- Is Huawei a Threat to UK National Security?
- Huawei: The company and the security risks
- The assessment of the Chinese state as hostile towards Western nations is key in understanding why Huawei is considered a risk
- Should we worry about Huawei?
- Why has the UK not blocked Huawei?
Why Huawei matters in five charts
- EU Cybersecurity Act to enable certification of connected devices
A serious security flaw placed Royal Bank of Scotland (RBS) customers at risk. The vulnerability was discovered by PenTest Partners in the bank provided 'Heimdal Thor', security software, which was meant to protect NatWest customers from cyber-attacks but actually permitted remote injection commands at the customer's endpoint. PenTest Partners said "We were able to gain access to a victim's computer very easily. Attackers could have had complete control of that person's emails, internet history and bank details. To do this we had to intercept the user's internet traffic but that is quite simple to do when you consider the unsecured public wi-fi out there, and it's often all too easy to compromise home wi-fi setups.
One of the world’s biggest aluminium producers, Norsk Hydro, suffered production outages after a ransomware outbreak impacted its European and US operations. Damages from ransomware attack on Norsk Hydro reach as high as $40M.
Citrix disclosed a security breach of its internal network may have compromised 6Tb of sensitive data. The FBI had told Citrix that international cyber criminals had likely gained access to its internal network. Citrix said in a statement it had taken action to contain the breach, “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI”. According to security firm Resecurity, the attacks were perpetrated by Iranian-linked group known as IRIDIUM.
Credit monitoring Equifax admitted in a report it didn't follow its own patching schedule, neglecting to patch Apache Struts which led to a major 2017 breach which impacted 145 million people. The report also said Equifax delayed alerting their customers for 6 weeks after detecting the breach.
ASUS computers had backdoors added through its software update system, in an attack coined “ShadowHammer”. Kaspersky researchers estimated malware was distributed to nearly a million people, although the cybercriminals appeared to have only targeted 600 specific devices. Asus patched the vulnerability but questions still remain.
Data breaches are up 400% in 2018 according to a report by 4iQ, with almost 15 billion records exposed.
The top 10 biggest breaches of 2018 according to 4iQ were:
- Anti-Public Combo Collections – (Hacked) Sanixer Collection #1-6, 1.8 billion unique email addresses.
- Aadhaar, India – (Open third party device) 1.1 billion people affected
- Marriott Starwood Hotels – (Hacked) 500 million guests PII
- Exactis – (Open device) 340 million people and businesses.
- HuaZhu Group – (Accidental Exposure) 240 million records
- Apollo – (Open device) 150 million app users.
- Quora – (Hacked) 100 million users.
- Google+ – (API Glitch) 52.2 million users.
- Chegg – (Hacked) 40 million accounts
- Cathay Pacific Airways (Targeted attack) 9.4 million passengers.
Barracuda Networks reported the top 12 phishing email subject lines, after they analysed 360,000 phishing emails over a three-month period.
- Millions of Facebook Passwords exposed Internally for Years
- Security Flaw put RBS Customers at risk of Cyber-Attack
- Norwegian Aluminium producer Norsk Hydro hit by Extensive Cyber Attack, costing up $40M
- Health Apps pose 'unprecedented’ Privacy Risks
- Microsoft Researchers find NSA-style Backdoor in Huawei Laptops
- EU ignores US call to ban Huawei in 5G rollout
- 809 Million Emails Leaked from accessible MongoDB Database
- European Parliament adopts Cybersecurity Act to counter Chinese IT threat
- Huawei: Chinese Telecoms giant 'still a Security Threat to UK' - GCHQ
- Huawei ban would delay 5G rollout: Three
- Citrix Discloses Security Breach of Internal Network, 6Tb of Sensitive Data Stolen
- Equifax neglected Cybersecurity prior to Breach, Senate report finds
- Insurance Companies collaborate to offer Cybersecurity Ratings
- ShadowHammer Attack installed Backdoors on a Million ASUS devices
- ICO helps Developers Produce Compliant Data Products via Sandbox Service
- Security Flaw put RBS Customers at Risk of Cyber-Attack
- 100,000 Leaked Authentication Secrets on GitHub, 89% Sensitive Insurer refuses Payout to DLA Piper over NotPetya Cyberattack
- Microsoft Patches 64 Vulnerabilities, including 17 Critical for Windows, IE, MS XML, ActiveX, Chakra and Adobe Flash
- Adobe Patches Critical Flaws in Photoshop CC, Cold Fusion and Digital Editions
- Chrome Updated to Combat an Exploited Zero Day
- Apple Patches more than 50 Vulnerabilities
- Cisco may have Released a Faulty Patch in Most Recent Update
- Mozilla Plugs Two Critical Security holes in Thunderbird
- Critical Flaw in Magento e-Commerce Platform Exposes 300,000 e-Commerce Websites to SQL injection
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
- Mirai Variant adds 11 News Exploits, Shifting Focus to Enterprise IoT Devices
- Microsoft grabs APT35/Charming Kitten websites in court ordered take down
- Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits
- Elfin, aka APT33, targets U.S., Saudi Arabian firms in Cyberespionage Campaign