Cyber Bites

Britain's data watchdog is investigating complaints that Google is breaking privacy laws, raising the prospect of multi-million pound fines for the company. The Information Commissioner’s Office is investigating whether the Search giant has broken the General Data Protection Regulation (GDPR), which came into force last year. If found to be in breach Google faces fines of up to 4pc of its global turnover - which by 2017’s figures could be as much as $4bn (£3.1bn).  Source:...

The cybercrime industry cost the world three trillion dollars in 2015 and it is predicted that this amount will rise to six trillion by 2021, according to a 2018 Cybersecurity Ventures post. Ransomware attacks are more popular than ever, and a wide range of ransomware packages are on sale on the dark web, just as if it were the sale of legal software. Updates, technical support, access to C&C servers, and a range of payment...

Basecamp successfully blocked an hour-long credential stuffing attack targeting its platform on January 29, with only around 100 out of the company's advertised user base of approximately 3 million accounts being affected. CTO David Heinemeier Hansson announced in a blog post on the company's website that the attack was detected at 12:45 PM central when a huge increase in the number of logins was detected by the ops team. The assailants made approximately 30,000 attempts...

Car servicing chain Kwik-Fit has suffered a malware attack that has caused delays in customers' car repairs.The company initially would only confess to El Reg that it had been infected by an unspecified "virus" in its "IT network" over the weekend, and the BBC later reported "malware" was to blame. From the scant facts publicly available, it appears that whatever KO'd Kwik-Fit's systems without compromising sensitive data may have been ransomware. Source: theRegister

Brand impersonation remains the most common attack vector, used in 50 percent of advanced email attacks in the fourth quarter of 2018—with Microsoft impersonated in 70 percent of these instances. For executive targets, one-third (33 percent) of advanced email attacks use display name deception that impersonates an individual—a common tactic for business email compromise (BEC) attacks, which frequently target CFOs. In a survey of more than 300 businesses in the U.S. and U.K., it was...

French telecommunications multinational Orange has bought the UK’s independent cybersecurity provider, Maidstone-headquartered SecureData, from its private equity and management team owners for an undisclosed sum. The deal includes its penetration testing and consulting arm, SensePost. The acquisition, announced this morning, was described by Orange, which has revenues of circa €41 billion annually and over 261 million customers globally, as “another step toward establishing Orange’s position as a leading player in the European cybersecurity market.” Source:...

Researcher Troy Hunt had brought attention to the largest data dump containing 12,000 files, 773m unique email addresses and 22m unique passwords. He called the database available online Collection #1. It has now been discovered that Collection #2-5 is also available online for the mere price of $45, and contains 2.2bn emails, usernames and passwords, as well as 25bn records and 845GB of data. The emails and passwords are a collection of previous leaks (Yahoo,...

The Payment Card Security Standards Council (PCI SSC) has published earlier this month an overhaul of its software security standards – the first one in more than a decade. The changes are aimed at reducing the rampant trend of credit card theft, which had dramatically increased as the “ecosystem” of credit data has become more varied and complex with the introduction of smart payment, tablets, wearables and more. Source: Forbes

Twitter revealed Thursday that it had removed thousands of malicious accounts thought to have originated in Iran, Russia and Venezuela for spreading disinformation online, including previously undisclosed efforts to target the 2018 U.S. midterm election. Twitter said that the takedowns illustrate its progress two years after Russia’s 2016 disinformation campaign reached hundreds of millions of social-media users. The social media platform stated that the threats were spotted far earlier as a result of investments in...

Yahoo’s proposed a $50 million pay-out, plus two years of free credit monitoring for about 200 million people in the United States and Israel was rebuffed by U.S. District Judge Lucy Koh, who said she couldn’t declare the settlement “fundamentally fair, adequate and reasonable” because it did not say how much victims could expect to recover, according to court documents.In 2016, the massive data breach compromised the information of more than one billion Yahoo users...