In April the National Cyber Security Centre (NCSC) briefed major UK businesses about a significant Chinese Cyber-Espionage Threat called APT10, also known as Stone Panda, which I have featured in a separate blog post – Detecting & Preventing APT10 Operation Cloud Hopper.
Payday loan firm Wonga reported a data breach which may affect up to 245,000 of its UK customers. The information stolen includes names, addresses, phone numbers, bank account numbers and sort codes.
A BBC Click investigation has thrown doubt on claims that the small, personal email server Nomx can provide “absolute security”. The BBC investigation started by taking the device apart to find that it was built around a £30 Raspberry Pi computer. As the operating system for the Pi sits on a removable memory card, Mr Helme was able to download the device’s core code so he could examine it closely and found they were about to crack the device’s simple passwords.
There was the usual raft of security updates which fixed security vulnerabilities in April, with Microsoft patches causing the most stir with security researchers, some of whom suggested the firm had held back patching some of its products.
- APT10 Stone Panda – Operation Cloud Hopper
- Hotel Chain Giant Card Payment Breach could have ‘over 1000’ Locations
- Wonga Data Breach ‘affects 245,000 UK Customers’
- Data Breach of thousands of UK drivers revealed Car Parking App used by Councils
- Hacking Attacks on UK Businesses Cost Investors £42bn
- Callisto Group Hackers targeted Foreign Office Data
- Almost Half of UK firms hit by Cyber Breach or Attacks in the Past Year
- 1.7M Snapchat user details Posted in India
- BBC Exposes Flaws in ‘World’s Most Secure’ Email Service
- Google and Facebook Duped in Huge ‘Scam’
- Adobe fixes 7 Critical Security Vulnerabilities in Flash Player & Shockwave Player
- Microsoft release Patches for IE, Edge, Office Windows, .NET, SilverLight & Flash
- Skype Bug allows Hackers to Execute Arbitrary code on Victim’s Machine
- Security Vulnerabilities found in select Linksys Router Models
- Hackers used Microsoft Word bug ‘for months’
Awareness, Education and Threat Intelligence
- Mysterious Felismus RAT poses Powerful Threat
- IoT botnets Mirai and Hajime forming a Monster Rivalry
- The 2017 Verizon Breach Investigations Report (DBIR) Released
- 75% of data breaches are down to outsiders and a 25% are insiders
- 73% are conducted for financial reasons with half involving organised crime.
- 62% of breaches feature hacking, it still disappoints to see that 81% of hacking related breaches leveraged either stolen and/or weak passwords. Half of breaches included malware, but physical loss of devices is now down to just eight% and errors were a factor in 14% of breaches.
- Ransomware rose 50% compared to last year and accounted for 72% of all malware incidents in the healthcare sector.
- Financial services are the most targeted sector at 24%, while healthcare accounts for 15%, the public sector close behind on 12% and the combined total of retail and accommodation accounting for 15% of breaches.
from Cyber Security Roundup for April 2017