Security
New Malware Steals Facebook Credentials from African Mobile Users
Sourced from Republic Title Anti-fraud firm, Evina has revealed that a certain malware uses javascript to retrieve the login credentials of Facebook users. The company confirms that social media users in Africa are amongst those who have been targeted. This malware launches a browser that loads Facebook at the same time a mobile user is trying to open the platform – by displaying in the foreground, the user believes the fraudulent browser is legitimate. Malware and ransomware that targets hundreds of millions of mobile users worldwide can have devastating personal, productivity and financial consequences. “This new malware is particularly dangerous as it could effectively ruin your online and offline life by making off with the credentials of one of your most valued pieces of digital real ...
Security Flaw in Health Startup Exposed User Accounts and Medical Information
Sourced from LogBox. LogBox, a South African medical data startup that claims it is an “absolutely secure” way to replace paper forms and documentation in sharing patient data with doctors, has exposed user accounts and sensitive patient data following a lapse in security. Anurag Sen, a security researcher, found an exposed database belonging to the company. The database contained account access tokens for thousands of LogBox users, which if used would grant full access to the accounts and the information therein of users without even needing to input a password. Sen had reported to LogBox that their database has been exposed, but did not hear back. TechCrunch writes that the database has been pulled offline as soon as it reached out. LogBox’ database leak comes just as the country’s new d...
5 Trends to Consider When Developing a Cybersecurity Awareness Training Program
Among the wide range of reasons that cause cybersecurity incidents, inappropriate use of IT resources by employees remains a challenge for businesses. In 2019, half (52% enterprise, 50% SMBs) of companies faced a data breach because of this, as revealed in a Kaspersky survey of IT decision-makers. Quite surprisingly, companies experienced this almost as often as their devices being infected with malicious software. This shows that businesses need to explain to their employees how to recognise ‘dangerous’ situations and ensure they know how to react appropriately. Security awareness training programmes are designed to teach important cybersecurity hygiene. To make sure courses deliver the desired results, companies should meet modern learners’ requirements and the current trends in corporat...
New POPI Act Regulations – Here’s Everything You Should Know
Sourced from Europa EU. Progress is being made to promote the protection of personal information in South Africa. President Cyril Ramaphosa has announced the commencement of parts of the Protection of Personal Information Act (POPIA). The remaining provisions of the Act will be addressed once the Information Regulator assume its powers, functions and duties in terms of the Act. The sections that will commence today, 1 July 2020 and include the conditions for processing personal information, procedures for dealing with complaints and provisions regulating direct marketing by means of unsolicited electronic communication. Sections 2 – 38, 55 – 109, 111 and 114 (1), (2) and (3) commences on 1 July 2020 and Sections 110 and 114(4) will commence on 30 June 2021. What does this mean? According t...
Nigerian stocks down by N1.14 trillion in first half
Nigerian stocks closed the first half down with average loss of 8.80 per cent, equivalent to net capital depreciation of N1.14 trillion as investors struggled with a threesome of domestic macroeconomic uncertainties, global decline in crude oil price and trade wars and the ravaging COVID-19 pandemic. Benchmark indices at the Nigerian Stock Exchange (NSE), which are generally regarded as sovereign equity indices for Nigeria, showed that Nigerian stocks swiveled through steep decline in first quarter and a major recovery in early months of the second quarter, closing the six-month period with net loss of N1.14 trillion. The All Share Index (ASI), a common value-based index that tracks all share prices at the Exchange, closed first half at 24,479.22 points as against 26,842.07 points recorded...
Scam Attempts on Gumtree Have Surged During South Africa’s Lockdown
British classifieds platform popular with South Africans, Gumtree has seen an increase in scams during the country’s lockdown with criminals and fraudsters benefiting from scamming people over a distance. Estelle Nagel of Gumtree says that “The pandemic has seen more South Africans sell their items in an attempt to raise additional cash, and as those listings increase, so do scam attempts.” “With lockdown, buyers and sellers are inclined to transact online only rather than face to face or without viewing an item in person and using electronic payment methods rather than cash. This does lead to more instances of fraud,” she continues. With more and more South Africans desperately searching for cash during these tough times, Nagel says, they may be less risk-averse than normal and more likel...
