Category Archives: TOP 10 STORIES

Vulnerable IoT Vacuums, DVRs Put Homes at Risk

The internet of things (IoT) has seen a string of vulnerabilities across multiple devices, the latest of which are new vulnerabilities in Dongguan Diqee 360 robotic vacuum cleaners, which could allow cybercriminals to eavesdrop, perform video surveillance and steal private data, according Positive Technologies.

View Full Story

ORIGINAL SOURCE: Infosecurity Magazine

The post Vulnerable IoT Vacuums, DVRs Put Homes at Risk appeared first on IT SECURITY GURU.

Will this biz be poutine up the cash? Hackers demand dosh to not leak stolen patient records

Hackers say they will leak patient and employee records stolen from a Canadian healthcare provider unless they are paid off. The records include medical histories and contact information for tens of thousands of home-care patients in Ontario, Canada, and belong to CarePartners. The biz, which provides home medical care services on behalf of the Ontario government, admitted last month that it had been hacked, and its documents copied.

View Full Story

ORIGINAL SOURCE: The Register

The post Will this biz be poutine up the cash? Hackers demand dosh to not leak stolen patient records appeared first on IT SECURITY GURU.

Retail cyber security spending ineffective as breaches rise

Half of US retailers experienced a data breach in the past year, up from 19% the year before, according to the retail edition of the 2018 Thales data threat report. This increase drove US retail to the second most breached sector in the US after the federal government, putting it ahead of healthcare and financial services. The increased number of data breaches in the sector means that three-quarters of US retailers polled have experienced at least one data breach, up from 52% a year ago.

View Full Story

ORIGINAL SOURCE: Computer Weekly

The post Retail cyber security spending ineffective as breaches rise appeared first on IT SECURITY GURU.

UK School Software Bug Assigns Kids to the Wrong Parents

IT firm Capita has come clean about a bug in the software it supplies to UK schools that has been mismatching kids with the wrong families since December 2017. According to a message sent to school administrators this week, the bug affects the Schools Information Management System (SIMS), a type of software used by UK schools to keep track of students, their grades, classes, and parent information.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post UK School Software Bug Assigns Kids to the Wrong Parents appeared first on IT SECURITY GURU.

Brit watchdog fines child sex abuse inquiry £200k over mass email blunder

The UK’s data watchdog today issued the Independent Inquiry into Child Sexual Abuse (IICSA) a £200,000 penalty after it sent a bulk email to participants that identified possible victims of historical crimes. The Information Commissioner’s Office (ICO) said IICSA – set up in 2014 to probe the degree to which institutions in England and Wales failed in their duty to protect young people from molestation – had breached the Data Protection Act (DPA) 1998 by not keeping confidential and sensitive personal data secure.

View Full Story

ORIGINAL SOURCE: The Register

The post Brit watchdog fines child sex abuse inquiry £200k over mass email blunder appeared first on IT SECURITY GURU.

New Gmail feature could open more users to phishing risks: Government officials

Google is rolling out a sweeping redesign of its popular Gmail service, but federal cybersecurity authorities warn that a key new feature on the system could make its 1.4 billion users more susceptible to dangerous phishing attacks that compromise users’ vital personal information.

View Full Story

ORIGINAL SOURCE: ABC News

The post New Gmail feature could open more users to phishing risks: Government officials appeared first on IT SECURITY GURU.

Hackers Breach Network of LabCorp, US’ Biggest Blood Testing Laboratories

LabCorp, the US’ biggest blood testing laboratories network, announced on Monday that hackers breached its IT network over the weekend. “At this time, there is no evidence of unauthorized transfer or misuse of data,” the company said. “LabCorp has notified the relevant authorities of the suspicious activity and will cooperate in any investigation.”

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Hackers Breach Network of LabCorp, US’ Biggest Blood Testing Laboratories appeared first on IT SECURITY GURU.

