Security Summary – November 2019

Our short monthly review summarises important news and blog posts, which focus on IT security, cloud computing and privacy protection.

1. More than a billion users affected by a massive data leak

Security researchers from the threat intelligence platform "Data Viper" found a database containing personal data of approximately 1.2 billion users online. Amongst the publically available information found was highly personal data such as names, telephone numbers, and email addresses. However, no passwords or credit card information was identified.

Source: computerworld.ch

2. Researchers analyze millions of leaked data sets

The IT security company "ImmuniWeb" has analyzed stolen company data available for sale on the dark web. It found almost twenty million plain text passwords that seem to be related to employees working at fortune 500 companies. Sixteen million of these stemmed from hacks carried out within the past twelve months.

Source: heise.de

3. Swiss security barometer: IoT device attacks increase

The Swiss security barometer created by Symantec and Computerworld shows a sharp increase in network attacks throughout October 2019. Compared to the previous month, attacks increased with 8% to around 30,000 strikes. Senior Principal Threat Researcher at Symantec, Candid Wüest, argues that this illustrates how Internet of Things (IoT) devices are becoming a new target for hackers.

Source: computerworld.ch

4. Critical security deficiencies found in "Brexit" app

Norwegian researchers from the IT security company Promon have discovered severe security deficiencies in the Android version of an app intended to make it easier for EU / EEA and Swiss citizens to remain in Great Britain after the Brexit. The app scans and forwards highly personal data such as passport copies and a biometric photo of the applicants' faces.


Source: heise.de

5. Black Friday and Cyber Monday see online scams peak

This year's Black Friday and Cyber Monday saw researchers warn of an unprecedented escalation in more sophisticated scams designed to make users hand over their payment data. Amongst the more common methods were social-media scams and domain-impersonation scams.

Source: threatpost.com

6. Data-related crime costs the German economy more than 100 billion euros every year

A study by the digital association Bitkom showed that sabotage, data theft, or espionage causes the German economy a total loss of 102.9 billion euros every year. This number is almost twice as high as two years ago (2016/2017: 55 billion euros p.a.). The study included more than 1,000 managing directors and security officers across all industries.

Source: security-insider.de

7. Google quietly obtains millions of health data

Wall Street Journal and New York Times report that Google has quietly collected and analyzed the health data of millions of American patients without patients' or doctors' consent. The health organization "Ascension" provided Google with the data as part of a collaboration aiming to optimize health records using artificial intelligence.

Source: computerworld.ch

8. Cybercriminals penetrate the Conrad Electronic network

Cybercriminals successfully penetrated the network of Conrad Electronics, giving them access to nearly 14 million customer data. Data that may have been affected by the breach include postal addresses, partial email addresses or fax and telephone numbers, along with IBANs.

Source: security-insider.de

9. Hotel booking platform leave customer data unprotected online

Security researchers from VPNMentor have discovered more than a terabyte of customer data from French business travel provider Gekko Group in an unsecured Elasticsearch database. According to the researchers, booking information and credit card details were among the data found.

Source: heise.de

10. More than 1 million USD to be awarded for Google hack

Google announced its yet highest bug bounty of 1.5 million USD, which the company will pay anyone who can successfully hack its Titan M security chip. According to the company blog, Google already has paid out more than $4 million split out on 1,800 reports to people that have identified vulnerabilities on the platform.

Source: threatpost.com