Slingshot APT: Riding on a hardware Trojan horse

Earlier this year, researchers from Kaspersky Security Analyst Summit (SAS) issued a report on a highly sophisticated cyberespionage campaign called Slingshot. What makes this initial attack vector unique is that many victims were attacked through compromised routers made by MikroTik. Routers download and run various DLL files in the normal course of business. Attackers found a way to compromise the devices by adding a malicious DLL to an otherwise legitimate package of other DLLs. The bad DLL was a downloader for various malicious files, which were also stored in the router.

Continue reading

Police force being investigated for potentially hiding data breach

Gwent Police is being investigated after failing to inform hundreds of people that hackers may have accessed their confidential reports to the force. Sky News has learned that up to 450 people who filed reports through an online tool over a two-year period could have been put at risk by hackers due to security flaws. Although the tool was decommissioned after an internal security review discovered that confidential information was being exposed, the force did not inform the individuals who were affected.

Full Story Here:


Commenting on the news is Javvad Malik, security advocate at AlienVault and Lee Munson, security researcher at Comparitech:


Javvad Malik, security advocate at AlienVault:

Being breached isn’t necessarily something that can be completely avoided and most companies will face a breach or near-breach at some point. With this in mind, it is important that companies have appropriate threat detection controls in place that can identify when a breach has occurred as soon as possible so that the appropriate response can be taken.

The response will involve isolating infected systems, assessing damage, and equally important issuing relevant notifications. This could be to partners, shareholders, regulators, and customers. This is of particular importance where personal information is disclosed and will be an area that will be scrutinised with more rigour once GDPR comes into force.


Lee Munson – Security Researcher at Comparitech:

That a data breach occurred through an online tool used by Gwent police is hardly shocking given the number of other breaches, reported and otherwise, that occur across the internet all year round.

What is shocking, though, is the fact that it went undetected for two years and then, when it was discovered, the incident response was sadly lacking.

Not only did the force ignore the fact that it should have informed the Information Commissioner’s Office but, worse, it did not consider the 450 or so people who may have had personal or other sensitive information compromised.

Worse than that, the assertion from a spokesperson that it was highly unlikely that a potential attacker could have swiped any data is dangerous thinking which may lull affected persons into thinking they need do nothing.

In reality, affected persons should be considering the nature of the information they shared with Gwent police and checking email accounts for targeted phishing attempts, reviewing online banking accounts and changing passwords, as appropriate.

Over 360,000 affected by Florida School Data Breach

A data breach at the Florida Virtual School is thought to have impacted impacted more than 368,000 current and former students and up to 2,000 teachers at the school. A statement from FLVS says the breach likely occurred between May 6, 2016, and Feb. 12, 2018, but it wasn’t reported until last Friday. FLVS says school records including students names, dates of birth, school account numbers, their usernames and passwords as well as parent’s names and emails were compromised by the breach.

Continue reading

Data stolen from UK government contractor by cyber-espionage group

News broke this morning that a cyber-espionage group, historically believed to be operating in the interests of the Chinese government is believed to have hacked a UK government contractor from where security researchers found evidence that attackers stole information related to UK government departments and military technology.

Continue reading

Data privacy still being ignored by organisations

It has been found that many organisations are not doing all they can to protect data privacy with there being a lack of transparency in how businesses store personal data, according to PwC’s 2018 Global State of Information Security Survey (GSISS). It was found only 51% of respondents have an accurate inventory of where personal data for employees and customers are collected, transmitted, and stored. When it comes to third parties who handle personal data of customers and employees, less than half (46%) conduct compliance audits to ensure they have the capacity to protect such information. And a similar number (46%) say their organisation requires third parties to comply with their privacy policies.

Continue reading

Bittium exhibits its innovative R&D services for IoT; and medical technology products at Wearable Technology Show 2018 in London

Bittium exhibits its innovative R&D services for IoT; and medical technology products at Wearable Technology Show 2018 in London

Bittium’s presentation discusses about medical remote monitoring in the 5G era

Oulu, Finland, March 12, 2018 – Bittium exhibits its innovative R&D services for IoT (Internet of Things); and medical technology products at Wearable Technology Show 2018, to be held in ExCel, London, the United Kingdom on March 13–14, 2017. Bittium’s strong competence in medical grade R&D services, wireless devices, digitalization and information security enable us to create solutions which bring clear added value to both healthcare workers and patients.

Continue reading