This is both wild and wow. Someone essentially built an iPhone X look-alike both in terms of hardware and software, but it is actually running Android.
Spear-phishing is quickly becoming the most popular technique for hacking high-value targets. The SingHealth hack was suspected to be due to spear-phishing as well. HR is obviously most at risk, as they need to review resumes which can come as PDF or Word document.
The lawsuit notes the company determined that it was likely the same group of attackers responsible for both intrusions. Verizon also told the bank that the malware the attackers used to gain their initial foothold at the bank in the 2017 breach was embedded in a booby-trapped Microsoft Word document.
Good pre-emptive measure to prevent possible misuse of information from the SingHealth hack.
“With immediate effect, all financial institutions should not rely solely on the types of information stolen (name, NRIC number, address, gender, race, and date of birth) for customer verification,” MAS said in a statement.
“Additional information must be used for verification before undertaking transactions for the customer. This may include, for instance, One-Time Password, PIN, biometrics, last transaction date or amount, etc.”
This is indeed the most serious cybersecurity breach in Singapore so far. 1.5 million records were exfiltrated. If this were to happen to a private company, the fine for breaching PDPA would surely be significant. While cyber attacks are not uncommon or unexpected, having it happen in a way that affects so many people will surely bring pause to many ongoing and upcoming IT projects in the pipeline.
Much ado about nothing. The context was, some journalists were highly suspicious of the USB fan that was included in the goody bag for the media during the Trump-Kim summit in Singapore, deeming it a cybersecurity risk. It’s probably good not to plug untrusted USB devices into your machine but c’mon please give the organizers more credit than this.
A University of Cambridge researcher wanted to know if the fan was bugged.