Anyone over the age of 40 in the UK will remember patiently browsing for holidays bargains on their TV via Teletext. While the TV version of Teletext Holidays died out years ago due to the creation of the world-wide-web, Teletext Holidays, a trading name of Truly Travel, continued as an online and telephone travel agent business. Verdict Media discovered an unsecured Amazon Web Services Service (Cloud Server) used by Teletext Holidays and was able to access 212,000 call centre audio recordings with their UK customers. The audio recordings were taken between 10th April and 10th August 2016 and were found in a data repository called 'speechanalytics'. Businesses neglecting to properly secure their cloud services is an evermore common culprit behind mass data breaches of late. Utilising cloud-based IT systems does not absolve businesses of their IT security responsibilities at their cloud service provider.
Booking Holidays on Ceefax in the 1980s
Within the Teletext Holidays call recordings, customers can be heard arranging holiday bookings, providing call-centre agents partial payment card details, their full names and dates of birth of accompanying passengers. In some call recordings, Verdict Media advised customers private conversations were recorded while they were put on hold. Teletext Holidays said they have reported the data breach to the ICO.
Separately, another poorly secured cloud server was discovered with thousands of CVs originating from the Monster.com job-hunting website. Monster.com reported the compromise of CVs was between 2014 and 2017 and was due to a 'third-party' it no longer worked with.
Wikipedia was the subject to a major DDoS attack, which impacted the availability of the online encyclopaedia website in the UK and parts of Europe. While the culprit(s) behind the DDoS attack remains unknown, Wikipedia was quick to condemn it, it said was not just about taking Wikipedia offline, "Takedown attacks threaten everyone’s fundamental rights to freely access and share information. We in the Wikimedia movement and Foundation are committed to protecting these rights for everyone."
CEO Fraud
The BBC News website published an article highlighting the all too common issue of CEO Fraud, namely company email spoofing and fraud which is costing business billions.
Criminals are increasingly targeting UK business executives and finance staff with ‘CEO Fraud’, commonly referred to as ‘whaling’ or Business Email Compromise (BEC) by cybersecurity professionals. CEO fraud involves the impersonation of a senior company executive or a supplier, to social engineer fraudulent payments. CEO fraud phishing emails are difficult for cybersecurity defence technologies to prevent, as such emails are specifically crafted (i.e. spear phishing) for individual recipients, do not contain malware-infected attachments or malicious weblinks for cyber defences to detect and block.
Criminals do their research, gaining a thorough understanding of business executives, clients, suppliers, and even staff role and responsibilities through websites and social media sites such as LinkedIn, Facebook, and Twitter. Once they determine who they need to target for maximum likelihood of a financial reward return, they customise a social engineering communication to an individual, typically through email, but sometimes through text messages (i.e. smishing), or over the phone, and even by postal letters to support their scam. They often create a tremendous sense of urgency, demanding an immediate action to complete a payment, impersonating someone in the business with high authority, such as the MD or CEO. The criminal’s ultimate goal is to pressurise and rush their targetted staff member into authorising and making a payment transaction to them. Such attacks are relatively simple to arrange, require little effort, and can have high financial rewards for criminals. Such attacks require little technical expertise, as email spoofing tools and instructions are freely available on the open and dark web. And thanks to the internet, fraudsters globally can effortless target UK businesses with CEO fraud scams.
UK Universities are being targetted by Iranian hackers in an attempt to steal secrets, according to the UK National Cyber Security Centre and the UK Foreign Office. The warning came after the US deputy attorney general Rod Rosenstein said: “Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries."
Security Updates
'Patch Tuesday' saw Microsoft release security updates for 78 security vulnerabilities, including 17 which are 'Critical' rated in Windows RDP, Azure DevOps, SharePoint and Chakra Core.
On 23rd September 2019, Microsoft released an ‘emergency update’ (Out-of-Band) for Internet Explorer (versions 9, 10 & 11), which addresses a serious vulnerability (CVE-2019-1367) discovered by a Google researcher and is said to be known to be actively exploited. The flaw allows an attacker to execute arbitrary code on a victim's computer through a specially crafted website, enabling an attacker to gain the same user rights as the user and to infect the computer with malware. It is a particularly dangerous exploit if the user has local administrator rights, in such instances an attacker gain full control over a user's computer remotely. This vulnerability is rated as 'Critical' by Microsoft and has a CVSS score of 7.6. Microsoft recommends that customers apply Critical updates immediately.
Ransomware
Research by AT&T Cybersecurity found 58% of IT security professionals would refuse to pay following a ransomware attack, while 31% said they would only pay as a last resort. A further 11% stated paying was, in their opinion, the easiest way to get their data back. While 40% of IT Security Pros Would Outlaw Ransomware Payments. It is clear from the latest threat intelligence reports, that the paying of ransomware ransoms is fuelling further ransomware attacks, including targetted attacks UK businesses.
BLOG
NEWS
- Teletext Holidays Data Breach Exposes 212,000 Customer Call Recordings
- Monster.com job applicants info Exposed on Unprotected Server
- FS-ISAC and Europol Partner to Combat Cross-Border Cybercrime
- Millions of YouTube accounts hijacked through phishing and compromised 2FA
- Twitter CEO’s account was hacked via a SIM-swapping scheme
- 419 million Facebook Users Personal Information exposed, phone numbers and unique IDs
- Wikipedia took offline in Europe by a DDoS Attack
- DoorDash Breach Exposes Data of 4.9 Million Customers
- Microsoft Patches 78 Vulnerabilities, including 17 Critical for Windows RDP, Azure DevOps, SharePoint & ChakraCore
- Internet Explorer Emergency Patch for CVE-2019-1367
- Mozilla released Updates for Firefox 69
- Samba developers issued an update for CVE-2019-10197
- PHP Update Fixes Arbitrary Code Execution Flaw
- Apple Updates Software, Fixes Flaw affecting Third-Party Keyboard Apps
- Chrome Security issues Addressed with Stable Channel update
- Adobe Patches Two Critical Issues with Cold Fusion
- Cisco addresses Multiple Bugs in Network Operating Systems
- Cisco issued Advisories for Vulnerabilities in 7 products, including WebEx Teams
- Spoofing Emails: The Trickery Costing Businesses Billions
- Ryuk-like Malware targeting Law, Military and Finance Groups
- Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites
- Notorious GandCrab Hacker Group 'returns from retirement’
- UK Universities targeted by Iranian Hackers, NCSC and Foreign Office says
- China’s APT3 Pilfers Cyberweapons from the NSA
- AT&T Cybersecurity Survey:: 40% of IT Security Pros Would Outlaw Ransomware Payments
- Enterprise Ransomware Report: Shines spotlight on Poor Patch Management
- Metasploit Project publishes exploit for Bluekeep bug
Interesting information sharing really helpful it is worth reading post thanks for it keep sharing
ReplyDeleteInteresting information sharing really helpful it is worth reading post thanks for it keep sharing
ReplyDelete