Cyber Bites

  In February, Google threw 600 apps out of its Play store. Amongst those was an app called Clean Master, a security tool promising antivirus protection and private browsing. It had more than 1 billion installs before it was evicted and, despite Google’s ban, is one of Android’s most downloaded apps ever and is  likely still running on millions of phones. Source: Forbes

Some well-known websites could stop functioning properly on Wednesday, 4 March, after a bug was found in the digital certificates used to secure them. The organisation that issues the certificates revealed that three million need to be immediately revoked. Visitors to affected sites will be greeted with an alert warning them the site is insecure. Source: BBC

  The email addresses and travel details of about 10,000 people who used free wi-fi at UK railway stations have been exposed online. Network Rail and the service provider C3UK confirmed the incident three days after being contacted by BBC News about the matter. The database, found online by a security researcher, contained 146 million records, including personal contact details and dates of birth. Source: BBC

  Some customers of credit history-building tool Loqbox have had personal and financial data compromised after the firm was hit by a "sophisticated and complex" cyber attack. Loqbox is a tool which helps those with patchy credit histories build a credit score by buying a 'digital voucher' – essential a loan – and then 'repaying' it by saving a set amount into a Loqbox account each month. Source: Money Saving Expert

  Smart cameras and baby monitors can be watched by criminals over the internet by default, security chiefs warn. The National Cyber Security Centre (NCSC) is advising people to tweak the settings after buying them. Easy-to-guess default passwords might let a hacker secretly observe a home through connected devices, it said. Source: BBC

The UK Home Office has breached European data protection regulations at least 100 times in its handling of the EU Settlement Scheme (EUSS). IDs have been lost, documents misplaced, passports have gone missing, and applicant information has been disclosed to third parties without permission in some of the cases, according to a new report. Source: ZD Net

Tesco is issuing new cards to 600,000 Clubcard account holders after unearthing a security issue. The supermarket giant said it believed a database of stolen usernames and passwords from other platforms had been tried out on its websites, and may have worked in some cases. No financial data was accessed and its systems have not been hacked, it added. Source: BBC

Mobile and technology news website BGR India’s website was recently hacked and the data collected from the website has been leaked on the dark web. The data included email IDs, passwords and other information of the former employees of the company. Source: Inc 42

  Fraudsters have targeted UK taxpayers with a total of 1,524,449 phishing emails, calls and text messages purporting to be from Her Majesty's Revenue and Customs (HMRC) over the last two years, according to official figures. The data reveals the staggering number of suspected fake correspondence reported to HMRC’s official complaints email for phishing scams [email protected] - by members of the public in 2019 and 2018. Source: The Commentator

  A precision parts maker for space and defense contractors has confirmed a “cybersecurity incident,” which TechCrunch has learned was likely caused by ransomware. Visser Precision, a Denver, Colorado-based manufacturer, makes custom parts for a number of industries, including automotive and aeronautics. In a brief statement, the company confirmed it was “the recent target of a criminal cybersecurity incident, including access to or theft of data.” Source: Tech Crunch