Second-hand goods firm CeX disclosed a compromise of up to 2 million online customer accounts due to a hack, however, CeX has yet to disclose any details about the cyber attack. My blog post and advice about this is here http://blog.itsecurityexpert.co.uk/2017/08/up-to-2-million-cex-customer-account.html
Hackers had a field day taking over social media accounts, from Real Madrid and FC Barcelona to Game of Thrones, much embarrassment could have been avoided if they had adopted multi-factor authentication on the accounts, aside from the spate of Instagram hacks which were caused by the exploitation of a software vulnerability, namely within Instagram’s API.
In what looks like a follow on from the UK’s Parliament’s email brute force email account attack in June, the Scottish Parliament was hit by a very similar cyber attack, it was reported, as per the Westminister attack, many SMPs were found to be using weak passwords. Let’s hope the Welsh Assembly have taken note and have learned the password security lessons.
A massive ‘spambot’ holding 711 million email addresses was found to be spreading malware by a security researcher. It was said to have been put together using stolen data from previous LinkedIn and Badoo data breaches. Using legitimate email addresses helps in the avoidance of anti-phishing and spam filters.
On the ransomware front, LG reported WannaCry caused a two-day shutdown of its business in South Korea. TNT customers were said to be furious after NotPeyta badly affected its ability to deliver hundreds of thousands of items, particularly within in the Ukraine. And Digital Shadows reported a trend in cyber criminals dropping Exploit kits for Ransomware, as there is simply a lot more money to be made out of ransomware attacks.
On the critical security patching, Microsoft released 25, Adobe released 43, and Drupal patched a critical bug. And there was an interesting article posted by Microsoft on Cyber Resilience worth reading.
- Up to 2 Million CeX Customer Accounts Stolen in Hack
- Giant Spambot Scooped up 711 Million Email Addresses to Spread Ursnif Malware
- Scottish Parliament targeted by Email Brute-Force Cyber Attack
- TalkTalk Fined for Poor Staff Monitoring causing a Data Breach of 21,000 Customers
- Instagram Flaw allowed Celebrity Contact Details Stolen by Hackers
- Real Madrid Twitter accounts Hacked shortly after FC Barcelona Account is Breached
- LG hit by WannaCry Ransomware, causing a Two Day Shutdown
- World of Warcraft, Overwatch, Hearthstone and other games hit by DDoS
- Hackers steal nearly £400K from Enigma Virtual Currency ICO Investors
- Anonymous Hacks NHS System, Data of 1.2 Million Patients Allegedly Exposed
- Customers ‘furious’ with TNT after NotPetya Cyber Attack Meltdown
- Game of Thrones Social Media Hacked in spate of Cyber Attacks against HBO
- Fancy Bears Release Data on Footballers’ TUE drug use after New Hack
- Russian Hackers Accused of Spying on Hotels
- Microsoft release 25 Critical Updates to fix flaws in IE, Edge, SQL, Flash & Windows
- Adobe releases fixes for 43 Critical Security Vulnerabilities in Acrobat and Reader
- Drupal Patches Critical Remote Access Bypass Bug
- Popular Robots are Dangerously Vulnerable and Easy to Hack, Researchers Say
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
- SyncCrypt Ransomware able to Sneak Past most Antivirus Defenses
- Major Decline in Exploit Kits due being Less Financially Viable than Ransomware
- SSL Encrypted Malware Doubles this Year, Phishing Over SSL/TLS up 400%
- Malicious PowerPoint slide show files deliver REMCOS RAT
- 2017 Cloud Security Report: Web Application Attacks Account of 73% of Incidents
- Cyber Governance Health Check Report 2017: 68% of boards not trained to handle Cyber Security Incidents
- Article: Microsoft’s perspective on Cyber Resilience
*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by Dave Whitelegg. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/BlRQ6YmmbKs/cyber-security-roundup-for-august-2017.html