#privacy: European Central Bank confirms data breach and shuts down website

The European Central Bank (ECB) confirmed that it has suffered a data breach at its Banks’ Integrated Reporting Dictionary (BIRD) website.  In a short statement released on Thursday, the bank had stated that an unauthorised party had breached the security measures that were put in place to protect BIRD.  Subsequently, the contact data of 481 […]

Formjacking accounts for 71% of all web breaches

According to F5 Labs, formjacking has become an extremely popular method of data stealing.  Formjacking is the process of injecting malicious code onto e-commerce websites with the purpose of stealing payment credentials.  In F5 Labs latest Application Report 2019, 760 breaches had been analysed, and it was found that during the first half of 2019, […]

#privacy: Air New Zealand experiences data breach 

Over 100,000 Air New Zealand Airpoints customers have been affected.  A phishing attack has exposed the personal information of approximately 112,000 Airpoints customers, with names, details and Airpoints numbers among data compromised. Air New Zealand notified the New Zealand’s Office of the Privacy Commissioner about the breach on July 31, however customers were only informed […]

#privacy: UK’s biggest forensic services provider targeted by ransomware

A “highly-sophisticated” ransomware attack on Eurofins Scientific, has led to the suspension of work between the company and the British police.  Eurofins Scientific, is an international group of laboratories that carry out DNA testing, firearms testing, toxicology analysis and computer forensic for police forces across the UK.  In June, Eurofins Scientific had been targeted by […]

#privacy: Clickjacking is still continuing to thrive

According to a research paper, clickjacking has become an extremely popular method of attack for online scammers. Researchers at the Chinese University of Hong Kong, Microsoft Research, Seoul National University and Pennsylvania State University found that clickjacking is a threat that is evolving, and new tactics are emerging.  Clickjacking is the process whereby attackers launch […]

#privacy: DanaBot banking trojan is on the move

The banking trojan DanaBot has expanded its targets to Germany from Australia since June. Webroot explains that DanaBot “works to gather sensitive banking information from unsuspecting users for fraud and other criminal activity.” The malware had been first observed targeting Australia in its earlier campaigns, and it appeared that it only came from one threat […]

#privacy: Malware that can record computer screens discovered

A new malware has been discovered that is able to record the screen of an infected machine and identify a user who is viewing porn.  Researchers at IT security company ESET, first observed the malware dubbed “Varenyky” in May 2019. A month later, researchers saw the first malicious document infecting a victim’s computer which had […]

#privacy: Personal data of Visa applicants accidentally leaked 

The personal data of 317 people applying for Australian Visas were accidentally emailed to an incorrect address due to a “typo”.  In an investigation by ABC, it was uncovered that a spreadsheet had been sent accidentally to an unknown individual’s email address.  The breach happened in 2015 by a subcontractor of Bupa, Sonic HealthPlus (SHP). […]

#privacy: Public Transport Victoria in breach of privacy laws

In July 2019, Public Transport Victoria (PTV) released a dataset that exposed the travel history of more than 15 million myki cards. The dataset also leaked  1.8 billion travel records of myki public transport users between the period June 2015 and June 2018.  The dataset contained records of the touch on and touch off data, […]

#privacy: Vulnerability found in Trend Micro Password Manager

Researchers at SafeBreach demonstrated how the vulnerability could be exploited to achieve privilege escalation.  Researchers discovered an issue with the pvmSvc.exe, a central control service, which was being executed as NT AUTHORITY/SYSTEM. Once executed, a missing DLL file was trying to load.   “In our VM, the c:\python27 has an ACL which allows any authenticated user […]