Tag Archive for: Trust

Trust Wallet Warns About iOS Zero-Day Exploit

/in


Jimmy Aki

Last updated:

| 1 min read

An individual scrolling through his phone to check for trust wallet app

Popular crypto wallet provider Trust Wallet disclosed on April 15 that it received “credible intel” about a high-risk zero-day exploit being sold on the Dark Web to target iOS users.

According to the software developer, this flaw could allow hackers to gain unauthorized access to users’ personal data.

Trust Wallet Reports Personal Information Sale on Dark Web


Trust Wallet shared its discovery in an X post, explaining the dangers of the zero-day exploit targeted at iMessage.

A zero-day exploit is a cyber attack that takes advantage of a previously unknown vulnerability in software. These exploits can go undetected for an extended period and are used to gain unauthorized access to systems and steal data. As detailed in the X post, iOS users and the entire crypto ecosystem could be at risk.

Trust Wallet CEO Eowyn Chen also shared a screenshot on X that reportedly depicts a zero-day exploit for sale on the Dark Web for $2 million.

Trust Wallet
Source: Eowyn Chen

Neither the crypto wallet provider nor its CEO disclosed where this information came from or if there were any casualties, however.

Source…

NHS Trust Confirms Clinical Data Leaked by Recognized Ransomware Group

/in


NHS Dumfries and Galloway has confirmed that patient clinical data has been leaked online by a ransomware group following the attack on its systems earlier this month.

The statement by the Scottish NHS Trust dated March 27, 2024, revealed that clinical data relating to a small number of patients has been published by a “recognized ransomware group.”

The trust acknowledged that in the cyber-attack, which it first reported on March 15, the hackers accessed “a significant amount of data including patient and staff-identifiable information.”

It follows a threat by the ransomware group Inc Ransom  on its leak site that it will soon publish 3TB of data relating to NHS Scotland patients and staff unless its demands are met.

The threat actor also included a ‘proof pack’ in its post, which appeared to show a range of sensitive clinical documents, such as genetics reports and letters between doctors discussing patient treatments.

Trevor Dearing, director of critical infrastructure at Illumio, commented: “The methods used by INC Ransom are common among ransomware groups. Ransomware attacks against healthcare organizations are now multiple layers of extortion – cybercriminals will look to steal and leak sensitive data, as well as affect operational up-time. Stolen healthcare data can be sold on the dark web for a quick profit or used in identity fraud.”

NHS Helping Impacted Patients

NHS Dumfries and Galloway Chief Executive Jeff Ace said the service is making contact with patients whose data has been leaked at this point and will continue working to limit any sharing of this information.

“NHS Dumfries and Galloway is very acutely aware of the potential impact of this development on the patients whose data has been published, and the general anxiety which might result within our patient population,” he commented.

Ace acknowledged that the information has been released by the attackers to prove it is in their possession. He made no reference to any ransom demand made by the group.

“We absolutely deplore the release of confidential patient data as part of this criminal act,” he said.

Ace added: “We are continuing to work with Police Scotland, the…

Source…

Does Australia Need A ‘Cyber Trust’ Label For Security Products? – channelnews

/in


Australian homes as well as businesses, are facing a crisis especially households or factories that have invested in high-risk Chinese products or have devices with the Chinese manufactured Quectel or Fibcom modules built in with questions now being asked to whether Australia needs a Cyber Trust Mark” label for devices sold at retailers as well as IOT devices sold into businesses.

What Australians are not realising is that they are increasingly buying Internet-connected “smart” devices that are vulnerable to hackers claim experts.

Currently Officeworks is selling security cameras manufactured by Chinese Company Hikvision who own the consumer brand EZVIZ. Hikvision products are banned in Australia, the USA, the UK, and several other Countries.

Another questionable Chinese consumer brand is Anker manufactured Eufy who security cameras are sold at Bunnings and JB Hi Fi.

Because of new security risks experts are now claiming that beefed-up security standards will be necessary to address the growing threats from criminals, hostile governments such as South Korea and Chinese hacking groups as well as Russian and East European hacking gangs as well as State sponsored hacking teams who have been identified as being responsible for major hack attacks on Countries such as Australia, the USA, France and the UK.

Public fears about cybersecurity were stoked in Australia earlier this year with attacks on Optus Telstra, and Medibank, this has seen Australian authorities move to set up security task forces, with the Federal Government currently recruiting people with hacking experience.

Closer to home, hackers have used Ring cameras and Eufy products to spy on kids and even lure them into creepy conversations.

Only this week a mother reported hearing a voice talking to their child in a cot at an NSW home early in the morning.

In the USA Mike Gallagher, the chairman of the House Select Committee on China, is among a growing group of policymakers focused on so-called “Internet of Things,” or IoT devices, which generally are understood as non-computer devices with a web connection.

Examples range from smart TVs, wearable fitness trackers, doorbell cameras, and thermostats to control…

Source…

Don’t trust that update! Untold number of Android users duped by dangerous SpyNote trojan

/in


Android users have been put on spyware high-alert as a banking trojan by the name of SpyNote has recently returned to the limelight.

The Android-based malware has been a background security threat for users since 2022. However, now in its third revision and with source code of of one of its variants (known as ‘CypherRat’) having leaked online in January of 2023, detections of this spyware have spiked throughout the year.

Source…