In the wake of the global political fallout over the Salisbury nerve agent attack, there are reports of a growing threat of Russian state or Russian state-affiliated hacking groups conducting cyber attack reprisals against UK organisations, government officials have directly warned bosses at electricity, gas and water firms, Whitehall departments and NHS hospitals to prepare for a state-sponsored cyber assault.
Russian group Fancy Bear (APT28) were suspected of being behind an unsuccessful attack against the UK anti-doping agency, and China tied hacking group APT15 were found to have infiltrated a UK government contractor’s computer systems by NCC researchers.
Large-scale data breaches were disclosed with Under Armour’s Fitness App MyFitnessPal (1.5 million personal records compromised), Orbitz (880k payment cards at risk), and at a Walmart partner (1.3 million personal records compromised). The latter was caused when an AWS S3 bucket holding a Walmart database was left with open access, which isn't the first time a cloud service misconfiguration has caused a major data breach.
TalkTalk were warned about their website’s poor security after a hacker known as 'B' disclosed a cross-site scripting vulnerability on the talktalk.co.uk website to Sky News. TalkTalk was given a record £400,000 fine by the Information Commissioner's Office following a major website breach in October 2015, which 157,000 customer details were stolen. And the company were told to "be more diligent and more vigilant” and was fined a further £100,000 after data belonging to 21,000 customers were exposed to "rogue" staff at an Indian call centre.
GitHub survived the largest ever DDoS attack recorded thanks to Akamai DDoS protection, which peaked at a massive 1.35 terabytes of data per second.
UK schools were warned they were soft targets for cybercriminals, experts believe many schools are ill-equipped to prevent cyber thefts, with sensitive data such as children’s medical records said to be lucrative on the dark web. There has been a number of security incidents disclosed involving UK schools in recent months.
- CCTV cameras at three Blackpool schools was live streamed on a US-based website.
- Personal details belonging to millions of teachers, pupils and parents who use Edmodo on sale on the dark web
- Independent Schools' Bursars Association (ISBA), which supports senior management staff in more than 1,000 schools, said the issue of cyber attacks had become more than an "isolated incident".
- School bomb hoaxes revealed to be part of Minecraft gamer feud
A hacker alleged to be behind a gang the ran the Carbanak and Cobalt bank target malware has been arrested. The gang is reported to be responsible for the theft of up to billion euros through bank transfers and from cash machines, from over 100 banks since 2013.
The UK Government released Smart Device (IoT) Security Guidelines, however, IoT security experts said the guidance doesn't go far enough to stop irresponsible manufacturers.
- My guidance on IBM developerWorks on Combating IoT Cyber Threats
- Smart home devices used as weapons in website attack
- How hackers could use a doll to open your front door
- German ban on the sale of smartwatches aimed at children
NEWS
- Fitness App Hack Impacts 150 Million People
- GitHub Survived the Biggest DDoS Attack Ever Recorded
- TalkTalk urged to Improve Cybersecurity in wake of 'worryingly easy' Web System Flaw
- Billion Euro Cyber-Suspect Arrested in Spain
- Gwent Police sat on Data Breach Exposure for a Year before informing ICO
- Equifax finds More US Victims of 2017 Breach
- AWS S3 bucket managed by Walmart Partner exposes info on 1.3M
- Intel redesigns Chips to address Spectre and Meltdown Vulnerabilities
- Fancy Bear Suspected in United Kingdom's Anti-Doping Agency Cyber Attack
- Orbitz hit with Data Breach, 880,000 Payment Cards at Risk
- UK Government Smart Device (IoT) Security Guidelines: Experts ‘it needs more teeth'
- US Punishes 19 Russians over Vote meddling and Cyber-attacks
- Microsoft Patches 75 Vulnerabilities for IE/Edge, Exchange, Office, ChakraCore& Flash
- Adobe Releases Critical Fixes for Flash Player
- AMD Update Addresses Critical Vulnerabilities, says Flaws not so Severe
- BranchScope, a New Intel Processor Vulnerability Discovered by Researchers
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
- Cyber Attacks are one of the Biggest Threats Schools Face, experts warn
- Blackout Threat to Britain from Russian Cyber-Attack
- Recently Patched Flash Vulnerability Spotted in Massive Malspam Campaign
- APT15 Observed Targeting UK Government Contractor
- Ireland on the front line in Russia's new Hacking War
REPORTS
