Brief Summary Of December 2019

Written by David Palmer OBE

Businesses in UK suffered one cyber-attack every minute, an increase from 2018.  Cyber Attacks on large companies are increasing, with 75% of companies targeted over the last year. Cross-site scripting (XSS) is the most common hacking technique ((39%), followed by SOL injection (14%) and Fuzzing (7%). The most prevalent attacks on business, finance and legal sectors is macro malware embedded in documents, while retail, hospitality and government sectors suffered from burrowing malware (51%). Ransomware attacks are proliferating, together with a large increase in the amount of the ransom demands. LifeLabs (Canada) has agreed to pay hackers to retrieve 85,000 stolen data records, including addresses, emails, logins and passwords. Most security agencies strongly advise against paying ransoms, but instead stress the need for ransomware mitigation measures as part of a disaster recovery strategy. There is an increasing demand from security professionals that paying hackers should be criminalised. Major data breaches are increasing, Data on 30,000 Facebook employees has been stolen, including bank account and social security numbers. Adobe discloses that a data breach in Magento Marketplace has compromised personal and commercial information on its customers and sellers. Twitter has issued an emergency security patch, following a flaw that could lead to malicious code insertions into restricted storage areas of Android. Avast and AVG extensions have been pulled from Chrome, following concerns of excessive data snooping. Windows users are warned to patch their systems, after Microsoft found a flaw (CVE-2019-1458) affecting Windows-7 and some -10. The flaw was also previously compromised by a Google Chrome vulnerability. Iowa and Purdue Universities report flaws in 5G network technology which can allow tracking of victim’s location, creating false alerts and potentially allowing a prolonged DDoS condition.

Add a comment

Email again: