Search This Blog

Latest News

BMW and Hyundai Networks Compromised by Vietnamese Hackers

Hackers allegedly having links to the Vietnamese government have hacked the networks of two leading automobile manufacturers, BMW and Hy...

All the recent news you need to know

One of Australia's Largest IVF Providers Warns Patients of Possible Data Breach


A malicious cyber-attack targeting on the staff email system of one of Australia's biggest IVF providers may have brought a breach in the personal information of the patients. It has been accounted for that the attackers gained access to emails; email addresses and address books belonging to a number of staff members in the attack.

A group of forensic IT experts has just started an investigation to find out how the server was broken and if patients' personal details were gotten to, according to Chief Executive of Monash IVF Group, Michael Knaap.

While the investigation discovered that the private patient databases were immaculate, the national fertility business said in an email to the patients informing them that staff emails containing sensitive patient data, including medicinal histories, may have been hacked.

Monash IVF emphatically stressed the fact that the attackers have focused on just a bunch of the patients and were simply restricted to "an individual's email address"; however a few patients may have been directly affected.

The IVF provider said it had been in contact with the Office of the Australian Information Commissioner and the Australian Cyber Security Centre (ACSC) about the incident as well as industry regulators.

Monash IVF is attached to fertility clinics in New South Wales, Queensland, Victoria, Tasmania, South Australia, and the Northern Territory.

This, in any case, isn't the first cyber-attack exclusively centered around the patients data security there have been quite a few earlier this year also, the most popular one as revealed by "The Age" a cybercrime syndicate had hacked and 'scrambled' the medical records of around 15,000 patients from a specialist cardiology unit at Cabrini Hospital and thusly demanded a ransom.

Group-IB reported attempts to hack Telegram of Russian entrepreneurs


The company specializing in the investigation of cybercrime Group-IB reported that attackers attempted to hack correspondence of Telegram messenger, and Russian entrepreneurs became the target of cyberattacks.

As the experts explained, at the end of 2019 several Russian entrepreneurs turned to them for help, who faced the problem of unauthorized access by unknown persons to their correspondence in the Telegram messenger.

The incidents occurred on iOS and Android, regardless of the carrier used. Group-IB believes that the attackers were able to view and copy activation codes from SMS messages that Telegram sends when activated on a new device.

Technically, the cyber attack could have been carried out using a vulnerability in the SS7 Protocol. However, attacks on SS7 are rare.

“It is much more difficult to implement such an attack, it requires certain qualifications in the field of data transmission networks and their protocols,” explained Kaspersky Lab’s antivirus expert Viktor Chebyshev.

"The attack began when a message was sent to the Telegram messenger from the Telegram service channel (this is the official messenger channel with a blue verification tick) with a confirmation code that the user did not request. After that, an SMS with an activation code was sent to the victim’s smartphone, and almost immediately a notification came to the Telegram service channel that the account was logged in from a new device,” reported Group-IB.

It is known that other people's accounts were hacked through the mobile Internet, the IP address of the attackers was most often determined in the city of Samara.

It is assumed that the attackers used disposable SIM cards. They deliberately sent SMS with the code, intercepted it and authorized in Telegram. They could buy access to tools for hacking in the Darknet from 100 thousand rubles ($1,565).

The company drew attention to the fact that in all cases, SMS messages were the only authorization factor on devices affected by hacking attempts. Accordingly, such an attack can only be successful if the “Cloud Password” or “Two-step verification” options are not activated in the Telegram settings on the smartphone.

According to anti-virus expert Viktor Chebyshev, Telegram is consistently included in the list of applications targeted by cybercriminals in various spy campaigns. Such an attack can allow attackers to gain access to the correspondence of specific people.

Alert! TrickBot Trojan and Ryuk Ransomware spreads through Japan, as the holiday season approaches


The most dangerous and active banking trojan family according to IBM X-Force data, TrickBot has been modifying it's malware’s modules lately, as the threat group launches in the wild. As the infection campaign spreads around the globe - Japan has become its new growing target ahead of the holiday season. Just ahead of the holiday's TrickBot campaigns usually target European and western countries and other parts of the world but this is the first time they have focused on Japan.


And also, just in time for the holidays when they'll be shopping extensively. Thus, the Japanese consumers should be wary of these infections as they target banks, online shopping payment cards, telecommerce, a bitcoin exchange, e-wallets, and others. TrickBot has been loaded with hundreds of targeted URLs belonging to banks and other retailers. Emotet botnet is also dropping TrickBot to other devices.

The most common attack includes web injections on bank websites leading to banking frauds. On-the-fly injections, used by TrickBot lures the victim into revealing personally identifiable information (PII), payment card details and PIN codes. This is not the first time Eastern European gangs attacked the country, other trojans like URLZone and Gozi (Ursnif) have been prevalent in Japan for years now. For Japanese Businessmen - Beware! Not only TrickBot but Ryuk Ransomware is also spreading through the region TrickBot, being already a worrisome banking plague is not only limited to that.

The Japanese companies should also be wary of the growing ransomware attacks because the TrickBot can usher in Ryuk Ransomware Attacks along with it. It's a kill chain that starts with Emotet and TrickBot and leads to Ryuk attack, ransomware that locks the system demanding millions of dollars. If such Ryuk or TrickBot attack is suspected, then you should immediately launch response plans and contain the infection or contact security companies without wasting precious time as these infections spread fast and wide.

Vulnerability found in Android Phones exploited by bank thieves through malicious apps


Researchers from security firm Promon, found a vulnerability in millions of fully patched Android phones, that's being exploited by malware through malicious apps designed to drain the user's bank account. The vulnerability is exploited by 36 apps, including bank trojans. These apps masquerade as legitimate apps already installed by the user posing on it or inside it, say the researchers. As the user already trusts these apps, after installing these then ask for permissions like recording audio or video, taking photos, reading text messages or phishing login credentials.



Victims who click yes, fall prey to the scam. Lookout and Promon, researchers reported on Monday that they found 36 apps exploiting the spoofing vulnerability. This includes BankBot banking trojan, which's been active since 2017 and apps from this malware have been caught on Google Play repeatedly. And the only way the users can protect themselves is by clicking 'no' to the permissions. TaskAffinity is the function in Android where this vulnerability occurs that lets the app disguise as other app and work in the multitasking environment. Using this the malicious app is placed inside or top of the target. "Thus the malicious activity hijacks the target's task," Promon researchers wrote.

"The next time the target app is launched from Launcher, the hijacked task will be brought to the front and the malicious activity will be visible. The malicious app then only needs to appear like the target app to successfully launch sophisticated attacks against the user. It is possible to hijack such a task before the target app has even been installed." Promon is calling the vulnerability, "StrandHogg," neither promon nor lookout has revealed the apps but Google has removed these apps from their market.

Still, the vulnerability remains a problem in Android. Google representatives said, "We appreciate the researchers['] work, and have suspended the potentially harmful apps they identified. Google Play Protect detects and blocks malicious apps, including ones using this technique. Additionally, we're continuing to investigate to improve Google Play Protect's ability to protect users against similar issues."