attacks targeting them. In December 2022, Cyber Security Hub asked a range of experts to predict what threats would dominate the cyber security threat landscape in 2023. Tina Grant, quality assessor at UK-based aerospace company Aeorspheres, predicted that cyber attacks targeting smart devices would rise. As artificial intelligence (AI) and machine learning (ML) have developed, the technologies have been integrated more fully into smart devices, from lightbulbs and speakers to cars and doorbells. With a predicted 75.4 billion Internet of Things connected…

A cyber attack against the UK postal service Royal Mail which saw the company request that customers stop sending mail abroad via its services has been linked to Russian hackers. Royal Mail informed the public of the cyber attack on January 11, saying it had caused “severe disruption” to the computerized systems used to send mail abroad. The company “immediately launched an investigation into the [cyber] incident” and utilized the help of the UK’s National Cyber Security Centre, Information Commissioner's Office and National Crime Agency to halt further attacks. The system affected by the cyber attack has been used at…

An anonymous plaintiff has filed a class action lawsuit against password management company LastPass after the company suffered two data breaches within four months in 2022. The suit, which was filed by an anonymous plaintiff referred to as ‘John Doe’ with the United States District Court of Massachusetts, alleges that LastPass failed to “exercise reasonable care in securing and safeguarding highly sensitive consumer data”. The lawsuit also alleges that bad actors could “wreak financial havoc on the lives of LastPass users” affected by the breach. The plaintiff has accused LastPass of “likely stor[ing]” the master passwords of users – the…

Malicious actors have been using artificial intelligence (AI)-powered chatbots like OpenAI’s ChatGPT to build malware, dark web sites and other tools for enacting cyber attacks, reserach by threat intelligence company Check Point Research has found.  When asked by Cyber Security Hub, cyber security experts predicted that a top threat to cyber security in 2023 would be crime-as-a-service; platforms where malicious actors can offer their services to those who would otherwise be unable to carry out cyber attacks. With ChatGPT being able to expedite the process of creating malware for free, this could make crime-as-a-service even more lucrative for cyber criminals.…

A large number of UK government ministers and civil servants have been warned that they are vulnerable to hackers after their personal information was posted online and remained visible for months. The personal information for more than 45,000 civil servants was available until March 2020 via the Government Communication Service (GCS) website. The information included names, email addresses, phone numbers and job titles as well as links to social media profiles including Twitter and LinkedIn. The information was removed in March 2020 due to work on the site, although The Times newspaper reported that a message on the site says…

A large number of UK government ministers and civil servants have been warned that they are vulnerable to hackers after their personal information was posted online and remained visible for months. The personal information for more than 45,000 civil servants was available until March 2020 via the Government Communication Service (GCS) website. The information included names, email addresses, phone numbers and job titles as well as links to social media profiles including Twitter and LinkedIn. The information was removed in March 2020 due to work on the site, although The Times newspaper reported that a message on the site says…

A dataset allegedly containing the email addresses and phone numbers of more than 400 million Twitter users has been put up for sale on hacking forum Breached Forums. The dataset was uploaded to Breached Forums on December 23, 2022, by a hacker going by the screen name ‘Ryushi’. The hacker claimed to have collected the data using data scraping techniques and a now-patched vulnerability in the social media site’s software in 2021 and demanded US$200,000 for an “exclusive” sale of the data. Sample of 400 million Twitter breach Alexandria Ocasio-Cortez- SpaceX- CBS Media- Donald Trump Jr.- Doja Cat- Charlie Puth-…

In this round up, we reveal which threat vectors cyber security experts believe will rise to prominence in 2023, and they offer their advice on how best to combat them. When asked in mid-2022 by Cyber Security Hub which threat vectors posed the most dangerous threat to their organizations, 75 percent of cyber security professionals said social engineering and phishing. Since the survey closed, multiple organizations such as Dropbox, Revolut, Twilio, Uber, LastPass and Marriott International have suffered from such attacks further highlighting the importance to cyber security practitioners of staying aware of phishing threat. Read on to find out…

The data breaches LastPass suffered in August and November 2022 resulted in confidential customer information being compromised. In a statement, LastPass explained that the August breach saw a malicious actor steal source code and technical information from LastPass’ development environment that was then used to target an employee. This allowed the hacker to gain access to credentials and keys, which they then used to access LastPass’ third-party cloud storage service in November 2022. Using the keys, the malicious party was able to decrypt some storage volumes within the storage service. After the information was decrypted, the hacker accessed and copied…

This article explains what carding is, how hackers can gain access to payment details and the effects carding cyber attacks can have on businesses. In the first six months of 2022, there were 230,937 credit card fraud reports filed in the US alone, highlighting the growth of carding as a threat vector This article will explore carding, how it operates and the devastating effects it can have on ecommerce businesses. Contents:  What is carding and why you should be aware of it? How do attackers acquire details for carding? The BidenCash carding incident What is carding and why you should…