Security researchers have discovered flaws that could allow hackers to bypass the UK contactless verification limit of £30 on Visa contactless cards. The researchers, from Positive Technologies, tested the attack with five major UK banks, successfully bypassing the UK’s £30 limit (which is used to safeguard against fraudulent losses) on all tested Visa cards, irrespective of the card terminal. They also found that this attack is possible with cards and terminals outside of the UK.
ISBuzz Team
Capital One is reporting a massive data breach affecting 100 million people in the US that exposed the names, addresses, phone numbers and email addresses they used on their credit card applications. The announcement has come after the alleged hacker, an ex-AWS employee was arrested and charged with a single count of computer fraud. Prosecutors alleged that the access to the bank data came through a misconfigured firewall protecting one of its applications. About 100m individuals based in the US and 6m in Canada had their information compromised in the breach. About 1.1m Social Security Numbers and 80,000 linked bank…
Cybersecurity industry executives reacted to a new report issued by a San Mateo, California grand jury this week focuses on the vulnerabilities of the County’s email and online communication platforms to hijacking and propagating disinformation in the guise of election instructions or announcements.
According to this link, https://www.9news.com.au/national/nab-data-breach-privacy-human-error-australia-bank-news/881315dd-078f-4263-ba3b-c169771adc56, National Australia Bank Ltd says 13,000 customers are being contacted after a breach where personal data was uploaded without permission to two data service companies. The breach resulted from human error The data uploaded included customer names, date of birth, contact details and in some cases, government identity numbers The data service companies told NAB that information they receive is deleted within two hours however affected customers are still due to hear from the bank within the coming days
Online form maker, FormGet, which allows its 43,000 customers to create online forms so others can submit their resumes or apply for a job, or provide proof of address or employment, buy goods online, etc, left one of its cloud storage servers online and exposed without a password. The storage bucket, which FormGet pulled offline last night, was packed with hundreds of thousands of files and documents.
A highly-targeted, custom-built form of powerful Android malware is being deployed to conduct surveillance on selected individuals, according to security researchers. Uncovered by mobile security company Lookout, the Monokle remote-access trojan is equipped with a range of intrusive capabilities which enable it to conduct espionage on targets.
A federal judge has refused to dismiss a $224M lawsuit against telecom giant AT&T for a SIM swap attack that led to $24 million in stolen cryptocurrency. AT&T is facing court over allegations it violated the Federal Communications Act, a consumer contract, as well as several other laws, when hackers assumed the identity (and telephone account) of cryptocurrency investor Michael Terpin in 2017. SIM-swapping is when scammers contact a carrier pretending to be their target in order to port the victim’s number to a SIM card that they control. It allows text messages and 2FA codes to be intercepted, facilitating account takeover…
A Russian defence contractor accused by the United States of supporting cyber-attacks has developed sophisticated software used to spy on smartphones, an American security company said on Wednesday. St. Petersburg-based Special Technology Center (STC) developed code that has been aimed at a small number of targets, including those interested in a rebel militia in Russian-allied Syria.
Lancaster University has revealed it has been subjected to a ‘sophisticated’ phishing attack resulting in attackers gaining access to student and applicant data including names, addresses, email addresses and more. https://twitter.com/soldopane/status/1153647747599347712
According to the Cyber Security Breaches Survey 2019, published in April 2019, 32% of businesses identified cyber security breaches or attacks within the last 12 months. In the modern digital world, cybersecurity breaches can occur for a variety of reasons, spanning anything from insecure passwords or not having the correct firewall or system configurations in place. The legal sector is not exempt from these risks and it is important to acknowledge why this is occuring, how it can be prevented and the reasons why firms can be susceptible to potentially company-ending breaches. Legacy IT systems can date back as far as…