Security summary – January 2019

Our short monthly review summarises important news and blog posts, which focus on IT security, cloud computing and privacy protection.

1. 773 million passwords circulate underground forums online

The man behind the webside “Have I Been Pwned”, Troy Hunt, discovered a massive collection of passwords and email addresses online. The data collection goes under the name “Collection#1” and it can be bought by anyone interested.

Source in German: heise.de

2. Ransomware group claims to “collect money” for children

A new ransomware group are attacking companies, encrypting their files and asking for a bitcoin ransom before they’ll decrypt the files. The twist is that they claim to be donating the ransom to the “International Children Charity Organisation”. Furthermore, they intend to list their victims on an official donor list.

Source in German: inside-it.ch

3. Allianz study: Cyberattacks belong to principal corporate risks

According to a study carried out by insurance company Allianz, cyberattacks are amongst the largest threats to companies worldwide. The costs connected to such attacks amounts to 500 billion Euro and are estimated to cost two million apiece in Germany alone.

Source in German: heise.de

4. Vulnerable government server exposes FBI investigations

On December 7, researcher Greg Pollock from the cybersecurity firm UpGuard discovered that The Oklahoma Department of Securities (ODS) had left government data on an unsecured storage server for several days. The server in question contained 3 terabytes of sensitive data including confidential case files from the Oklahoma Securities Commission and FBI investigations.

Source in English: thehackernews.com

5. VOIPO database exposes millions of texts and call logs

A California-based voice-over-internet provider has exposed millions of customer call logs, SMS message logs and credential in plain text. The company confirms that a development server was inadvertently left open to public access. Up to 6.7 millions call logs were exposed as a result.

Source in English: threatpost.com

6. Trivial web hosting vulnerabilities threaten 7 million domains

Five of the world’s biggest web hosting providers have been proved to have vulnerabilities in their websites that allowed attackers to take over customer accounts with a minimum of effort. More than seven million domains are registered with the affected providers.

Source in German: heise.de

7. Flight booking system vulnerability affects more than hundred airlines

Israeli network security researcher Noam Rotem discovered a severe vulnerability in online flight booking system Amadeus allowed cyber criminals to access and modify the travel details of almost half of the flight travelers worldwide. Furthermore, frequent flyer miles were stolen. The system is currently being used by 141 airline companies, including Lufthansa, United Airlines and Air Canada.

Source in English: thehackernews.com

8. Hacker faces 10 years of prison for DDoS-attacks

A U.S.-citizen was sentenced to 10 years imprisonment after carrying out a series of DDoS-attacks on American children’s hospitals in 2014. He was also ordered to pay 443,000 USD in restitution for damages caused.

Source in English: zdnet.com