MediaWorks, a major New Zealand media company, has fallen victim to a cyber breach, which has exposed the personal data from over 2.4 million individuals. The Breach A hacker, operating under the pseudonym OneERA on a hacking forum, claims to have secured a vast amount of personal data from MediaWorks. This incident was unveiled through a forum post dated 14 March, where OneERA highlighted their intention to sell the acquired data. Hacker's forum post advertising the sale of stolen data from MediaWorks breach. source Data Stolen: Total Records Stolen: 2,461,180 Types of Data: Names Home ad ..read more

The LockBit ransomware group’s servers were taken down by law enforcement on February 19, seen by many as a significant blow to the cybercrime group’s operations. But in less than a week, they were back, this time with stronger defences and threats aimed at government bodies. The reality is, this comeback was to be expected – shutting down a hacker group’s website is one thing, but keeping them offline is another story altogether. Inside LockBit LockBit operates as a cybercrime group, specialising in ransomware attacks. They offer their ransomware on a ransomware-as-a-service (RaaS) basis, a ..read more

Tangerine Telecom recently faced a significant cybersecurity incident, impacting 232,000 customers. Incident Overview The breach occurred when threat actors gained access to Tangerine Telecom’s legacy database (an outdated but still used system holding valuable data). Here’s how the breach unfolded step by step: The threat actor targeted Tangerine Telecom’s legacy database, which still had lots of valuable customer info. They obtained login credentials that were given to a contractor by Tangerine Telecom for legitimate access. Using these credentials, the threat actor bypassed the security ..read more

Chinese Government Leak On 16th February 2024, an unknown user uploaded supposedly sensitive Chinese Government documents to the file repository website, Github. The repository on Github is titled “I-S00N” and contains information relating to the offensive cyber security capabilities of APT41 (also known as Double Dragon, TG-2633 and Wicked Spider). An X thread by the user, @AzakaSekai_ summarises the tools and capabilities within the repository, mainly consisting of spyware developed by a Chinese government contractor named “iSOON or Anxun Information”. Some of these tools include: An X (p ..read more

Within days of its release, the Apple Vision Pro, a highly anticipated mixed reality headset, was found to have a significant security vulnerability.  Joseph Ravichandran, a Ph.D. student from the Massachusetts Institute of Technology (MIT) identified a kernel vulnerability in the device’s visionOS. This flaw, if exploited, could allow for jailbreaks and malware attacks that would put users at risk.  What Happened?  The software at the heart of the Vision Pro has a weak spot, known as a “kernel vulnerability.”  This weak spot can make the headset crash. Instead of showin ..read more

Common Penetration Test Findings for 2024  Cybersecurity trends continue to evolve and keeping pace in 2024 means staying proactive. This year, we’ve collaborated with Khalid Ebrahimi, our Senior Penetration Tester at Gridware, to discuss the common penetration test findings for 2024.   A misconception that remains a general consensus; larger means safer in cybersecurity is a myth. Recent headlines disprove this belief. From the data breach of 10 million customers by Latitude Finance to the exposure of 9.7 million records by Medibank, even the biggest players can stumble.&n ..read more

The Commission Nationale Informatique et Libertés (CNIL), France’s data protection authority, this week disclosed a cyber-attack on Viamedis and Almerys, two health insurance companies. This incident, now referred to as the French Health Insurance Data Breach, affected over 33 million people, nearly half the country’s population.  The Data at Risk  The breach exposed a range of personal data, including:  Marital status  Dates of birth  Social security numbers  Specific details related to individuals’ insurance policies  This exposed information puts peo ..read more

Recent headlines claimed that 3 million electric toothbrushes were hacked to conduct a Distributed Denial of Service (DDoS) attack, sparking widespread attention. Yet, this story, interesting as it may seem, is not supported by facts.  Debunked:  The report originated from a Swiss news outlet, suggesting these toothbrushes had been compromised with malware. However, no evidence supports this claim. The cybersecurity firm that was cited as the story’s source, has not verified the incident. This narrative likely emerged from a hypothetical scenario rather than an actual event.  ..read more

The systems we rely on every day, from our water supply to the internet itself, are increasingly under threat from cyber attacks. Hackers target Critical Infrastructure sectors not just to cause trouble but to gain big – financially, politically, or even just to prove they can.   The Target List  Key sectors at risk include energy, healthcare, communication, food supply, finance, transportation, defense, and water management. These areas are essential for our daily lives and, if attacked, can impact everything from our safety to our economy.  Why Hackers are Interested&nb ..read more

A finance employee at a Hong Kong-based multinational company was recently tricked into transferring $25 million by scammers using a deepfake video of the CFO.   What Happened  Scammers chose a big company with offices worldwide, knowing it had the money to target.  They sent the finance worker an invitation for a video meeting.  Threat actors used deepfake technology to make it look and sound like the CFO and other team members were on the call.  The fake CFO talked about needing to send money fast for a company emergency.  Believing the call was real ..read more