17 Canadian federal depts. and agencies failed basic tests for credit card data security

Facebook
Share this

The Canada Revenue Agency, the RCMP, Statistics Canada and more than a dozen other federal departments and agencies have failed an international test of the security of their credit card payment systems. Altogether, half of the 34 federal institutions authorized by the banking system to accept credit-card payments from citizens and others have flunked the test — risking fines and even the revocation of their ability to accept credit and debit payments. Those 17 departments and agencies continue to process payments on Visa, MasterCard, Amex, the Tokyo-based JCB and China…

Share this
Read More

South Africa’s Second biggest database leak exposes almost 1 million personal records

Share this

Barely a year after South Africa’s largest data leak was revealed in 2017, the country has suffered yet another data leak as 934,000 personal records of South Africans have been leaked publicly online. The data includes, among others, national identity numbers (ID numbers), e-mail addresses, full names, as well as plain text passwords to what appears to be a traffic fines related online system. Working together with Troy Hunt, an Australian Security consultant and founder of haveibeenpwned, along with an anonymous source that has been communicating with iAfrikan and Hunt, we’ve managed to establish that the…

Share this
Read More

Hackers Threaten ‘Game of Thrones,’ as HBO Confirms Cyberattack

Share this

HBO has been the latest target of a cyber-attack. HBO confirmed on Monday that the network had been the target of a cyberattack, as an anonymous hacker boasted about leaking full episodes of upcoming shows along with written material from next week’s episode of “Game of Thrones.” The hack was announced to media via an anonymous email which claimed 1.5 terabytes of data from secure HBO networks was accessed, according to Entertainment Weekly. Unaired episodes of “Ballers” and “Room 104” may have been published online, and the hacker vowed more…

Share this
Read More

Cyber spies use female ‘honey pot’ to lure LinkedIn targets

Share this

MIA Ash is an attractive 30-year-old  British woman with two art school degrees , a successful career as a photographer with hundreds of social media connections. She has common favorite hobbies with social media users, so when she adds a target as a friend,  they probably get flattered and a little bit excited. After exchanging messages on LinkedIn, The target is happy to continue the conversation on Facebook and WhatsApp. One problem though, Mia does not exist. Instead, she’s a persona, her biography fabricated and her photos stolen from another…

Share this
Read More

Microsoft Patches 56 Vulnerabilities

Share this

Microsoft has released an urgent update to stop hackers taking control of computers with a single email. The unusual bug, in Microsoft anti-malware software such as Windows Defender, could be exploited without the recipient even opening the message. Researchers working for Google’s Project Zero cyber-security outfit discovered the flaw at the weekend. The fix has been specially pushed out hours before the software giant’s monthly Tuesday security update. The update CVE-2017-0290 addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file.…

Share this
Read More

Machine learning set to Impact Online Security

Artificial Intelligence
Share this

Technology moves swiftly. Nowhere is that more accurate than in the current state of machine learning. A lack of awareness of security issues in the C-Suite and among employees is part of the problem, but the major cause is the enormous complexity of modern infrastructure deployments and the data generated by corporate and government networks. Finding security breaches is incredibly difficult. Online criminals want to remain hidden — if they’re discovered, it’s game over. They invest significant resources into hiding their presence, but it’s impossible for them to hide completely. There…

Share this
Read More

Google’s battle with Android malware: Who wins?

Share this

While most people are aware of the malicious threats targeting their computers, many still don’t realise that their mobile devices are an increasingly lucrative a target for cybercriminals. The main way smartphones are attacked is though apps, often ones which pose as innocent and useful but actually aim to steal data or in the case of ransomware, force users to pay up. Recently, google uncovered the Android version of Pegasus, a mobile spyware created by NSO Group, an Israeli surveillance company considered the most advanced producer of mobile spyware on…

Share this
Read More

Google Docs phishing attack is fixed

Share this

Google Docs users were hit by a widespread phishing attempt everywhere being spammed with what appeared to be malicious invitations to log on to their Google accounts. Unlike your garden-variety cyberattack, many of the telltale signs that could tip off that something was awry are absent. What made this attack so tricky to detect was that it took advantage of Google’s legitimate tool for sharing data with responsible third-party apps. Since the bogus invitation was being routed through Google’s real system, nothing was misspelled, the icons looked accurate, and it’s hard to know something’s…

Share this
Read More

Phishing attacks using internationalized domains are hard to block

Share this

Attackers can evade a security mechanism and abuse Unicode domains to phish for the login credentials of Chrome, Firefox, and Opera users. Security researcher Xudong Zheng has developed a proof-of-concept that exploits an issue in some web browsers. Attackers can abuse this sleight of hand to redirect users to phishing websites. All they need to do is use Punycode, which relies on ASCII characters to convey foreign characters.  The Punycode domain “xn--pple-43d.com” is equivalent to “apple.com”, for example. As long as a web browser translates the Punycode into what’s known…

Share this
Read More

BankBot trojan hits Google Play

Share this

A trojan virus that affects Android devices leaked online in January. This was the BankBot, a banking malware which disguised itself as a harmless program and able to avoid Google’s security scans. Weeks after the attack, the malware found its way to Google Play Store. What makes this vicious banking Trojan threatening is that it was able to find a way of hiding in apps using a variety of names on Play Store. On is Funny Videos 2017 and the other is the HappyTimes Videos, with the latter discovered just…

Share this
Read More