Cyber Security Roundup for January 2019
The first month of 2019 was a relatively slow month for cyber security in comparison with the steady stream of cyber attacks and breaches throughout 2018. On Saturday 26th January, car services and repair outfit Kwik Fit told customers its IT systems had been taken offline due to malware, which disputed its ability to book in car repairs. Kwik Fit didn’t provide any details about the malware, but it is fair to speculate that the malware outbreak was likely caused by a general lack of security patching and anti-virus protection as opposed to anything sophisticated.
B&Q said it had taken action after a security researcher found and disclosed details of B&Q suspected store thieves online. According to Ctrlbox Information Security, the exposed records included 70,000 offender and incident logs, which included: the first and last names of individuals caught or suspected of stealing goods from stores descriptions of the people involved, their vehicles and other incident-related information the product codes of the goods involved the value of the associated loss.
Hundreds of German politicians, including Chancellor Angela Merkel, have had personal details stolen and published online at the start of January. A 20 year suspect was later arrested in connection to this disclosure. Investigators said the suspect had acted alone and had taught himself the skills he needed using online resources, and had no training in computer science. Yet another example of the low entry level for individuals in becoming a successful and sinister hacker.
Hackers took control of 65,000 Smart TVs around the world, in yet another stunt to support YouTuber PewDiePie. A video message was displayed on the vulnerable TVs which read “Your Chromecast/Smart TV is exposed to the public internet and is exposing sensitive information about you!” It then encourages victims to visit a web address before finishing up with, “you should also subscribe to PewDiePie”
The PewDiePie hackers said they had discovered a further 100,000 vulnerable devices, while Google said its products were not to blame, but were said to have fixed them anyway. In the previous month two hackers carried out a similar stunt by forcing thousands of printers to print similar messages. There was an interesting video of the negative impact of that stunt on the hackers on the BBC News website – The PewDiePie Hackers: Could hacking printers ruin your life?
Kaspersky reported that 30 million cyber attacks were carried out in the last quarter of 2018, with cyber attacks via web browsers reported as the most common method for spreading malware.
A new warning was issued by Action Fraud about a convincing TV Licensing scam phishing email attack made the rounds. The email attempts to trick people with subject lines like “correct your licensing information” and “your TV licence expires today” to convince people to open them. TV Licensing warned it never asks for this sort of information over email.
January saw further political pressure and media coverage about the threat posed to the UK national security by Chinese telecoms giant Huawei, I’ll cover all that in a separate blog post.
BLOG
- Information Security no longer the Department of “NO”
- 43% of Cybercrimes Target Small Businesses – Are You Next?
- The Emergence of Geopolitical Fuelled Cyber Attacks
- Is AI the Answer to never-ending Cybersecurity Problems?
- The Biggest Data Breaches of 2018
- Microsoft Windows 7 & Windows 2008 End of Life
- Cyber Security Conferences to Attend in 2019
- What does Cybersecurity have in store for 2019?
- Cyber Security Predictions for 2019
NEWS
- Smart Buildings, including Hospitals, riddled with Devices Vulnerable to Hackers
- Airbus warns staff to Increase Vigilance over Cyber-Security following Breach
- US Issues Emergency Cyber Security Directive as Iran-linked Hackers strike during shutdown
- Yahoo Data Breach Payout blocked by judge
- Credential Stuffing Attack prompts Reddit to force Password Reset
- PewDiePie Hackers take over Google Smart TV systems
- TV Licence fee scam – the dangerous fake email and the real refunds available
- 30 Million UK Cyber Attacks carried out in Q4 2018
- B&Q ‘exposed data about store thieves’
- Kwik Fit hit by Malware, knocking out IT systems
- German Politicians targeted in Mass Data Cyber Attack
- Microsoft Patches 48 Vulnerabilities, including 7 Critical for Windows, Edge, Hyper-V, Chakra and Adobe Flash
- Microsoft Releases 3 “out of band” non-Critical Patches for Team Foundation Server and Skype Business Server 2015
- CERT/CC issues warning for Microsoft Exchange 2013
- Adobe Releases Fixes 2 Critical Vulnerabilities in Acrobat and Acrobat Reader
- Google Chrome Update contains 58 Security Fixes
- Apple disables Group FaceTime after Major Security Flaw is found
- Critical Privileged Access Vulnerability Patch issued for Cisco Switches
- Intel Patches Flaws that could lead to Privilege Escalation
- Cisco patches 18 vulnerabilities including a critical memory corruption DoS bug
- Oracle Releases 248 Patches within their Quarterly Security Update
- Apple Releases Security Updates for iOS, macOS, tvOS, watchOS and other products
- Flaws in PremiSys Access System could literally open door for Physical Intruders
- Ryuk Ransomware linked to Emotet and TrickBot trojans; suspicions shift to Cyber-Criminal Group
- APT39: New Iranian APT identified by FireEye and Kaspersky
- Iran Linked to new DNS Manipulation Attack
- DarkHydrus APT group delivers RogueRobin Trojan via Google Drive
- 2019 State of the Phish Report
- Carbon Blacks 2019 Global Threat Report
- The Malwarebytes Annual State of Malware report 2018
- WEF Report: Cyber is an Existential Threat to World along with Environment
*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by Dave Whitelegg. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/28QgcM8n8BI/cyber-security-roundup-for-january-2019.html