Security summary – October 2019

Our short monthly review summarises important news and blog posts, which focus on IT security, cloud computing and privacy protection.

1. Swiss cyber security report documents rise in Trojan-based attacks

The half-yearly report from MELANI (Swiss Reporting and Analysis Centre for Information Assurance) has been published for the first half of 2019. It primarily focuses on Trojan-based cyberattacks causing large-scale damage worldwide.

Source: melanie.admin.ch

2. Weak passwords are a major security vulnerability in hospitals

The lack of clearly defined access rights or the ease in which passwords can be decrypted is a major vulnerability for hospitals and may leave them exposed to professional hacker attacks. According to a study by consulting firm Roland Berger, two out of three hospitals have already fallen victim to cybercrime.

Source: security-insider.de

3. Bedside robots used at a Japanese hotel easy to hack

After warning the Japanese hotel chain HIS Group about inadequate security in their robots used both to check in and assist guests during their stay, a security researcher made the possibility to hack and livestream the robot cameras public.

Source: theregister.co.uk

4. Alexa and Google Home demonstrated to enable phishing attacks

Alexa suddenly asking for a password, should set alarm bells ringing. While a seemingly legitimate concern like installing security updates may be involved, this is fairly certainly a phishing attack, as researchers have recently demonstrated.

Source: heise.de

5. 99% of cyberattacks caused by human error

In the new Human Factor Report, Proofpoint's security experts shed light on how cybercriminals use people, not technical systems, to spread malware, initiate fraudulent transactions, steal data and enrich themselves with other types of fraud.

Source: security-insider.de

6. Trump campaign website left open to email server hijack

A misconfigured website development tool exposed hundreds of email servers to takeover, including President Donald Trump’s official campaign website.

Source: threatpost.com

7. 26 million credit card data leaked from online black market

The large online black market for stolen credit card data BriansClub has fallen victim to a hacker attack. Unknown persons were able to access a database (in a version dated August 2019) and acquire 26 million credit card records. According to several sources, the data is believed to be genuine.

Source: heise.de

8. Twitter targets ads to email data gathered for security purposes

Twitter has acknowledged that user phone numbers and email addresses gathered for security purposes, as part of its two-factor authentication policy, may have been used to sell ads.

Source: threatpost.com

9. USA and its allies hinder encryption on Facebook

The US, UK and Australia have asked Facebook not to implement the announced expansion of online network encryption without a back door for law enforcement. This is important to protect children from violence and sexual abuse, the governments said in a letter to Facebook founder and CEO Mark Zuckerberg.

Source: security-insider.de