Brief Summary for August 2019

A brief summary of the most important information regarding cyber security for the month of August 2019. 
Hacking by national agencies continues. Microsoft reports that Russian state-sponsored agency actively is attacking businesses through IOT devices, using Fancy Bear/STRONTIUM, to exploit vulnerabilities in host security. Kazakhstan government has attempted to intercept web traffic of its citizens, to allow it to decrypt https traffic, but both Google and Mozilla have refused to comply. Project Zero reports that hackers have ‘for years’ hidden malware on websites which can then install themselves on iPhones. Also, a Def Con known as ‘MG’ has developed a realistic but malicious iPhone Lightning cable that allows attackers to remotely attack and control an iPhone or Mac. Ransomware attacks continue, with a number of new attacks this month. A ransomware tool has been developed and demonstrated which can encrypt a camera using just a WiFi connection to a public network. ‘Online skimming’ – injecting malware into compromised e-commerce sites to steal payment card data is proliferating. A flaw in Bluetooth protocols (known as KNOB) can allow hackers to listen to conversations or change the content of file transfers. Microsoft contractors are reportedly listening to recordings of personal Skype calls. This follows previous reports concerning Alexa and Google Assistant. vpnMentor reports that a data base used by UK Met Police and banking groups has been found to contain publicly accessible unencrypted data, including facial recognition, fingerprint data and user images, in addition to the usual personal and company data. This is particularly serious for potential victims, as unlike passwords, biometric data cannot be replaced once compromised. 
Text written by David Palmer OBE.
For more information read our CSIR for August 2019 on LinkedIn 
Previous
Paratus private beta is launched

Add a comment

Email again: