Any businesses or individuals using Kaspersky should be aware the UK National Cyber Security Centre has warned government agencies against using the Russian supplier’s products and services, which follows a ban by US government departments in November. Barclays responded to the warning by stopping their free offering of Kaspersky anti-virus products to its customers. 2017 saw Cyber Security become a political football, so it is no real surprise that the UK and US once again blamed North Korea for the devasting WannaCry attacks earlier in the year, personally, I blame poor patch management and hackers, not the North Korea cyber army!
Nadine Dorries MP got herself in hot water after trying to defend now former political colleague Damian Green, following claims of Mr.Green accessed porn on his Parliment computer. This was activity was reported by a retired Police officer, which was said to be a breach of the data protection act. Nadine tweeted “my staff log onto my computer on my desk with my login everyday” to suggest anyone could have used Damian Green’s PC to access the illicit websites. This led to widespread condemnation and a warning by ICO to MPs on password sharing.
The fact illicit websites were not blocked by Parliament systems is one concerning lack security issue, but the flagrant disregard for basic cybersecurity by government MPs is gobsmacking, especially when you consider they are supposed to be understanding the risk and setting laws to protect UK citizens from cyber attacks and data breaches. Its another “slap palm on head” after the last UK Prime Minister announced he wanted to ban encryption.
2017 has seen huge rises in cryptocurrencies values, which has placed cryptocurrency brokers and user crypto coin wallets in the sights of cybercriminals. This month mining platform NiceHash was breached by hackers, who stole £51 million worth of Bitcoin and Bitcoin exchange Youbit, which lets people buy and sell Bitcoins and other virtual currencies, shut down and filed for bankruptcy after losing 17% of its assets in the cyber-attacks. I think we can expect further cryptocurrencies attacks in 2018 given the cryptocurrency bubble is yet to burst.
Faked LinkedIn profiles are nothing new, however, the German Intelligence Agency (BfV) said it had spotted China were using faked LinkedIn profiles to connect with and gather information on German officials and politicians, which is an interesting development.
Finally, Hackers were reported as taking advantage of poorly secured systems at UK private schools, and it was claimed hackers could turn off heating systems at UK schools and military bases.
- NCSC warns UK government agencies on use of Kaspersky Products and Services
- Morrisons Supermarket held Liable after Employee Leaks Data
- Data breach at PayPal’s TIO Networks unit affects 1.6 million Customers
- Hackers target Private UK Schools
- Hackers could turn off UK School and Military Base Heating Systems
- UK & US Blame North Korea for WannaCry
- German Spy Agency warns of Chinese LinkedIn Espionage
- Nadine Dorries MP under scrutiny for comments about Password Sharing
- Three plead guilty to creating Mirai IoT Botnet Malware
- Cryptocurrency thieves steal £51 million of Bitcoin from Mining Platform
- Microsoft releases 19 Critical Security Updates for IE/Edge, Office, & Windows
- Adobe releases fixes for Flash Player
- Updates Address Security Vulnerabilities in Apache Struts versions 2.5 to 2.5.14
- Cisco Patches Multiple Vulnerabilities in WebEx Platforms
- Apple Release Security Updates shortly after releasing another KRACK Fix
- TLS exploit Capitalises on 19-year-old vulnerability; Vendors issue Patch
- TeamViewer releases Emergency Patch for Permissions Flaw
- VMware Fixes Bugs in vCenter Service Appliance and Hypervisors
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
- Threat Group APT-C-23 still active, releases GnatSpy Mobile Malware
- Microsoft bug CVE-2017-11882 Exploited to deliver Loki Information Stealer
*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by Dave Whitelegg. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/OPVk3FFldFg/cyber-security-roundup-for-december-2018.html