The theft of
over half a billion Yahoo user accounts by hackers has dominated the news
headlines in the last couple of weeks. Since announcing the largest hack in
history, Yahoo has come in for heavy criticism, given it took two years for
Yahoo to notice the massive data theft, talk of lacklustre security behind the
scenes at the company, and doubts over Yahoo’s claims the cyber attack was
state-sponsored. Lawyers representing users, the US Senate and the UK ICO have
all lined up to take pop-shots at Yahoo and are threatening action.
Interesting example of Hacktivism after a Russian group called "Fancy Bears" hacked and released the World Anti-Doping Agency medical records of prominent British and American Olympic athletes. The motivate appears to be a revenge protest aimed at causing embarrassment to medal winning Western athletes following the banning of several Russian athletes at the recent Rio Olympic games for banned sport enhancing drug use. The posted stolen records showed western athletes had taken a variety of banned drugs for legitimate reasons and conditions, which all were approved by the Anti-Doping Agency. Fascinating case for both athletics and data protection worlds, as even athletes in the public eye still have a right to privacy, especially when it concerns information about any medical conditions they have.
UK payment card fraud has risen by 53% over the last 12 months. The shock increase was blamed on scammers using more sophisticated attack methods. This spike in payment card fraud certainly would have been noted by the UK National Cyber Security Centre (NCSC), as it gears up to launching next month. The NCSC is part of the UK government’s £1.9 billion investment plan to beef up the UK’s cyber security capabilities over the next 5 years.
There is an
interesting video webinar posted this month, which reviews the $81 million
SWIFT Bank Hack by the company that investigated it. It concludes with the
SWIFT Bank investigators firmly pointing the finger of blame at weak endpoint
security at the bank. Elsewhere the Locky Ransomware continues to be evolved by
hackers seeking to make their fortune out of the nefarious tool.
On Tuesday 27th September I spoke at the R3 Summit (Resilience, Response and Recovery) in London, and summarised my advised approach with cyber incident management in a blog post the following day - Cyber Security Incident Management, Response and Recovery Guidance
News
- Yahoo Hit in Worst Hack Ever, Over 500 Million Accounts Stolen
- World Anti-Doping Agency Medical records released by Russian Hackers
- Payment Fraud soars by 53% in a year as scammers get Sophisticated
- TalkTalk loses appeal against £1000 ICO Penalty
- UK moves to ‘Active Cyber-Defence’ as the NCSC Gears Up
- GCHQ to fund startups to fight Cyber-Crime
- Michelle Obama’s Passport leaked by Hacker
- Everyone should cover up their Laptop Webcams Right Now, says FBI director
- Microsoft release 7 Critical Patches for Windows, Edge, IE, Office, Flash Player & Exchange
- Adobe patches flaw in ColdFusion that opens Apps up to Attack
- Cisco Advisory - Information Disclosure Vulnerability in Multiple Cisco Products
Awareness, Education and Intelligence
- Examining the SWIFT Bank Hack: An In-depth look at the $81 Million Cyber Attack
- Locky Developers Upgrade Ransomware's Ability to perform Offline Encryption
Reports
No comments:
Post a Comment