High-severity vulnerability discovered in all versions of Windows

A Google researcher has discovered a high-severity flaw that is affecting all versions of Windows, from Windows XP to Windows 10.  Tavis Ormandy, the security researcher from Google’s Project Zero Team, discovered the vulnerability in the CTextFramework (CTF). CTF is part of the Windows Text Services Framework – a system that manages input methods, keyboard […]

#privacy: New funding round signals cyber security boost for UK

Cyber Security Minister, Nigel Adams has launched a third round of funding through the Cyber Skills Immediate Impact Fund (CSIIF), the government has revealed. A government blog post has detailed how the fund should push up the number and diversity of individuals going into a career in cyber security. In future, training providers will be […]

#privacy: Financial firm in Canada spends £53m in data breach aftermath

In June, news broke of how a former employee at financial co-operative Desjardins had shared confidential data with figures outside the company. The data of around 2.9 million individual members and 173,000 business members was illegally delivered to third parties, with details comprising social insurance numbers, names, residential addresses, transaction behaviours and purchases. In the wake […]

#privacy: New Android malware available for renting

A new banking Trojan, dubbed Cerberus, is now available for threat actors to rent. Security researchers from ThreatFabric, discovered the mobile banking malware in June. Cerberus has been written from scratch and does not use any components from other banking Trojans. Once the malware is in an Android device, it will ask for accessibility service […]

#privacy: Defence, police and banks caught up in biometrics data breach

The personal and private information of over 1 million citizens has been compromised following a biometrics system data breach.  The data was found available to public access on a database used by institutions including the Metropolitan police, defence firms and financial organisations. Fingerprints, facial recognition ID, personal data and unencrypted login credentials are among the […]

#privacy: Further vulnerabilities found in British Airways cyber-security

A vulnerability within British Airways’ e-ticketing system has been found exposing passengers’ personally identifiable information (PII). Researchers from the security firm Wandera, discovered that the check-in links sent by British Airways, to passengers via email, were unencrypted and thus vulnerable to interception by an unauthorised third party. The check-in links contain booking references and surnames […]

#privacy: Google replaces passwords for Android users

Google announced this week that it will start replacing passwords to provide a simple authentication experience.  In a blog post, Dongjing He, a software engineer, and Christiaan Band, product manager explained that new security technologies are “surpassing” passwords, in regards to strength and convenience.  With that in mind, Google has announced that users of Pixel […]

#privacy: DSLR cameras can be hit by ransomware

Researchers have identified that DSLR cameras are vulnerable to ransomware attacks. In a report by Check Point Software Technologies, researchers demonstrated how to remotely install malware on a digital DSLR camera.  Security researcher Eyal Itkin, explained that the Picture Transfer Protocol (PTP) used by modern DSLR cameras to transfer digital images from the camera to […]

#privacy: Professor Woodrow Hartzog to speak at PrivSec New York

We are delighted to announce that Professor Woodrow Hartzog will address audiences at PrivSec conference, taking place November 5th and 6th at Columbia University, New York City. Hartzog is Professor of Law and Computing Science at Northeastern University School of Law and the Khoury College of Computer Sciences. He is also a non-resident Fellow at […]

#privacy: Microfinance agency exposes more than 140K user records

Credia.ge, a Georgia based agency, has exposed thousands of its customers personal and loan information.  Security researcher, Bob Diachenko, identified the Elasticsearch cluster on August 3rd. However it was discovered through a Shodan search that the cluster had been first indexed back in September 2018.  The database in question was named “compromised” in Shodan search and […]