Ransomware encrypts South Africa’s entire Dept of Justice network
Bleeping Computer, Ionut Ilascu
“[The attack] has led to all information systems being encrypted and unavailable to both internal employees as well as members of the public. As a result, all electronic services provided by the department are affected, including the issuing of letters of authority, bail services, e-mail and the departmental website.” Read More
Phishers impersonate US DOT to target contractors after Senate passed $1 trillion infrastructure bill
ZDNet, Jonathan Greig
“The phishers made their website look legitimate by copying the HTML and CSS from the real USDOT website. They even included a real warning on the government site about making sure users check that sites are legitimate US government websites.” Read More
Unsecured fitness app database leaks 61M records, highlights health app privacy risks
SC Magazine, Jessica Davis
“Overall, the researchers found at least 23 million Health users have been exposed…. And all 30 of the assessed apps were vulnerable to broken object level authorization (BOLA) attacks, posing tangible risks to the health data collected and stored within the platforms.” Read More
Israeli spyware firm targeted Apple devices via iMessage, researchers say
The Guardian, Stephanie Kirchgaessner
“Researchers said the speed with which Apple was seeking to fix the vulnerability to its operating system, which in effect has allowed the latest iPhones and operating systems to be vulnerable to attack by NSO Group’s government clients, underscored the “absolute seriousness” of their findings.” Read More
MyRepublic discloses data breach exposing government ID cards
Bleeping Computer, Lawrence Abrams
“Using stolen utility bills and National Registration Identity Cards (NRICs), it may be possible for threat actors to open accounts or receive credit under an exposed customer’s name.” Read More