Security summary – November 2018

Our short monthly review summarises important news and blog posts, which focus on IT security, cloud computing and privacy protection.

1. Online banking Trojan targets German speakers

An international group of cyber criminals known as Emotet is currently targeting German speaking internet users. They send out cleverly designed emails that appear to come from the victims’ colleagues and attach a .doc file to infect their device.

Source in German: heise.de

2. GDPR tool presents Instagram users with password in plane writing

In the spirit of GDPR conformity, Instagram offers users a tool called “Download your data”. It retrieves and presents them with all the data stored on them by the service. As a result of a serious defect, the tool also presented users with their own password in plain writing.

Source in German: heise.de

3. iPhone X and Samsung Galaxy S9 hacked in competition

At the hacking competition Pwn2Own 2018 in Tokyo, white hat hackers from around the world gathered to demonstrate their ability to exploit vulnerabilities in the latest versions of popular smartphones. The winning team hacked an iPhone X, Samsung Galaxy S9 and Xiaomi Mi6 earning several hundred thousand dollars in prize money.

Source in English: thehackernews.com

4. A majority of ATMs hackable in a matter of minutes

A recent report from security specialist Positive Technologies conclude that almost 70% of ATMs from world-leading manufacturers are vulnerable to Black Box attacks. In these attacks criminals attach devices to cash dispensers to coax the ATM into releasing money. An attack can take as little as ten minutes.

Source in English: finextra.com

5. Artificial fingerprints act as master key to open any smartphone

Researchers of the New York University Tandon have successfully created artificial fingerprints that are meant to act as master keys. When tested on VeriFinger and other fingerprint recognition solutions, the artificial fingerprint outsmarted the solutions in 22% of the cases enabling unauthorized access.

Source in German: heise.de

6. IoT malware increase significantly in 2018

Kaspersky Lab detected three times more IoT attacks in the first half of 2018 as compared to the whole of 2017. More than 120,000 different malware types were registered in internet-connected products such as washing machines. According to Kaspersky Lab, many attacks originate from Brazil and China.

Source in German: elektronikpraxis.vogel.de

7. Quantum encryption makes progress

The Fraunhofer Institute for Applied Optics and Precision Engineering is working on a groundbreaking encryption method that is unbreakable on a physical level rather than a mathematical one. The encryption is based on the principle of quantum entanglement and could soon be ready for market relevant application.

Source in German: it-business.de

8. GDPR may soon be extended by the ePrivacy Directive

The GDPR may soon be extended by the so-called ePrivacy Directive. In short, the directive seeks to further protect the fundamental rights of EU citizens with regard to their use of electronic devices. Among other things, the directive sets out the conditions under which electronic communications data may be processed by network providers.

Source in German: security-insider.de

9. The CLOUD act forces US companies to go against GDPR

The CLOUD act foresees that whenever a criminal investigation is ongoing and a request is put forth by the US authorities, US companies must hand over any data regardless of whether it is stored in an European country. It puts US companies in a pickle since it is in direct contradiction to the GDPR and European data laws.

Source in German: security-insider.de