Security summary – July 2019

Our short monthly review summarises important news and blog posts, which focus on IT security, cloud computing and privacy protection.

1. More than 100 million clients of US bank Capital One affected by data breach

Due to a misconfiguration of an AWS cloud, a hacker was able to access credit applications of more than 100 million US clients and 6 million Canadian clients of US bank Capitol One. Former engineer at AWS, Paige Thompson, has been arrested as a suspect after bragging about the data theft on GitHub.

Source: threatpost.com

2. Fake ‘Google’ sites used to steal user credit card data

E-shop system Magento is currently being targeted by malware seeking to steal customer credit card data. In order to trick users into giving up their sensitive data, the criminals are using seemingly trustworthy domains, designed to appear to be Google domains.

Source: threatpost.com

3. Accidental data leak force family to relocate

In England, it is common that the identity of adoptive parents remains secret when a child is adapted due to difficult family circumstances. However, a government official accidentally revealed the identities of two North-London-based adoptive parents forcing them to change not only address but also names.

Source: heise.de

4. Facebook accepts historical fine after Cambridge Analytica scandal

The Federal Trade Commission (FTC) has officially confirmed that Facebook agrees to pay a historical 5-billion USD fine as a result of privacy violations connected to the Cambridge Analytica scandal. Besides the significant fine, the company has also accepted a 20-year-long agreement enforcing it to strengthen its data privacy practices and policies.

Source: thehackernews.com

5. Equifax pays up to 700 million US dollars to US authorities after hack

During a 2017 hack, extremely sensitive data was stolen from more than 140 million US citizens because the US economic credit agency Equifax failed to protect their systems properly. Equifax has now agreed to pay up to 700 million US dollars as punishment for the damaging data theft.

Source: heise.de

6. US Mayors stand together against ransomware

Mayors of US municipalities have agreed on a resolution not to pay a ransom if the city's IT system is attacked by blackmail Trojans. Ransomware attacks are on the rise and ransom payments are only an additional incentive for the criminal makers of the malware, according to the appeal issued at the annual meeting of the United States Conference of Mayors (USCM).

Source: heise.de

7. British Airways fined £183 million with reference to GDPR

Britain's Information Commissioner's Office (ICO) gives British Airways a £183 million fine for failing to protect the personal information of around half a million of its customers during a 2018 security breach. Since the data breach happened after the EU's General Data Protection Regulation (GDPR) took effect on May 2018, the fine imposed on the airline represents 1.5% of the company's worldwide turnover for its 2017 financial year.

Source: thehackernews.com

8. Malware-spreading Facebook accounts shut down

Facebook shuts down more than 30 malware-spreading accounts that fabricated news about the ongoing political situation in Libya in order to spread remote access trojans (RATs) to tens of thousands of victims since 2014.

Source: threatpost.com