Security Summary – December 201931-12-2019 Author: DSwiss
Our short monthly review summarizes important news and blog posts, which focus on IT security, cloud computing and privacy protection.
1. McAfee study: The digitalization of Christmas brings cyber risks
According to a study by the security provider McAfee, the Germans now do 71 percent of their Christmas shopping online. During the Christmas holidays, online streaming service Netflix is used by 52% of the survey participants compared to 28% in 2009. The growing online activity poses new security risks. In 2018, one in five Germans fell victim to online scams, as the results of the study show.
2. More than 40 million Microsoft customers reuse their password
According to a "ZDNet" report, forty-four million Microsoft users reused passwords in the first three months of the year. The Microsoft Threat Research team now scanned all Microsoft user accounts and found that millions of users were using user names and passwords that had leaked to other online services after a security breach. In response, a forced password reset has been carried out.
3. Lufthansa Miles & More customers saw third-party user data
The Lufthansa frequent flyer program Miles & More suffered a data protection violation on December 9, 2019: Users who logged in to their Miles & More account could temporarily view profile data of other user accounts. Furthermore, they may have been able to redeem miles belonging to another client. According to Miles & More, the incident resulted from a technical error on the part of the company.
4. Cybercriminals target web users searching for celebrity news
McAfee conducts an annual study to determine which celebrity searches are most likely to endanger Internet users. The company determines which searches are most likely to land users on websites that are identified with malware. The study was conducted using data from McAfee WebAdvisor to determine how many pages pose a risk when it comes to celebrity web searches. This was rated, weighted, and then averaged for each celebrity.
5. Phishing emails misuse the Media Markt brand
Cybercriminals are currently sending German-language emails designed to look like they come from the well-established electronics company Media Markt. The fake emails seek to lure out victims' credit card details with the promise of a special Christmas gift from Media Markt.
6. Swiss security: Significant increase in infected websites
In November, the Swiss security barometer from Symantec and Computerworld showed a substantial rise in infected websites. Possible reasons include attacks on online Christmas shoppers. In November, the number of infected websites increased by 77 percent to a total of 10,966 units as compared to October. Moreover, attacks on advertising banners are on the rise.
7. One-fifth of all Iranian bank card details published on social media
Details of 15 million bank debit cards in Iran had been published on social media following anti-government protests. Experts suspect a state-sponsored cyberattack. The breach targeted Iran's three largest banks, and the number of affected accounts represents close to a fifth of the country’s population.
8. WordPress plugin bug enables hackers to take over websites
Hackers are actively exploiting a bug discovered in the WordPress plugins Ultimate Addons for Beaver Builder, and Ultimate Addons for Elementor. Security researchers warn that the flaw allows hackers to take over admin rights for any website using the plugins. Users should patch as soon as possible.
9. Millions of IoT devices at risk due to GoAhead web server vulnerability
Many IoT devices use the GoAhead web server, which was recently found to have two security vulnerabilities that enable DoS and malicious-code attacks. The vulnerability means that millions of IoT devices are potentially at risk. Because many IoT devices cannot be or are seldom updated, likely, a security patch will never reach them.
10. Smartwatch vulnerabilities may allow strangers to track kids
Boston-based security researchers found severe vulnerabilities in several low price smartwatches made for children. The main concern: The watches are delivered with insufficient instructions on how to reset the default password of "123456". If parents don't reset the admin password, strangers can easily override parental controls and track kids.