British Council data breach
The British Council, which provides English language courses to students worldwide, experienced a third-party data breach revealing more than 10,000 records. Researchers discovered an unprotected Microsoft Azure blob repository and reported the incident on the 5th of December, 2021.
The blob container (a group of data held in the cloud) was indexed by a public search engine. Clario Tech reported in a Mackeeper blog that the blob contained at least 144k xls, xlsx, xml, and json files.
The datasets reportedly held students’ personal data worldwide, including student IDs, full names, study duration, email addresses, and enrolment dates.
Any student or individual that may have been affected by the data breach should change their password straight away. They should also watch out for suspicious-looking emails and links.
The NHS Trust data breach
The NHS trust, which provides healthcare services in Birmingham and Sandwell, experienced a ‘significant IT data loss incident’ that impacted patient care and staff. The data loss incident disrupted more than twenty systems and was caused by a ‘recommended update.’ Fortunately, no patient data was accessed or exposed.
Apple 'zero-click' malware
Apple became aware of a software flaw that allowed attackers to introduce spyware. The spyware has been attributed to Israel’s NSO Group. Apple recently issued an emergency software fix as part of the iOS 14.8 update.
The most worrisome part of this malware threat was that an iPhone, Mac computer or Apple Watch could be infected without the user clicking on anything. Known as a zero-click exploit, the attacker can hack into the user’s device, and because no click is required, the victim has no opportunity to spot the attack.
Zero-click exploits are costly and highly sophisticated. So, they are usually leveraged to attack specific individuals rather than the population en masse.
Health workers phishing scam
Coronavirus awareness has become the latest tactic of cybercriminal gangs targeting healthcare professionals. In this instance, the cybercriminal sends an authoritative-looking phishing email to healthcare professionals, with the subject line ‘ALL STAFF: CORONA VIRUS AWARENESS.’
The email instructs the reader to register for a compulsory survey and seminar about the deadly virus. Any healthcare team member that clicks the link and completes the registration form ends up giving their personal information to the hackers.
Protecting your business
Keeping up to date with the latest cybersecurity attacks is crucial to keep your business safe by knowing what risks to look out for. OmniCyber offers a range of services to help you protect your business, such as Penetration Testing, Cyber Essentials and more!
Contact us today to speak to a cybersecurity professional.
