Security News
British Airways is to pay a £20m data protection fine after its 2018 Magecart hack - even though the Information Commissioner's Office discovered the airline had been saving credit card details in plain text since 2015. It also condemned BA's claims during fine negotiations that credit card data breaches are "An entirely commonplace phenomenon" and "An unavoidable fact of life".
Hackers needed roughly 24 hours to take over high-profile Twitter accounts in the July attack, a report from the New York Department of Financial Services reveals. A couple of weeks after the incident, Twitter revealed that hackers targeted some employees with phone phishing until gaining access to the account support tools they needed.
American financial regulators in New York have demanded Twitter be subject to harsher rules following the July hacks of prominent users' accounts - as CEO Jack Dorsey furiously backpedals after his website censored a news article from a US newspaper. The New York State Department of Financial Services demanded that Twitter be subject to more "Cybersecurity protections", controlled and overseen, naturally, by itself.
UPDATE. Barnes & Noble is warning that it has been hacked, potentially exposing personal data for shoppers - and offering phishers an early holiday gift. In any event, Barnes & Noble said that its IT team "Doesn't know" yet if customer info was exposed, but the systems that were hit contained personal data, so it may have been.
The online proctoring service ProctorTrack has disabled access to their service after its parent company was hacked. ProctorTrack is one such solution by Verificient that is used by numerous universities, including Rutgers, University of Western Ontario, Ohio University, Illinois State University, Purdue University, and MIT. Verificient and ProctorTrack was hacked.
Hackney Council in East London has declared that it was hit by a "Cyberattack" - but both the authority and officials from the National Cyber Security Centre remain tight-lipped about what actually happened. In a statement published on the council website this morning, local mayor Philip Glanville said: "Hackney Council has been the target of a serious cyberattack, which is affecting many of our services and IT systems."
Hack-for-hire group BAHAMUT managed to build a fake online empire to leverage in cyber-espionage operations targeting the Middle East and other regions around the world, BlackBerry reports. "BlackBerry assesses that the InPage zero-day exploit first identified by Kaspersky in 2016 and given CVE-2017-12824 but never attributed, was in fact used by BAHAMUT. We also assess that it was first developed by a Chinese threat group in 2009 for use in targeting a group in diaspora perceived to be a potential threat to the power of the Chinese Communist Party," BlackBerry notes in a new report.
A security flaw allowing attackers to remotely snoop in on victims' private conversations was found to stem from an unexpected device - their TV remotes. The flaw stems from Comcast's XR11, a popular voice-activated remote control for cable TV, which has more than 18 million units deployed across the U.S. The remote enables users to say the channel or content they want to watch rather than keying in the channel number or typing to search.
According to the 2020 Insider Threat Report by Cybersecurity Insiders, the biggest enabler of insider attacks is the fact that in 61% of incidents the perpetrator had elevated access privileges to sensitive data and applications. Traditional perimeter security will not protect against over privileged insiders that want to access critical data.
Government and financial service sectors globally are the most hack-resistant industries in 2020, according to Synack. Government and financial services scored 15 percent and 11 percent higher, respectively, than all other industries in 2020.