Cyber Security Roundup for March 2019
The potential threat posed by Huawei to the UK national infrastructure continues to be played out. GCHQ called for a ban on Huawei technology within UK critical networks, such as 5G networks, while Three said a Huawei ban would delay the UK 5G rollout, and the EU ignored the US calls to ban Huawei in 5G rollouts, while promoting the EU Cybersecurity certification scheme to counter the Chinese IT threat, which is all rather confusing. Meanwhile, Microsoft Researchers found an NSA-style Backdoor in Huawei Laptops, which was reported to Huawei by Microsoft, leading to the flaw being patched in January 2019.
- Is Huawei a Threat to UK National Security?
- Huawei: The company and the security risks
- The assessment of the Chinese state as hostile towards Western nations is key in understanding why Huawei is considered a risk
- Should we worry about Huawei?
- Why has the UK not blocked Huawei?
Why Huawei matters in five charts
- EU Cybersecurity Act to enable certification of connected devices
Facebook made negative security headlines yet against after they disclosed that 20,000 of their employees had access to hundreds of millions of their user account passwords for years.
One of the world’s biggest aluminium producers, Norsk Hydro, suffered production outages after a ransomware outbreak impacted its European and US operations. Damages from ransomware attack on Norsk Hydro reach as high as $40M.
Citrix disclosed a security breach of its internal network may have compromised 6Tb of sensitive data. The FBI had told Citrix that international cyber criminals had likely gained access to its internal network. Citrix said in a statement it had taken action to contain the breach, “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI”. According to security firm Resecurity, the attacks were perpetrated by Iranian-linked group known as IRIDIUM.
The top 10 biggest breaches of 2018 according to 4iQ were:
- Anti-Public Combo Collections – (Hacked) Sanixer Collection #1-6, 1.8 billion unique email addresses.
- Aadhaar, India – (Open third party device) 1.1 billion people affected
- Marriott Starwood Hotels – (Hacked) 500 million guests PII
- Exactis – (Open device) 340 million people and businesses.
- HuaZhu Group – (Accidental Exposure) 240 million records
- Apollo – (Open device) 150 million app users.
- Quora – (Hacked) 100 million users.
- Google+ – (API Glitch) 52.2 million users.
- Chegg – (Hacked) 40 million accounts
- Cathay Pacific Airways (Targeted attack) 9.4 million passengers.
- Millions of Facebook Passwords exposed Internally for Years
- Security Flaw put RBS Customers at risk of Cyber-Attack
- Norwegian Aluminium producer Norsk Hydro hit by Extensive Cyber Attack, costing up $40M
- Health Apps pose ‘unprecedented’ Privacy Risks
- Microsoft Researchers find NSA-style Backdoor in Huawei Laptops
- EU ignores US call to ban Huawei in 5G rollout
- 809 Million Emails Leaked from accessible MongoDB Database
- European Parliament adopts Cybersecurity Act to counter Chinese IT threat
- Huawei: Chinese Telecoms giant ‘still a Security Threat to UK’ – GCHQ
- Huawei ban would delay 5G rollout: Three
- Citrix Discloses Security Breach of Internal Network, 6Tb of Sensitive Data Stolen
- Equifax neglected Cybersecurity prior to Breach, Senate report finds
- Insurance Companies collaborate to offer Cybersecurity Ratings
- ShadowHammer Attack installed Backdoors on a Million ASUS devices
- ICO helps Developers Produce Compliant Data Products via Sandbox Service
- Security Flaw put RBS Customers at Risk of Cyber-Attack
- 100,000 Leaked Authentication Secrets on GitHub, 89% Sensitive Insurer refuses Payout to DLA Piper over NotPetya Cyberattack
- Microsoft Patches 64 Vulnerabilities, including 17 Critical for Windows, IE, MS XML, ActiveX, Chakra and Adobe Flash
- Adobe Patches Critical Flaws in Photoshop CC, Cold Fusion and Digital Editions
- Chrome Updated to Combat an Exploited Zero Day
- Apple Patches more than 50 Vulnerabilities
- Cisco may have Released a Faulty Patch in Most Recent Update
- Mozilla Plugs Two Critical Security holes in Thunderbird
- Critical Flaw in Magento e-Commerce Platform Exposes 300,000 e-Commerce Websites to SQL injection
- Mirai Variant adds 11 News Exploits, Shifting Focus to Enterprise IoT Devices
- Microsoft grabs APT35/Charming Kitten websites in court ordered take down
- Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits
- Elfin, aka APT33, targets U.S., Saudi Arabian firms in Cyberespionage Campaign
*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by SecurityExpert. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/ma19eS5-2O4/cyber-security-roundup-for-march-2019.html