Security summary – July 2018

Our short monthly review summarises important news and blog posts, which focus on IT security, cloud computing and privacy protection.

1. Third-party providers to Gmail can access user emails

Third-party providers of apps for Gmail can read the personal emails of most users since the users accept this term through the “Google login”. Hundreds of companies thus have access to each and every personal email stored in Gmail users' inbox. The same is true for users of third-party app providers for Facebook.

Source (German): Frankfurter Allgemeine

2. Bluetooth bug lets cyber criminals spy on transmitted data

Scientists of the Carnegie Mellon University have discovered a bug in the encryption of the popular data sharing tool, Bluetooth. The vulnerability allows cyber criminals to spy on and manipulate data transmitted with Bluetooth.

Source (English): thehackernews.com
Source (German): computerworld.ch

3. Google Chrome now warns against unsafe websites

With their latest update, the popular web browser Google Chrome makes SLL mandatory. Chrome now warn users not to use unencrypted websites. These will be marked as unsafe making for a strong incentive for webmasters to make the switch from HTTP to HTTPS.

Source (English): thehackernews.com
Source (German): heise.de

4. Russian hackers gain access to US electricity facilities

According to homeland security officials , Russian cyber criminals have hacked their way into the core of US electricity facilities. The hackers successfully gained access to the control centers of a number of facilities enabling them to interrupt or damage electricity supply.

Source (English): Wall Street Journal
Source (German): nzz.ch

5. Two thirds of German companies successfully attacked by hackers

A study by the US-based market research company IDC reveals that two thirds of German companies where successfully attacked by hackers within the last two years. A majority of the attacks happened by the use of social phishing and as a result of inattentive employees.

Source (German): nzz.ch

6. Over a million Singaporean health records stolen by hackers

Hackers have stolen health records of 1.5 million Singaporeans, including the head of government, Lee Hsien Loong. 10% of the stolen data included very sensitive information such as drug prescriptions. The hack was confirmed by Singapore’s internet security agency CSA along with the computer emergency response team (Cert).

Source (English): thehackernews.com
Source (German): computerworld.ch

7. Car manufacturers’ sensitive business docs made public

47’000 documents of various car manufacturers – some of which contained confidential information – were stolen and made publicly available online. Amongst the affected parties were Volkswagen. The data leak originated from a Canadian service provider to the affected companies.

Source (German): heise.de