Weekly Threat Report 3rd August 2018

Data breach suffered by Reddit

Reddit confirmed earlier this week that it had suffered a data breach back in June 2018 with all data created between 2005 and 2007 compromised.

This data included users’ protect passwords and email addresses as well as current usernames and corresponding email addresses which were obtained from the weekly email digests that roundup top Reddit posts.

The NCSC has issued advice for Reddit users who have had an account between 2005 and the present day….

Link: Weekly Threat Report 3rd August 2018
Source: NCSC Reports

Weekly Threat Report 27th July 2018

Singapore health system attacked – 1.5m records stolen

Singapore’s Ministry of Health and Ministry of Communications and Information have reported that 1.5 million personal data records, about a quarter of the country’s population, were stolen in a recent breach. The data included names, national identity card numbers, addresses, gender, race and dates of birth, with 160,000 of these also containing the records of dispensed medicines.

The Cyber Security Agency of Singapore (…

Link: Weekly Threat Report 27th July 2018
Source: NCSC Reports

Weekly Threat Report 20th July 2018

Are weak login credentials allowing criminals to bypass your security?

A study by cyber security firm McAfee has found that criminal marketplaces on the dark web are selling Remote Desktop Protocol (RDP) access for as little as $3 and, in some instances, offering up to 40,000 separate RDP connections. These RDP accesses are said to include government departments and the security system of a major international airport.

RDP …

Link: Weekly Threat Report 20th July 2018
Source: NCSC Reports

Weekly Threat Report 13th July 2018

Another fitness tracker reveals personal information 

Researchers at citizen journalist website Bellingcat and Dutch news site De Correspondent have revealed that unauthorised individuals could use the Polar fitness tracking app to track users’ activities, even if privacy settings appeared to be locked down. Polar have since published a statement and FAQ for its users. 

This follows similar revelations involving the Strava…

Link: Weekly Threat Report 13th July 2018
Source: NCSC Reports

Weekly Threat Report 6th July 2018

Clipboard hijacking malware

This week, a newly-discovered clipboard hijacking malware sample has been seen monitoring over 2.3 million cryptocurrency addresses.

The malware scans the Windows Clipboard for cryptocurrency addresses, switching legitimate ones for addresses owned by the attacker. The malware runs in the background and as processes look genuine there are no tell-tale signs of infection.

Clipboard hijacking, however, is not a new threat. Historically, earlier versions of web…

Link: Weekly Threat Report 6th July 2018
Source: NCSC Reports

Weekly Threat Report 29th June 2018

Fake Fortnite – don’t click the link 

Malware developers are exploiting the popularity of the video game Fortnite, with fake Android versions of the game advertised in third party stores and on compromised links in YouTube game installation videos.  

Whilst initially appearing to be genuine, using real images from Fortnite to mimic an installation, the game never actually installs, and the device…

Link: Weekly Threat Report 29th June 2018
Source: NCSC Reports

Weekly Threat Report 22nd June 2018

Football or Phishing?

At least two phishing campaigns are taking advantage of this year’s football World Cup.

Fraudsters are attempting to exploit fans’ eagerness to keep up with the games and the results in the expectation that fans might click on links more readily.

Phishing emails are reported to be sending fixture schedules and results mappers to fans, but the links are loaded with adware and malware.

In another example, fraudsters are offering a pair of Adidas shoes in…

Link: Weekly Threat Report 22nd June 2018
Source: NCSC Reports

Weekly Threat Report 15th June 2018

Yet another cryptocurrency exchange is attacked

On Saturday, 9 June, Coinrail, a South Korean cryptocurrency exchange, announced that they had been the victim of a data breach, leading to the loss of an estimated $40 million in altcoins.

The attackers are believed to have stolen 1,927 ether, 2.6 billion NPXS, 93 million ATX and 831 million DENT coins, alongside significant amounts from six other tokens, representing 30% of Coinrail’s total coin and reserves. However, Coinrail claim…

Link: Weekly Threat Report 15th June 2018
Source: NCSC Reports

Weekly Threat Report 8th June 2018

Owari botnet own-goal takeover

Security researchers recently took over the large Owari botnet after its owner failed to change the command-and-control (C&C) server’s weak default credentials.

Owari is a Mirai botnet variant, designed to exploit Internet of Things (IoT) devices with weak or default passwords. Following the publication of Mirai’s source code numerous variants have been observed, often competing against each other.

Owari scans for known vulnerabilities found…

Link: Weekly Threat Report 8th June 2018
Source: NCSC Reports

Weekly Threat Report 25th May 2018

GDPR and what it means for cyber security

The General Data Protection Regulation (GDPR) comes into force today, 25th May, setting clear instructions about the appropriate technical and organisational measures that must be in place to securely process personal data.

While there has been a lot of messaging around GDPR, what you may not know is that the NCSC has been working closely with the Information Commissioner’s Office (ICO) to develop a set of security outcomes. The guidance…

Link: Weekly Threat Report 25th May 2018
Source: NCSC Reports