Security summary – October 2018

Our short monthly review summarises important news and blog posts, which focus on IT security, cloud computing and privacy protection.

1. Chinese microchip infiltrate U.S. companies and government

In what may be one of the most significant supply chain attacks to have been carried out against American companies, a Chinese military unit successfully inserted microchips the size of a grain of rice to server motherboards before they left the factory. The altered motherboards appear to have been installed in major U.S. companies and governmental institutions server infrastructures, in order to ensure long-term access to high-value corporate secrets and governmental networks.

Source in English: bloomberg.com

2. Refusing digital strip-search can trigger 5,000 USD fine

New regulation enable Customs officials to demand any suspicious passenger to provide them with the means to unlock and search personal devices such as laptops and mobile phones. Anyone refusing may face a fine of up to 5,000 US dollars. The new Customs and Excise Act 2018 came into effect on October 1st.

Source in English: radionz.co.nz

3. Millions of surveillance cameras left open to web attack

Due to a hardware vulnerability, millions of surveillance cameras and video recorders are trivially easy to hack. In Germany alone, an estimated 1.3 million cameras are affected. The vulnerability affects equipment with hardware originating from the Chinese company Xiongmai and enables attackers to watch and manipulate recordings.

Source in German: heise.de

4. Historical Facebook hack: check if you were hit

After the historically large hack of 30 million user accounts, Facebook now makes it possible for the single Facebook user to check if he / she were affected. According to Facebook, the hackers gained access to varying personal information of the hacked account owners including phone number, email address and for some gender, language, relationship status, current city and more.

Source in English: thehackernews.com

5. Email remains most popular malware carrier

An newly published Cofense report reveals that more than 90% of all malware is delivered via email and that the average employee doesn’t experience two full days without receiving a phishing email. More than half of the messages designed to introduce malware to a system make use of the word “invoice” in the subject line.

Source in English: darkreading.com

6. Identity theft most likely to happen to Americans

According to Proofpoint's 2018 User Risk Report, the Americans are taking a clear lead as victims of identity theft. One third of polled Americans had been hit by identity theft, which is more than three times the rate experienced by German and French people. Amongst possible reasons are a culture for real-time location sharing on social media and using work mobiles for personal gaming or online shopping.

Source in English: darkreading.com

7. Google Plus bids a final farewell after large hack

After suffering a hack that exposed the personal data of hundreds of thousands of Google Plus users, the social network is now shut down. Furthermore, Google introduces new privacy controls over third-party app permissions.

Source in English: thehackernews.com

8. Weak passwords banned in California

In the state of California, a bill was passed, which requires any manufacturer of a connected device to use unique, hardcoded passwords for each device, they create. The ban of weak, multiuse passwords aim to combat the vulnerabilities that often lead to the exploitation of so-called Internet of Things products.

Source in English: securityweek.com