The final Cyber Security Roundup of 2018 concludes reports of major data breaches, serious software vulnerabilities and evolving cyber threats, so pretty much like the previous 11 months of the year.
5.3 millions users of “make your own avatar” app Boomoji had their accounts compromised, after the company reportedly didn’t secure their internet connected databases properly. “Question and Answer” website Quora also announced the compromise of 100 million of its user accounts following a hack.
A large data breach reported in Brazil is of interest, a massive 120 million Brazilian citizens personal records were compromised due to a poorly secured Amazon S3 bucket. This is not the first mass data breach caused by an insecure S3 bucket we’ve seen in 2018, the lesson to be learnt in the UK, is to never assume or take cloud security for granted, its essential practice to test and audit cloud services regularly.
Amongst the amazing and intriguing space exploration successes reported by NASA in December, the space agency announced its employee’s personal data may had been compromised. Lets hope poor security doesn’t jeopardise the great and highly expensive work NASA are undertaking.
It wouldn’t be normal for Facebook not to be in the headlines for poor privacy, this time Facebook announced a Photo API bug which exposed 6.8 million user images
Away from the political circus that is Brexit, the European Parliament put into a law a new Cybersecurity Act. Because of the Brexit making all the headlines, this new law may have gone under the radar, but it certainly worth keeping an eye on, even after UK leaves the EU. The EU Parliament has agreed to increase the budget for the ENISA (Network & InfoSec) agency, which will be rebranded as the “EU Agency for Cybersecurity”. The Cybersecurity Act will establish an EU wide framework for cyber-security certifications for online services and customer devices to be used within the European Economic Area, and will include IoT devices and critical infrastructure technology. Knowing the EU’s love of regulations, I suspect these new best practice framework and associated accreditations to be turned into regulations further down the line, which would impact any tech business operating in European Union.
The UK Parliament enacted the “The Health and Social Care (National Data Guardian) Act”, which also went under the radar due to all the Brexit political noise. The act requires the appointment of a data guardian within England and Wales. The data guardian will publish guidance on the processing of health and adult social care data for use by public bodies providing health or social care services, and produce an annual report.
Chinese telecoms giant Huawei had plenty of negative media coverage throughout December, with UK government pressuring BT into not using Huawei kit within BT’s new 5G network, due to a perceived threat to UK’s future critical national infrastructure posed by the Chinese stated-backed tech giant. The UK Defence Secretary Gavin Williamson said he had “very deep concerns” about Huawei being involved in new UK mobile network.
- BT bars Huawei’s 5G kit from core of network
- Huawei’s kit removed from emergency services 4G network
- What’s going on with Huawei?
- Should we worry about Huawei?
- Why has the UK not blocked Huawei?
- Huawei to invest $2bn in UK security
Security company Insinia cause controversy after it took over the Twitter accounts by Eamon Holmes, Louis Theroux and several others celebs. Insinia said it had managed the account takeover by analysing the way Twitter handles messages posted by phone, to inject messages onto the targeted accounts by analysing the way the social network interacted with smartphones when messages are sent. However, Insinia were accused of being unethical and breaking the UK Computer Misuse Act in some quarters.
- FBI swoops on ‘National Threat’ ‘Hacks for hire’ websites
- Quora Hacked: 100 Million Users have their Personal Data Exposed
- Huawei: ‘Deep concerns’ over firm’s role in UK 5G upgrade
- Security Firm Hijacks High-Profile Twitter Accounts
- Boomoji App Developer Leaves Customer Data exposed on Open Database
- Exposed S3 Bucket Compromises 120 million Brazilian Citizens
- Save the Children lost £795 thousand to BEC Scam
- PewDiePie Printer Hackers strike Again
- Citrix Forces Users to Change Passwords after Credential Stuffing Attacks
- NASA Servers with Employee PII Potentially Compromised
- Parliament Creates New National Data Guardian to Safeguard Health and Social Care Data
- FCA warns Banks against Over-Reliance on Third-Party Security Providers
- Facebook Photo API bug exposed 6.8 Million Users images
- EU New Cyber-Security Agency and Certification Framework
- Microsoft Patches 40 Vulnerabilities, including 9 Critical for Text-To-Speech, IE, Office Chakra, DNS, and .NET
- Adobe Releases Fixes for an Important Vulnerability for Acrobat and Acrobat Reader
- Microsoft issues out-of-band patch for Exploited Memory Corruption bug in Internet Explorer
- Mozilla Patches Vulnerabilities in Firefox and Firefox ESR
- NCSC Warns of Vulnerabilities in Office 365 being Exploited by Cyber-Criminals
- Apple releases security updates for macOS iOS, iTunes, iCloud, Safari and tvOS
- Logitech Keyboard App Patched to prevent Hackers Injecting Keystrokes
- Major Vulnerabilities found in IoT protocols MQTT and CoAP
- Virgin Media fixes multiple Security Flaws in Super Hub 3
- Second Google+ Bug Hastens Shutdown
- WatchGuard Internet Security Report: Mac Malware in the Malware Top Ten
- McAfee Labs Threats Report: December 2018: Sharp Increase in IoT Malware Attacks
*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by Dave Whitelegg. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/GzhEJ4Di5OY/cyber-security-roundup-for-december-2018.html