Recent decisions by the Data Protection Commissioner of Singapore include the following: Directions were issued to Crawfort Pte to conduct a security audit of its technical and administrative arrangements for its AWS S3 environment and rectify any security gaps identified in the audit report. This is pursuant to a data breach incident where Crawfort’s customer…
Israel’s Health Ministry website down after Iranian cyberattack
Adir Yanko and Itamar Eichner report: A group of hackers affiliated with Iran carried out a cyberattack on the website of the Health Ministry on Sunday, intermittently restricting access to the site from abroad. Pro-Iranian group Al-Tahira claimed responsibility for the DDoS (distributed denial-of-service) attack, which disrupts a website’s normal traffic by overwhelming the target…
Lithuanian ad website hit by cyberattack, warns of possible customer data leak
BNS reports: Data of thousands of customers might have been leaked after the Lithuanian ad website alio.lt was hit by a cyber attack on Thursday. “It looks like it might have been yet another Russian attack against Lithuania’s online space, a kind of attack, which the majority of business entities appear unable to resist,” Kristijonas…
‘Cyber attack from outside Albania’, AKSHI blocks online services
The following is a machine translation of a post by Euronews Albania: The National Agency of the Information Society has announced that our country is facing a cyber attack. For this reason, online services and government systems are closed until the neutralization of these criminal acts. According to the National Information Agency, the sophisticated attack…
The Canadian College MontMorency under the blows of a data leak
Damien Bancal reports (machine translation): At the end of May, the Canadian College MontMorency announced that it had suffered a cyber attack with a possible theft of personal data. ZATAZ confirms: pirates have copied everything, and they are starting to broadcast. Read more at Zataz. This was an Avos Locker attack.
10,000 organisations targeted by phishing attack that bypasses multi-factor authentication
Graham Cluley writes: Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them…