Researchers Mount Successful GPS Spoofing Attack Against Road Navigation Systems

Academics say they’ve mounted a successful GPS spoofing attack against road navigation systems that can trick humans into driving to incorrect locations. The research is of note because previous GPS spoofing attacks have been unable to trick humans, who, in past experiments, often received malicious driving instructions that didn’t make sense or were not in sync with the road infrastructure —for example taking a left on a straight highway.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Researchers Mount Successful GPS Spoofing Attack Against Road Navigation Systems appeared first on IT SECURITY GURU.

UN agency tasks member states on greater attention to cyber security

Babcock International Model United Nations (BIMUN) has urged member states to pay more attention to cyber security and broaden its definition beyond hacking to enhance implementation of broader solutions. It stated this at the simulation of the UN General Assembly First Committee on Disarmament and International Security (DISEC), during the second BIMUN conference, organised by Babcock University, Ilishan Ogun State, in collaboration with the United Nations Information Centre (UNIC), Lagos at the weekend.

View Full Story

ORIGINAL SOURCE: Guardian

The post UN agency tasks member states on greater attention to cyber security appeared first on IT SECURITY GURU.

Kapersky Report: $10 Million in Ether Stolen Through Phishing Last Year

A new report from Kapersky Labs claims that cybercriminals are turning to cryptocurrency as a domain for scams and frauds. The schemes target ICO investors, who are perhaps vulnerable as they are seeking to invest money to begin with. “Kaspersky Lab experts have exposed a relatively new fraudulent trend: the development of cryptocurrency is not only attracting investors, but also cyber-criminals seeking to boost their profits,” reads the report.

View Full Story

ORIGINAL SOURCE: Unhashed

The post Kapersky Report: $10 Million in Ether Stolen Through Phishing Last Year appeared first on IT SECURITY GURU.

WordPress Sites Targeted in World Cup-Themed Spam Scam

Spammers using a ‘spray & pray’ approach to post comments on WordPress powered blogs, forums, says Imperva. WordPress-powered websites are being targeted in a comment spam campaign designed to get users to click on links to sites offering betting services on the 2018 FIFA World Cup games.

View Full Story

ORIGINAL SOURCE: Dark Reading

The post WordPress Sites Targeted in World Cup-Themed Spam Scam appeared first on IT SECURITY GURU.

‘Data is a fingerprint’: why you aren’t as anonymous as you think online

In August 2016, the Australian government released an “anonymised” data set comprising the medical billing records, including every prescription and surgery, of 2.9 million people.

View Full Story

ORIGINAL SOURCE: The Guardian

The post ‘Data is a fingerprint’: why you aren’t as anonymous as you think online appeared first on IT SECURITY GURU.

Windows Malware Carries Valid Digital Signatures

Researchers from Masaryk University in the Czech Republic and Maryland Cybersecurity Center (MCC) monitored suspicious organizations and identified four that sold Microsoft Authenticode certificates to anonymous buyers. The same research team also collected a trove of Windows-targeted malware carrying valid digital signatures.

View Full Story

ORIGINAL SOURCE: Infosecurity Magazine

The post Windows Malware Carries Valid Digital Signatures appeared first on IT SECURITY GURU.

Ukraine Says It Stopped a VPNFilter Attack on a Chlorine Distillation Station

The Ukrainian Secret Service (SBU) said today it stopped a cyber-attack with the VPNFilter malware on a chlorine distillation plant in the village of Aulska, in the Dnipropetrovsk region.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Ukraine Says It Stopped a VPNFilter Attack on a Chlorine Distillation Station appeared first on IT SECURITY GURU.

Popular Software Site Hacked to Redirect Users to Keylogger, Infostealer, More

Hackers have breached the website of VSDC, a popular company that provides free audio and video conversion and editing software. Three different incidents have been recorded during which hackers changed the download links on the VSDC website with links that initiated downloads from servers operated by the attackers.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Popular Software Site Hacked to Redirect Users to Keylogger, Infostealer, More appeared first on IT SECURITY GURU.