South African Organisations Lag Behind Global Average of Cybersecurity Resilience
Email and data security company, Mimecast, unveiled its fourth-annual State of Email Security 2020 report. This report summarises details from 1,025 global IT decision-makers on the current state of cybersecurity. The findings in this year’s report demonstrate that despite high levels of confidence in respondents’ cyber resilience strategies, there is a clear need for improvement. While a large majority (77%) of respondents say they have or are actively rolling out a cyber resilience strategy, only 62% of South African organisations are doing the same. Yet an astounding 47% of local organisations – and 60% of global ones – believe it is inevitable or likely they will suffer from an email-borne attack in the coming year. South African respondents cite data loss (35%), a decrease in employee...
Sony is Offering a $50,000 Reward for Hacking the PlayStation 4
Sourced from Bloomberg Sony has launched a bug bounty hunting reward programme in order to continue to find critical faults with the security of its PlayStation 4 console and the PlayStation Network. Participants in the programme who find exploits and loopholes in the console’s security could be rewarded up to $50,000. This announcement was made by Sony Interactive Entertainment Senior Director of Software Engineering Geoff Norton, who says the company has partnered with a bug bounty platform, HackerOne, for the programme. “At PlayStation, we are committed to providing gamers all over the world with great experiences. I’m happy to announce today that we have started a public PlayStation Bug Bounty programme because the security of our products is a fundamental part of creating amazing expe...
Operation In(ter)ception: How a LinkedIn Message can Result in Espionage
Sourced from Republic Title ESET researchers have discovered highly targeted cyberattacks that are notable for using LinkedIn-based spearphishing, employing effective tricks to stay under the radar and apparently having financial gain, in addition to espionage, as a goal. The attacks, which ESET researchers dubbed Operation In(ter)ception based on a related malware sample named “Inception.dll,” took place from September to December 2019. The attacks that ESET researchers investigated started with a LinkedIn message. “The message was a quite believable job offer, seemingly from a well-known company in a relevant sector. Of course, the LinkedIn profile was fake, and the files sent within the communication were malicious,” comments Dominik Breitenbacher, the ESET malware researcher who analyz...
Twitter Addresses Potentially Harmful Data Breach
Image sourced from Mission Statement Academy In an email sent to potentially affected clients, Twitter has confirmed that sensitive data regarding their business customers may have been compromised. The company says that some clients billing information was unknowingly stored in their browser’s cache, making it ‘possible’ for others to access. The data in question includes personal email addresses, phone numbers as well as the last four digits of credit card numbers. “We became aware of an incident where if you viewed your billing information on ads.twitter.com or analytics.twitter.com the billing information may have been stored in the browser’s cache,” a Twitter spokesperson said. “As soon as we discovered this was happening, we resolved the issue and communicated to potentially impacted...
Probe demanded over Latino police shooting death in Los Angeles
Los Angeles officials Tuesday demanded an independent probe into the death of a young Latino security guard, whose shooting by police has fueled more protests against police brutality and racism. Andres Guardado, 18, was killed last week after a deputy fired multiple gunshots in Gardena, Los Angeles County. Police say Guardado was shot when he fled from an auto repair shop after he “produced a handgun.” Guardado’s death came during a period of nationwide demonstrations that began with the death in police custody of an African American man, George Floyd, in Minnesota last month. Los Angeles County’s board of supervisors Tuesday unanimously approved a motion for a “robust and independent investigation to ensure the truth is uncovered and justice is served.” A day earlier, Los Angeles Sheriff...
Why Data Management Needs to be a Priority as Cybercrime Explodes
Working from home has become the new normal, and everyone is online, possibly with less secure connections than required. There has also been a huge uptake of cloud-based services in order to support a mobile workforce. This means that digital transformation has seen rapid growth, but it also means that many (possibly distracted) people are now highly attractive targets for cybercriminals. New vulnerabilities mean new loopholes for these criminals to exploit exposed businesses, and the result has been a dramatic increase in cybercrime. As a result, data management is required to curb these increasing threats. Lack of awareness means easy pickings With the need for businesses to rapidly move to a mobile workforce, cloud services are the first port of call. However, the urgency with which th...
