Cyber Bites

According to a speculative cyber risk scenario prepared by Cambridge University for risk management purposes, a ransomware strain that would manage to impact more than 600,000 businesses worldwide within 24 hours would potentially lead to damages of billions not covered by insurers. Source: Bleeping Computer

Facebook is halting a scheme that gathered highly personal data from paid volunteers, after it was exposed. TechCrunch said participants - including those aged 13-17 - had been paid up to $20 (£15.30) a month to open up their phones to deep analysis. The news site said the app involved appeared to breach Apple's privacy protection policies. Source: BBC News

Dailymotion, the video-sharing platform, said Friday that it had fallen victim to a “large-scale” and ongoing credential-stuffing assault by attackers looking to harvest user data. The French YouTube competitor said in an alert that it has “successfully contained following the implementation of measures to limit its scope, even though perpetrators are continuing to mount efforts to brute-force user passwords. Source: Threatpost

National data protection watchdogs in the European Union (EU) have received 95,180 complaints from citizens alleging the mishandling of personal data since the General Data Protection Regulation (GDPR) came into effect in May 2018, a joint statement by four senior European Commission officials reveals. Source: We Live Security by ESET

Europol has detailed how law enforcers across the globe are tracking down customers of notorious DDoS-as-a-service site webstresser.org. The site was taken down in April 2018 as part of Operation Power OFF, but that gave police a trove of information on its 151,000 registered users. It’s claimed the marketplace helped customers launch over four million attacks for as little as €15 a month. Source: Infosecurity Magazine

Japan is preparing a national sweep of some 200 million network-connected gadgets for cybersecurity lapses ahead of the 2020 Tokyo Olympic Games, an official said on Tuesday. The government-backed National Institute of Information and Communications Technology will start the survey from February to check potential vulnerabilities in items such as routers, webcams and Web-connected home appliances. Source: Business Times

A serious Apple iOS bug has been discovered that allows FaceTime users to access the microphone and front facing camera of who they are calling even if the person does not answer the call. To use this bug, a caller would FaceTime another person who has an iOS device and before the recipient answers, add themselves as an additional contact to Group FaceTime. This will cause the microphone of the person you are calling to turn on and...

A study by researchers at Barracuda Networks gas illustrated the growing threat posed by IoT credential compromise. Vulnerabilities can be exploited to steal user credentials and compromise devices. The Barracuda research team identified multiple vulnerabilities in camera’s web and mobile applications. The research team recommended that IoT products are scored based on their security level. They argued that this enables businesses and consumers to make informed devices when choosing IoT products. Source: ComputerWeekly

The Massachusetts data breach notification law has been amended. The amendments include providing victims who fall victim to a data breach a free credit freeze and 18 months of free credit monitoring. Furthermore, companies can no longer delay notifying authorities and victims of a breach on the basis that they do not know the number of individuals affected. Source: The Daily Swig

Google is set to appeal the €50m GDPR fine given to them by the French Data Protection agency. Google have stated that they have created a transparent and straightforward GDPR consent process. The company expressed concern on the impact the ruling would have on publishers, tech companies and original content creators. Source: The Register