The importance of assuring the security and testing quality of third-party provided applications is more than evident when you consider an NHS reported data breach of 150,000 patient records this month. The NHS said the breach was caused by a coding error in a GP application called SystmOne, developed by UK based ‘The Phoenix Partnership’ (TTP). The same assurances also applies to internally developed applications, case-in-point was a publically announced flaw with Thomas Cook’s booking system discovered by a Norwegian security researcher. The research used to app flaw to access the names and flights details of Thomas Cook passengers and release details on his blog. Thomas Cook said the issue has since been fixed.
Third-Third party services also need to be security assured, as seen with the Typeform compromise. Typeform is a data collection company, on 27th June, hackers gained unauthorised access to one of its servers and accessed customer data. According to their official notification, Typeform said the hackers may have accessed the data held on a partial backup, and that they had fixed a security vulnerability to prevent reoccurrence. Typeform has not provided any details of the number of records compromised, but one of their customers, Monzo, said on its official blog that is was in the region of 20,000. Interestingly Monzo also declared ending their relationship with Typeform unless it wins their trust back. Travelodge one UK company known to be impacted by the Typeform breach and has warned its impacted customers. Typeform is used to manage Travelodge’s customer surveys and competitions.
Other companies known to be impacted by the Typeform breach include:
- 80,000 hours (a career advice provider) – 8,300 customers, names, emails, mobile
- Revolut11,000 customers, ICO is known to be informed
- Fortnum and Mason (Food retailer) -23,000 customers
- UK Liberal Democrat Party
- Airtasker (Australian job marketplace)
- Tasmanian Electoral Commission
- Baker Delight
- German SPCAF & Rencore
The Information Commissioner’s Office (ICO) fined Facebook £500,000, the maximum possible, over the Cambridge Analytica data breach scandal, which impacted some 87 million Facebook users. Fortunately for Facebook, the breach occurred before the General Data Protection Regulation came into force in May, as the new GDPR empowers the ICO with much tougher financial penalties design to bring tech giants to book, let’s be honest, £500k is petty cash for the social media giant.
Facebook-Cambridge Analytica data scandal
Facebook reveals its data-sharing VIPs
Cambridge Analytica boss spars with MPs
A UK government report criticised the security of Huawei products, concluded the government had “only limited assurance” Huawei kit posed no threat toUK national security. I remember being concerned many years ago when I heard BT had ditched US Cisco routers for Huawei routers to save money, not much was said about the national security aspect at the time. The UK gov report was written by the Huawei Cyber Security Evaluation Centre (HCSEC), which was set up in 2010 in response to concerns that BT and other UK companies reliance on the Chinese manufacturer’s devices, by the way, that body is overseen by GCHQ.
Banking hacking group “MoneyTaker” has struck again, this time stealing a reported £700,000 from a Russia bank according to Group-IB. The group is thought to be behind several other hacking raids against UK, US, and Russian companies. The gang compromise a router which gave them access to the bank’s internal network, from that entry point, they were able to find the specific system used to authorise cash transfers and then set up the bogus transfers to cash out £700K.
- NHS Data Breach affects 150,000 Patients due to Third-Party Supplier Coding Error
- Names and flight details exposed in Thomas Cook Customer Data Breach
- Hackers net almost $1m in Russian Bank Raid
- Hacker found selling info on top-secret MQ-9 Reaper UAV on the Dark Web
- Ex-Apple Engineer on Route to China Arrested for stealing secret info on Autonomous Car Project
- Telefonica Breach leaves Data on Millions Exposed
- Facebook fined £500,000 by the ICO for Cambridge Analytica Data Breach
- Several Companies Customer Data compromised by Hacked Third Party Supplier Typeform
- UK Gov Criticises the Security of Huawei Products
- Flaws in Health and Fitness Wearables help Hackers poach Personal Data of Users
- Singapore Personal Data Hack hits 1.5m, Health Authority says
- Banking Trojans Rocket & Cryptomining here to stay
- BAE Systems launches ‘The Intelligence Network’
- Two New Spectre Vulnerability Variants Emerge
- New and Improved Magniber Ransomware within Asia
- Russia leads the Nation-state Attacks against Business according to a Report by Carbon Black
- Financial Times Special Report on Cyber Security
- Banking Trojans rocket, while cryptomining is here to Stay according to the Check Point Global Threat Index
- The share of Cryptomining attacks grew from 7% to 32% of all Attacks in just Six months
*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by Dave Whitelegg. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/uyWowkkislQ/cyber-security-roundup-for-july-2018.html