Earlier today, Kaspersky Lab researchers announced that they had discovered flaws in Hanwha’s SmartCam cameras. More than a dozen vulnerabilities were found including critical flaws that can be used to take control of devices remotely.
Earlier this year, researchers from Kaspersky Security Analyst Summit (SAS) issued a report on a highly sophisticated cyberespionage campaign called Slingshot. What makes this initial attack vector unique is that many victims were attacked through compromised routers made by MikroTik. Routers download and run various DLL files in the normal course of business. Attackers found a way to compromise the devices by adding a malicious DLL to an otherwise legitimate package of other DLLs. The bad DLL was a downloader for various malicious files, which were also stored in the router.
Gwent Police is being investigated after failing to inform hundreds of people that hackers may have accessed their confidential reports to the force. Sky News has learned that up to 450 people who filed reports through an online tool over a two-year period could have been put at risk by hackers due to security flaws. Although the tool was decommissioned after an internal security review discovered that confidential information was being exposed, the force did not inform the individuals who were affected.
Commenting on the news is Javvad Malik, security advocate at AlienVault and Lee Munson, security researcher at Comparitech:
Javvad Malik, security advocate at AlienVault:
Being breached isn’t necessarily something that can be completely avoided and most companies will face a breach or near-breach at some point. With this in mind, it is important that companies have appropriate threat detection controls in place that can identify when a breach has occurred as soon as possible so that the appropriate response can be taken.
The response will involve isolating infected systems, assessing damage, and equally important issuing relevant notifications. This could be to partners, shareholders, regulators, and customers. This is of particular importance where personal information is disclosed and will be an area that will be scrutinised with more rigour once GDPR comes into force.
Lee Munson – Security Researcher at Comparitech:
That a data breach occurred through an online tool used by Gwent police is hardly shocking given the number of other breaches, reported and otherwise, that occur across the internet all year round.
What is shocking, though, is the fact that it went undetected for two years and then, when it was discovered, the incident response was sadly lacking.
Not only did the force ignore the fact that it should have informed the Information Commissioner’s Office but, worse, it did not consider the 450 or so people who may have had personal or other sensitive information compromised.
Worse than that, the assertion from a spokesperson that it was highly unlikely that a potential attacker could have swiped any data is dangerous thinking which may lull affected persons into thinking they need do nothing.
In reality, affected persons should be considering the nature of the information they shared with Gwent police and checking email accounts for targeted phishing attempts, reviewing online banking accounts and changing passwords, as appropriate.
A data breach at the Florida Virtual School is thought to have impacted impacted more than 368,000 current and former students and up to 2,000 teachers at the school. A statement from FLVS says the breach likely occurred between May 6, 2016, and Feb. 12, 2018, but it wasn’t reported until last Friday. FLVS says school records including students names, dates of birth, school account numbers, their usernames and passwords as well as parent’s names and emails were compromised by the breach.
It has been reported that researchers at The Citizen Lab have revealed the apparent use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices to deliver nation-state malware in Turkey and indirectly into Syria, and to covertly raise money through affiliate ads and cryptocurrency mining in Egypt.
News broke this morning that a cyber-espionage group, historically believed to be operating in the interests of the Chinese government is believed to have hacked a UK government contractor from where security researchers found evidence that attackers stole information related to UK government departments and military technology.
It has been found that many organisations are not doing all they can to protect data privacy with there being a lack of transparency in how businesses store personal data, according to PwC’s 2018 Global State of Information Security Survey (GSISS). It was found only 51% of respondents have an accurate inventory of where personal data for employees and customers are collected, transmitted, and stored. When it comes to third parties who handle personal data of customers and employees, less than half (46%) conduct compliance audits to ensure they have the capacity to protect such information. And a similar number (46%) say their organisation requires third parties to comply with their privacy policies.
Bittium exhibits its innovative R&D services for IoT; and medical technology products at Wearable Technology Show 2018 in London
Bittium’s presentation discusses about medical remote monitoring in the 5G era
Oulu, Finland, March 12, 2018 – Bittium exhibits its innovative R&D services for IoT (Internet of Things); and medical technology products at Wearable Technology Show 2018, to be held in ExCel, London, the United Kingdom on March 13–14, 2017. Bittium’s strong competence in medical grade R&D services, wireless devices, digitalization and information security enable us to create solutions which bring clear added value to both healthcare workers and patients.