Hackers stole up to 34,000 Butlin guest records, reportedly breaching the UK holiday camp firm through a phishing email. Dixons Carphone upped the estimated number of customer records breached in a hack last year from 1.2 million to 10 million, which includes 5.9 million payment cards. There was no explanation offered by Dixons to why it had taken so long to get a grip on the scale of the data breach, which was reported as occurring in July 2017.
Huawei continues to face scrutiny over the security of their products after the UK National Cyber Security Centre (NCSC) issued a warning about using the Chinese tech manufacturing giant's devices in a security report. Huawei recently took over from Apple as the world's second largest provider of smartphones. A 16 year old Australian 'Apple fanboy' found himself in court after hacking into Apple's network.
On the international scene, Microsoft announced it had thwarted Russian data-stealing attacks against US anti-Trump conservative groups, by taking down six domains which hosted mimicked websites, which were likely to be used in future phishing campaigns. The Bank of Spain's website was taken out by a DDoS attack, and a Chinese Hotel Group's 140Gb customer database was found for sale on the dark web. The PGA golf championship was hit by a ransomware, and the FBI arrested three key members of the notorious FIN7 hacking group, the group is said to be responsible for stealing millions of credit card and customer details from businesses across the world.
On the personal front, the EC-Council confirmed my Computer Hacking Forensic Investigation (CHFI) certification had been renewed until 2021. I dropped into B-Sides Manchester this month, the highlight was a demonstration of a vulnerability found by Secarma researches, namely a PHP flaw which places CMS sites at risk of remote code execution.
There was plenty of critical security patches released by the usual suspects, such as Microsoft, Cisco, and Adobe, the latter firm released several out-of-band patches during August. A critical update was released for Apache Struts (popular web server) and a reminder that Fax machines and all-in-one devices network devices could be used as a way into corporate networks by hackers.
Finally, there were a couple of interesting cybercrime articles posted on the BBC's news website this month, Cyber-Attack! Would your firm handle it better than this? and Unpicking the Cyber-Crime Economy
NEWS
- T-Mobile Breach Affects Two Million Customers
- Air Canada Mobile App Breach Affects 20,000 People
- Microsoft takes down 'Russian political Hackers
- Dixons admits Data Breach now Affects 10 million
- Butlin's says Guest Records may have been Hacked
- Huawei set to face even more scrutiny from UK Security Forces
- Reddit user data compromised after 'serious’ Hack
- Instagram Hack sees accounts replaced with film stills
- UK Universities among 76 targeted by Hackers
- Bank of Spain hit with DDoS Attack
- Chinese Hotel Group leak of Millions of Guests’ Data
- Reported Data Breaches up 160% since GDPR
- US warns of Supply Chain Cyber-Attacks
- PGA Championship hit by Ransomware Attack
- Teenage fan Hacks into Apple network
- NIST issues Guidance for Protecting Medical IoT devices
- FBI arrests key members of 'prolific’ FIN7 Cyber Crime Group
- Microsoft Patches 60 Vulnerabilities for Windows, IE\Edge, Office, .NET, Exchange, SQL, Chakra and Adobe
- PHP flaw places CMS sites at risk of remote code execution
- Adobe Releases Important Fixes for Flash Player
- Adobe Releases Critical Fixes for Acrobat and Acrobat Reader
- Adobe pushes out ‘out-of-band’ Critical Updates for Photoshop CC
- Adobe issues ‘out of band’ Patch for Creative Cloud Desktop Application
- Cisco Patches DoS-related flaws in AsyncOS, Unified Comms Manager (CUCM, IM, and P) and ASA
- 'Foreshadow' attack affects Intel chips
- Fax machines and all-in-one devices could be used by Hackers to Infiltrate Networks
- Security update issued after Critical RCE vulnerability found in the core of Apache Struts
- Cyber fall-out of nation-state conflicts extends beyond politics
- Experts warn of increase in Phishing Attacks targeting Cryptocurrency
- Latest Mirai variant leverages open source project for cross-platform infections
- AdvisorBot Downloader in Malware Campaign targeting Hotels, Restaurants, and Telecoms
- Researchers find new POS malware with no data exfiltration capabilities
- CrowdStrike: Global Supply Chain Survey, two-thirds of organisations attacked
- Mimecast ESRA Report: Email attacks on the rise, say 80% of Businesses
- Data Leakage Prevention (DLP) – ISF Briefing Paper
- Cyber-Attack! Would your firm handle it better than this?
- Unpicking the Cyber-Crime Economy
- Cyber fall-out of nation-state conflicts extends beyond politics
No comments:
Post a Comment