#Privacy: Hundreds of thousands of CVs exposed online

Both Authentic Jobs and Sonic Jobs have exposed more than 200,000 CVs, subsequently making them publicly accessible to possible threat actors. Security researcher Gareth Llewellyn discovered the data breaches. Authentic Jobs, a US-based jobs board utilised by companies including the New York Times, made 221,130 CVs publicly accessible. Whilst Sonic Jobs, a UK jobs app […]

#Privacy: Phorpiex botnet made $115,000 from spam sextortion emails in five months

Following a five month investigation, Check Point Research has published its results on the “largest scale sextortion campaign” it has seen. The sextortion campaign informs its victims that it has compromising images or videos of them and requests a ransom demand.  During the 5 month period, victims sent more than 14 Bitcoins (over $11,000) to […]

#Privacy: More than 100 million IoT attacks detected during H1 of 2019

Kaspersky honeypots detected 105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first half of 2019.  The number of attacks is almost nine times greater than the number of attacks found in the first half of 2018, with around 12 million attacks originating from 69,000 IP addresses being identified.  Cyberattacks […]

#Privacy: Researchers have devised a method to scoop unencrypted Tor network traffic data

Researchers have found a way to harvest unencrypted Tor network data from exit nodes and piece them together. Deloitte Canada researchers, Adam Podgorski and Milind Bhargava have also claimed to be able to obtain personally identifiable information (PII) of mobile users. The irony is that Tor is an anonymising software and network, and allows traffic […]

#Privacy: Canadian students share their passwords with friends

According to the Quebec Access to Information Commission (CAI), Canadian students are sharing their passwords with friends as proof of friendship. For the past three years, the CAI has been visiting secondary schools across Quebec informing children about their campaign “Ce que tu publies, penses-y”, which briefly translates to “Think before you publish.” The aim […]

#Privacy: Experts identify Whirlpool as owners of exposed database

An unusual web interface belonging to the Heartbeat monitoring service was discovered by security researcher Bob Diachenko.  The publicly accessible instance contained graphs and descriptions, to which the graphs were supported by a MongoDB-sourced data.  Additionally, the database itself was set on public and hosted on the same IP where the Heartbeat instance was.  Following […]