A massive data breach at Equifax dominated the UK media finance headlines this month, after 143 million customer records were compromised by a cyber-attack, 400,000 of which were UK customer accounts. Hackers took advantage of Equifax’s negligence in not applying security updates to servers. The data breach has already cost the CEO, CIO and CISO their jobs. In the UK Equifax faces investigations and the prospect of significant fines by both the Financial Conduct Authority and the Information Commissioner's Office over the loss of UK customer financial and personal data respectively.
NEWS
Hackers stole a quarter of a million Deloitte client emails, follow the breach Deloitte was criticised by security professional for not adopting two-factor authentication to protect the email data which they hosted in Microsoft’s Azure cloud service.
September was an extremely busy month for security updates, with major patches releases by Microsoft, Adobe, Apache, Cisco and Apple to fix an array of serious security vulnerabilities including BlueBorne, a Bluetooth bug which exposes billions of devices to man-in-the-middle attacks.
September was an extremely busy month for security updates, with major patches releases by Microsoft, Adobe, Apache, Cisco and Apple to fix an array of serious security vulnerabilities including BlueBorne, a Bluetooth bug which exposes billions of devices to man-in-the-middle attacks.
UK government suppliers using Kaspersky to secure their servers and endpoints may well be feeling a bit nervous about the security software after Kaspersky was banned by US Government agencies. The US Senate accused the 20-year-old Russian based security company as being a pawn of the Kremlin and posing a national risk to security. Given the US and UK intelligence agency close ties, there are real fears it could lead to a similar ban in the UK as well. A UK ban could, in theory, be quickly extended to UK government suppliers through the Cyber Essentials scheme, given the Cyber Essentials accreditation is required at all UK government suppliers.
While on the subject of the Russia, the English FA has increased its cybersecurity posture ahead of next year's World Cup, likely due to concerns about the Russian Bears hacking group. The hacking group has already targeted a number of sports agencies in recent months, including hacking and releasing football player's world cup doping reports last month.
In the last couple of weeks, I was Interviewed for Science of Security, and I updated my IBM Developer Works article on Combating IoT Cyber Threats.
- Equifax Data Breach: 143 Million Records Stolen, including 400,000 UK Customers
- Deloitte hit by Cyber Attack Revealing clients’ Secret Emails
- Kaspersky software banned from US Government Agencies
- Avast CCleaner used to Spread Backdoor to over Two Million Users
- NSA Cryptography Proposal Rejected by Allies
- Thousands of Amazon AWS Instances Host C&C Servers for POS Malware
- FA increases Cyber Security over World Cup 2018 Hacking Concerns
- Lenovo fined over Superfish Adware-Ridden Laptops
- 20% of Manchester Police computers at Risk of Ransomware - using XP
- BlueBorne: Billions of Bluetooth devices Vulnerable to MITM Attacks
- Apache Struts alters API code, Patch Critical Remote Code Execution Flaw
- Microsoft release Critical Security Updates for IE/Edge, Office, .NET, Skype & Windows
- Adobe Releases Fixes for 43 Critical Security Vulnerabilities in Acrobat and Reader
- Cisco patches remote code execution flaws in IOS and IOS XE
- Bashware Vulnerability could put 400 million Windows systems at Risk
- Joomla 3.8 Patches eight-year-old Credential Stealing Flaw
- Apple Patches a potentially Critical Vulnerability with iOS 11.0.01 Update
- Apple iOS 11 makes it harder for Law Enforcement to Access Data
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
- Dragonfly APT Group Targeting Power Facilities
- SynAck Ransomware Attacks on the Rise - Active £325k Bitcoin Wallet
- Locky Ransomware back in Huge Spam Campaign; New Variant Escapes Sandbox
- Phishers Target LinkedIn users via Hijacked Accounts
- NIST Guidelines for Ransomware Recovery: Situational Awareness Vital
- Dolphin Attack could allow Hackers to take over AI Voice Assistants
No comments:
Post a Comment