KW 14: Facebook data on millions of user accounts leaked online in latest breach, Hackers disguise themselves as a security company, Ransomware blackmailers are demanding more and more ransom

NEWS

Facebook data on millions of user accounts leaked online in latest breach: Data from hundreds of millions of Facebook users was leaked online on Saturday, including personal information such as phone numbers, full names, and email addresses. The leaked data from 533 million users in 106 countries was posted on an obscure hacking forum. The data is believed to be more than a year old, but security experts say the information could still be used by criminals to commit identity fraud. That data included records on 32 million users in the United States, 11 million users in the United Kingdom and six million users in India. Facebook downplayed the significance of the leak and claimed it affected old data that was previously reported on in 2019 and has since been fixed. Troy Hunt, the creator of the Have I Been Pwned database, said on Saturday that “I haven’t seen anything yet to suggest this breach isn’t legit.” In the data, he found only about 2.5 million unique email addresses, but apparently, “the greatest impact here is the phone numbers.”
dw.com, theverge.com

Hamburg’s data protection officer criticizes the Luca app: Hamburg data protection officer Johannes Caspar has called for an evaluation of the Luca app, which is widely praised in Germany as the best solution for contact tracking in the pandemic, in terms of data protection. “It’s about achieving transparency towards the public. Without the source code, it is not possible to see how software works ”, Caspar told the „Rheinische Post“ newspaper. There is also no data protection impact assessment, which is essential for an evaluation of the app under data protection law. Caspar further criticized the fact that the “data protection documentation must be created before it is put into operation and the risk to the rights and freedoms of the persons concerned must be known”. The app’s developers, Nexenio, had promised, after much criticism, to publish the source code by the end of March. Eventually they put the code online, but under a self-written license, which made it difficult for outside parties to verify it. Activists from the Exploration group called this „the worst license we’ve read in a long time“. At other points in the code there were sequences that were developed by other programmers and made available via open source. The developers apparently removed the license information required for this from “their” code. Doubts quickly arose about Nexenio’s interest in transparency. Finally, the source code was placed under the “GNU GPLv3” license.
golem.de, winfuture.de

Hackers disguise themselves as a security company: Google’s threat analysis unit has discovered a new hacking tactic. Cyber criminals from North Korea sometimes disguise themselves as security companies and then contact security researchers. Under the pretext of wanting to develop joint projects, they then try to obtain the researchers‘ expert knowledge. For this purpose, the hackers created many fake profiles on social media and blogs to increase their credibility.
zdnet.de

– Advertisement –
IoT – Ticker -The physical world meets the digital one. Internet of Things as an interface that revolutionizes both the industry and everyday life. Get a weekly update from the world of „Internet of Things“. iot-ticker.net

Ransomware blackmailers are demanding more and more ransom: According to a new study by Palo Alto Networks, not only are ransomware attacks increasing, cyber criminals are getting bolder and demanding ever larger amounts of ransom. The „Unit 42 Ransomware Threat Report“ explains details on the most important ransomware variants, average ransomware payments, ransomware predictions and actionable next steps to immediately reduce the ransomware risk. The report also shows: The average ransom paid by companies is increasing: From around $115,000 in 2019 to more than $312,000 in 2020. The highest ransom paid also rose sharply year-on-year: from five million dollars in 2019 to ten million dollars one year later. The demands are also getting higher: While the highest ransomware demand between 2015 and 2019 was 15 million US dollars, it rose to 30 million dollars in 2020.
com-magazin.de

Attacks on smart factoring paralyze production for days: According to a study by cybersecurity expert “Trend Micro”, security incidents occur in 61% of smart factories. In three quarters of the cases, the incidents subsequently led to production stoppages, in more than 40% of those surveyed even for several days. Manufacturing companies often find it difficult to deploy the technologies required to effectively manage cyber risks. A lack of cooperation between IT and OT would also jeopardize security, resulting in an „imbalance between people, process and technology“ that hackers could use for themselves, according to Udo Schneider, IoT Security Evangelist Europe at Trend Micro.
infopoint-security.de

Banking Trojan Janeleiro steals sensitive data with pop-up windows: ESET Research has been tracking a new banking trojan that has been targeting corporate users in Brazil since 2019 across many verticals affecting sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government. This new threat, which we named Janeleiro, attempts to deceive its victims with pop-up windows designed to look like the websites of some of the biggest banks in Brazil. These pop-ups contain fake forms, aiming to trick the malware’s victims into entering their banking credentials and personal information that the malware captures and exfiltrates to its C&C servers. Janeleiro follows exactly the same blueprint for the core implementation of this technique as some of the most prominent malware families targeting the region: Casbaneiro, Grandoreiro, Mekotio, Amavaldo, and Vadokrist, among others.
welivesecurity.com

Facebook hack: How to find out whether hackers have your e-mail address haveibeenpwned.com
Cloud security: How companies deal with the issue computerwelt.at
Threat Landscape 2020: Which vulnerabilities should be patched? security-insider.de
Android: Trojan disguises itself as update and gives attackers access to data focus.de
Online workshop: Secure cloud usage heise.de

– Advertisement –
African Edition – The weekly newsletter that provides you with hand-picked news about current discussions and news from Africa: from socio-political developments to African-European relations. The continent at a glance. african-edition.com

NUMBER OF THE WEEK

According to a recent survey, there is a shortage of up to 10,000 IT specialists in Austria.
derstandard.de

BACKGROUND

How to spot hidden Trojans: Trojans are usually cleverly hidden so that they can gain control of and damage computers undetected. However, there are a few things to look out for in order to detect an infection. While „normal“ computer viruses usually cling to files, Trojans are malware programs that often disguise themselves as useful applications. It is all the more important to only download files from trustworthy sites, to open e-mail attachments only from known senders – if necessary, check the sending e-mail address for correctness beforehand – and never open .exe files that are sent as e-mail attachments. If worse comes to worst, anti-malware scanners help identify malware. The system software should also be updated regularly.
futurezone.de

Growing number of networked devices increases demands on industrial security: This is the result of a survey by Dimensional Research on behalf of the industrial security company Tripwire. The security of networked devices in corporate environments was tested in 2021. 99% of the 312 security experts surveyed spoke of challenges related to the security of IoT and IIoT devices. Almost as many (95%) expressed concern about the possible risks of networked devices. Around 75% stated that networked devices would not easily fit into the existing security concept and that they would have to expend additional resources in order to meet their IoT and IIoT security requirements. The concern in the industrial sector is much greater.
it-daily.net

QUOTE

„Manufacturers have to take security aspects into account when developing and designing new IoT devices.“
Markus Schaffrin, IT security expert and head of the Member Services division in the Association of the Internet Industry in Europe, Eco.
netzpalaver.de

SECURE?

Dutch regulator fines Booking.com 475,000 euros: The Dutch Data Protection Authority has announced a fine of 475,000 euros for Dutch headquartered online travel agency Booking.com for failure to report a data breach within 72 hours of becoming aware of the incident in 2019. The breach involved unauthorized access to login credentials, enabling criminals to gain access to the personal data of more than 4,000 customers. Compromised details included names, addresses, telephone numbers and approximately 300 credit card numbers.
huntonprivacyblog.com

Newsletter subscription

Subscribe to our free weekly newsletter for a compact overview of safety and security topics:

Safety-Security-Ticker

More digital news briefings

Our political briefings