Yahoo announced the largest ever data breach in history, with over 1 billion Yahoo user accounts compromised by a past cyber attack, which I covered in Yahoo’s Mind-blowing One Billion Data Theft Hack. This truly humongous data hack is distinct from the 2014 breach of 500 million accounts reported by Yahoo in September. Elsewhere KFC, Topps, The Daily Motion and LinkedIn’s Lynda.com also reported large customer data breaches of millions of records during December.
We need to be mindful of never to “get use to” and accepting these massive numbers of hacked online accounts, by businesses we entrust with our personal information, especially where these businesses have been found ‘wanting’ on the cyber security defences by under investing. The old spin doctor excuses of indefensible super hacks orchestrated by sophisticated nation-state backed dark forces tends not to stand up once the facts are uncovered. There is nothing sophisticated about teenage kids using freely downloadable software to take advantage of decade old and basic security vulnerabilities.
The media and security experts continues to pour scorn on TalkTalk’s cyber security, following the firm’s poor handling and customer advice after a cyber attack of unpatched TalkTalk customer broadband routers.
ThyssenKrupp, a large German steel maker firm, disclosed it was a victim of cyber intellectual property (IP) theft. Businesses rarely admit to IP data theft given such admissions can serious harm the business’s reputation and share price. Given the high media and public attention in protecting personal data from cyber attacks, following a year of high profile large customer record losses due to cyber attacks, it can be easy for businesses to take their eye off protecting their IP, and to become complacent with IP protection and security.
I was quoted in the Focus Training’s Blog. An ‘Ask the Experts’ piece on ‘How to Protect your business from Cyber Crime’, my advice was as follows.
There was a Christmas bumper of patch releases in December, with Microsoft, VMWare, Joomla, PHP and Android all releasing patches for critical vulnerabilities.
- Yahoo Hack: 1 Billion User AccountsCompromised by biggest Data Breach in History
- KFC’s Colonel Club Hacked, 1.2 Millionadvised to Change Passwords
- DailyMotion breached, 85 Million AccountsStolen
- TalkTalk and Post Officerouters taken offline by Cyber Attack
- TalkTalk’s Wifi Hack advice is’astonishing’ Customers urged to get Routers Swapped
- German Steel firm’s IP stolen in Massive CyberAttack
- European Banking Breach guidelines moreStrict than EU GDPR
- Ashley Madison forced to pay £1.3m forDeceptive Security Practices
- LinkedIn’s Lynda.com breached, 55,000 userpassword reset, 9.5 Million Users Warned
- Insurers handling ‘Hundreds’ of Breach Claims
- Domino’sPizza advises Customers to change their Passwords
- Star Wars card firm Topps hitby ‘unforgiveable’ Hack
- Ask The Experts: How to Protect Your Business From Cyber Crime
- Microsoft release 6 Critical Patches for Windows, Edge, IE, Office & Adobe Flash Player
- Skype Backdoor missed by Microsoft Development Team
- Android Dirty Cow flaw is Finally Patched (CVE-2016-5195)
- Joomla flaw allows Attacker to Change passwords and Seize Websites
- 3 Critical PHP 7 Flaws Detected and Patched
- VMware fixes stored XSS vulnerability in ESXi Hypervisor
Awareness, Education and Intelligence
- Over 400,000 Phishing websites have been detected Each Month in 2016
- Hailstorm Methods used to spread Malware in Phishing Attacks
- Critical Infrastructure Technology Report:Mirai ‘is just the Tip of the Iceberg’
- UK Identity Fraud on the Rise
This is a Security Bloggers Network syndicated blog post authored by Dave Whitelegg. Read the original post at: IT Security Expert Blog