Research

The HSBC Breach and Data Classes

Personal data such as customers' names, addresses, social security numbers, date of birth, and account numbers along with other non-financial information is believed to have been accessed during the breach period. First Published 9th November 2018 The world's local bank make news head …

Read Story

An Update on the British Airways Breach and the Difficulty of Estimating Breach Numbers

An Update on the British Airways Breach and the Difficulty of Estimating Breach Numbers

“How many people were affected by the British Airways data breach?” That has been the million-dollar question for some time, but providing decent estimates in moments of crisis is hard. First Published 2nd November 2018 BA addresses the fallout. 4 min read | Reflare Research Team A st …

Read Story

Cathay Pacific and Reading Between the Lines of Breach Reports

Cathay Pacific Airways, a Hong Kong-based airline revealed that it was recently the victim of a cyber-attack that exposed the personal data of its users. "What are the details" you ask? Well, that's an interesting question. First Published 26th October 2018 Airlines are clearly a popu …

Read Story

Updates on Supply Chain Level Backdoors and Magecart

It appears that the supply chain level backdoor has been thought of as a viable business model for quite some time. And now people (and governments) are asking the pointy questions. First Published 12th October 2018 For a nostalgic feel, Supermicro's latest quantum prototype comes in …

Read Story

The Risk of Hardware Backdoors

If the Bloomberg report is true, this means that American companies aren’t the only victims of hardware tampering. This is a real threat that’s been growing for years, and multinational companies are at risk. First Published 8th October 2018 These aren't the droids you're looking for. …

Read Story

Facebook's 'View As' Breach

In extreme cases, an attacker could use this access to take over the accounts of the people they are spying on - read their private messages, post things on their behalf, and play havoc with their digital lives. First Published 1st October 2018 Access tokens - kinda important to get r …

Read Story

Formalised Offensive Cyber Strategies

The US Department of Defense Cyber Strategy serves as DoD's next step toward re-engineering cyber operations to protect and defend its networks and systems. This is the first time the DoD has had a clear direction on how it will address its cyber needs. So tell me, where's your plan? …

Read Story

Old Attackers, New Targets - The British Airways Breach

The site was extremely well designed and did not feel at all ‘spammy’ to use – indeed, on the surface it felt reassuringly professional, with a slick revolving banner of destinations. It just clearly wasn't British Airways. First Published 14th September 2018 The world's favourite air …

Read Story

Attack Realities - Browser Plugins and Risk

Attack Realities - Browser Plugins and Risk

The MEGA Chrome extension for file hosting included JavaScript code designed to monitor web traffic in order to steal the user’s login credentials from a large selection of sites. First Published 7th September 2018 Guilty by extension. 3 min read | Reflare Research Team On September 4 …

Read Story

Audits, Attacks and False Positives

Audits, Attacks and False Positives

Recently, several security companies detected phishing pages using the name of a core DNC system. These pages attempted to trick users into providing their login credentials by spoofing the legitimate login page for a Democratic Congressional Campaign Committee (DCCC) application buil …

Read Story

Subscribe by email