Tag Archive for: Spore

S’pore police: Don’t download files from unknown sources on phones, risks of losing private pics & vids, banking & social media credentials real – Mothership.SG

/in


Follow us on Telegram for the latest updates: https://t.me/mothershipsg

The Singapore police and the Cyber Security Agency of Singapore (CSA) has issued an advisory to remind the public of the dangers of downloading files from unknown sources that can lead to malware installation on victims’ mobile devices.

This may result in confidential and sensitive data, such as banking credentials, being stolen.

Don’t download things from sketchy sources

The advisory said malware may infect mobile devices through various means, including through the downloading of free software from unknown sources, opening of unknown email attachments and visiting of malicious websites.

Users should also be wary if they are asked to download unknown or suspicious Android Package Kit (APK) files onto their mobile devices.

This files may appear with seemingly genuine naming conventions, such as GooglePlay23Update.apk or GooglePlay.apkUpdate.apk.

These are not official APK files released by Google even though they contain the references to “GooglePlay”, the advisory warned.

Plenty of risks

Upon installation of the mobile malware, users’ mobile devices may be exposed to the following risks:

• Significant decline in the mobile devices’ performance

• Unauthorised access to the mobile devices’ systems/ data that allow attackers to remotely control infected mobile devices, possibly resulting in loss of user control

• Unauthorised installation or uninstallation of applications

• Interception of SMSes

• Receipt of unwanted push notifications or warnings

• Exfiltration of confidential and sensitive data stored in infected mobile devices such as banking credentials, stored credit card numbers, social media account credentials, private photos and/ or videos, among other information.

Attackers can use such information to gain unauthorised access to users’ social media accounts to perpetrate impersonation scams or perform fraudulent financial transactions that results in reputational and monetary losses.

Prevention methods

Members of the public are advised to take the following steps to ensure that their mobile devices are adequately protected against malware:

• Only download and install…

Source…

S’pore firms warned to quickly fix Log4j software security hole that world experts call worst in years, Tech News News & Top Stories

/in


SINGAPORE – Organisations should take swift action to patch a “critical vulnerability” in a widely used software that could allow hackers to take full control of computer systems, the Cyber Security Agency of Singapore (CSA) said on Tuesday (Dec 14).

This is because “we only have a short window” to put in place measures to limit any abuse of the flaw, warned the agency.

The flaw, which affects a wide range of applications from social media and gaming to online shopping and banking, is likely to affect hundreds of millions of devices, the United States’ national cyber-security agency said on Monday, adding that it could be one of the worst in years.

The affected Apache Log4j is a free, open source software that is popularly used to log and keep track of activities and changes in software applications, including system errors and messages from users.

Public and private sector organisations are expected to be affected.

Cyber-security experts warned that the flaw can be easily exploited by adding just a line of code. This could allow cyber crooks to, among other things, abuse the vulnerability to steal and delete data, hijack a company’s e-mail system to send phishing messages to other firms, and make fraudulent bank transfers.

Among the services and sites known to be vulnerable at some point include Apple’s iCloud online back-up service, Valve’s Steam online game store and Microsoft’s Minecraft online game. Other firms reportedly at risk include Amazon, Baidu, Google, Tencent and Twitter.

While CSA has not received any reports of breaches related to the vulnerability for now, it is closely monitoring the situation.

CSA’s urgent call to action follows from an initial alert it sent out last Friday.

It also comes after US Cybersecurity and Infrastructure Security Agency (Cisa) director Jen Easterly said the flaw, also called Log4Shell or LogJam, “is one of the most serious I’ve seen in my entire career, if not the most serious”, reported cyber-security news site CyberScoop.

Last Saturday, Germany’s cyber-security watchdog the BSI issued the highest red alert warning on the security hole, saying it posed an “extremely critical threat” to Web servers.

Apple and several companies…

Source…

Nearly 73,500 patients’ data affected in ransomware attack on eye clinic in S’pore, Tech News News & Top Stories

/in


SINGAPORE – A ransomware attack has affected the personal data and clinical information of nearly 73,500 patients of a private eye clinic.

The information included names, addresses, identity card numbers, contact details and clinical information, said Eye & Retina Surgeons (ERS) on Wednesday (Aug 25).

But the clinic said that no credit card or bank account information was accessed or compromised.

It added that its IT system has been restored securely, and its IT providers have completed a thorough check of the clinic’s system, reformatted servers and run anti-virus scans on all computer terminals.

Measures will be taken to prevent the breach from recurring, ERS said.

ERS had fallen prey to a sophisticated ransomware cyber attack by hackers on Aug 6. Such attacks usually involve locking up data until victims pay the hackers.

Servers and several computer terminals at the clinic’s Camden branch were affected, but its IT system at the Novena branch was not.

While no sensitive data has been leaked publicly for now, the clinic said that it will monitor the situation closely.

ERS said that for data security reasons, it maintains active medical records separately on a cloud-based system, so they were not accessed or compromised in the cyber attack. Clinical operations were not affected too.

The clinic said it is now in the process of informing patients of the cyber attack.

The police, Personal Data Protection Commission – which said it is seeking more information from ERS – and the Cyber Security Agency of Singapore (CSA) have been informed.

ERS is also working with CSA and the Ministry of Health to investigate the root causes of the attack and, together with security experts, is also trying to identify potential areas the company can better secure.

The clinic claimed that it uses “reputable and established external IT service providers to advise on and maintain its IT systems, and subscribes to appropriate anti-virus and other protective software, which are regularly updated”.

“ERS regrets this breach and wishes to assure its patients that it takes patient confidentiality very seriously,” the clinic said, adding that it will continue to do everything it can to protect and secure…

Source…