B&Q said it had taken action after a security researcher found and disclosed details of B&Q suspected store thieves online. According to Ctrlbox Information Security, the exposed records included 70,000 offender and incident logs, which included: the first and last names of individuals caught or suspected of stealing goods from stores descriptions of the people involved, their vehicles and other incident-related information the product codes of the goods involved the value of the associated loss.
Hundreds of German politicians, including Chancellor Angela Merkel, have had personal details stolen and published online at the start of January. A 20 year suspect was later arrested in connection to this disclosure. Investigators said the suspect had acted alone and had taught himself the skills he needed using online resources, and had no training in computer science. Yet another example of the low entry level for individuals in becoming a successful and sinister hacker.
Hackers took control of 65,000 Smart TVs around the world, in yet another stunt to support YouTuber PewDiePie. A video message was displayed on the vulnerable TVs which read "Your Chromecast/Smart TV is exposed to the public internet and is exposing sensitive information about you!" It then encourages victims to visit a web address before finishing up with, "you should also subscribe to PewDiePie"
Hacked Smart TVs: The Dangers of Exposing Smart TVs to the Net
The PewDiePie hackers said they had discovered a further 100,000 vulnerable devices, while Google said its products were not to blame, but were said to have fixed them anyway. In the previous month two hackers carried out a similar stunt by forcing thousands of printers to print similar messages. There was an interesting video of the negative impact of that stunt on the hackers on the BBC News website - The PewDiePie Hackers: Could hacking printers ruin your life?
Security company ForeScout said it had found thousands of vulnerable devices using search engines Shodan and Cenys, many of which were located in hospitals and schools. Heating, ventilation, and air conditioning (HVAC) systems were among those that the team could have taken control over after it developed its own proof-of-concept malware.
Reddit users found they were locked out of their accounts after an apparent credential stuffing attack forced a mass password invoke by Reddit in response. A Reddit admin said "large group of accounts were locked down" due to anomalous activity suggesting unauthorised access."
Kaspersky reported that 30 million cyber attacks were carried out in the last quarter of 2018, with cyber attacks via web browsers reported as the most common method for spreading malware.
A new warning was issued by Action Fraud about a convincing TV Licensing scam phishing email attack made the rounds. The email attempts to trick people with subject lines like "correct your licensing information" and "your TV licence expires today" to convince people to open them. TV Licensing warned it never asks for this sort of information over email.
January saw further political pressure and media coverage about the threat posed to the UK national security by Chinese telecoms giant Huawei, I'll cover all that in a separate blog post.
- Information Security no longer the Department of “NO”
- 43% of Cybercrimes Target Small Businesses - Are You Next?
- The Emergence of Geopolitical Fuelled Cyber Attacks
- Is AI the Answer to never-ending Cybersecurity Problems?
- The Biggest Data Breaches of 2018
- Microsoft Windows 7 & Windows 2008 End of Life
- Cyber Security Conferences to Attend in 2019
- What does Cybersecurity have in store for 2019?
- Cyber Security Predictions for 2019
- Smart Buildings, including Hospitals, riddled with Devices Vulnerable to Hackers
- Airbus warns staff to Increase Vigilance over Cyber-Security following Breach
- US Issues Emergency Cyber Security Directive as Iran-linked Hackers strike during shutdown
- Yahoo Data Breach Payout blocked by judge
- Credential Stuffing Attack prompts Reddit to force Password Reset
- PewDiePie Hackers take over Google Smart TV systems
- TV Licence fee scam - the dangerous fake email and the real refunds available
- 30 Million UK Cyber Attacks carried out in Q4 2018
- B&Q 'exposed data about store thieves'
- Kwik Fit hit by Malware, knocking out IT systems
- German Politicians targeted in Mass Data Cyber Attack
- Microsoft Patches 48 Vulnerabilities, including 7 Critical for Windows, Edge, Hyper-V, Chakra and Adobe Flash
- Microsoft Releases 3 "out of band" non-Critical Patches for Team Foundation Server and Skype Business Server 2015
- CERT/CC issues warning for Microsoft Exchange 2013
- Adobe Releases Fixes 2 Critical Vulnerabilities in Acrobat and Acrobat Reader
- Google Chrome Update contains 58 Security Fixes
- Apple disables Group FaceTime after Major Security Flaw is found
- Critical Privileged Access Vulnerability Patch issued for Cisco Switches
- Intel Patches Flaws that could lead to Privilege Escalation
- Cisco patches 18 vulnerabilities including a critical memory corruption DoS bug
- Oracle Releases 248 Patches within their Quarterly Security Update
- Apple Releases Security Updates for iOS, macOS, tvOS, watchOS and other products
- Flaws in PremiSys Access System could literally open door for Physical Intruders
AWARENESS, EDUCATION AND THREAT INTELLIGENCE
- Ryuk Ransomware linked to Emotet and TrickBot trojans; suspicions shift to Cyber-Criminal Group
- APT39: New Iranian APT identified by FireEye and Kaspersky
- Iran Linked to new DNS Manipulation Attack
- DarkHydrus APT group delivers RogueRobin Trojan via Google Drive