The EQ Cyber Security Debrief 07.01.19
Each week at EQ Data we will be looking at the breaking news stories from the world of data and cyber security. From the latest cyber technology developments to data breaches and new marketing insights; you can find the debrief here.
Celebrities caught out in Twitter hacking experiment
Last week the security company, Insinia Security, conducted a hacking exercise on various celebrity Twitter accounts such as those belonging to Louis Theroux and Eamonn Holmes, to expose the security flaws in text message authentication. Insinia sought to prove the dangers of Twitter’s current regulations which mean anyone can control an account if they have the mobile number linked to that profile (without need for the password). While Insinia has not stated how it obtained the numbers, it said this was “surprisingly easy”. In the blog post on the spoof attack, Insinia highlighted how organised crime groups and nation states might use this relatively easy method to hack accounts, spread fake news, disinformation and malware. The firm advises users to remove their phone numbers from their accounts.
The Los Angeles Times, Chicago Tribune and other US newspapers hit by cyber-attack
A malware attack on servers at several major US newspapers over the weekend caused havoc as it disrupted production and printing, causing delays in distribution. The cyber-attack hit the systems at Tribune Publishing, the house behind the Los Angeles Times, Chicago Tribune and West Coast editions of the New York Times and Wall Street Journal. It appears the attack was only intended to obstruct distribution rather than hack any personal information; Tribune Publishing has assured in a statement that no customer data was compromised by the attack.
Netflix users warned against phishing mail attempts
The Federal Trade Commission (FTC) published a blog post last week warning consumers about the real risks of phishing scams, endangering not only your personal data but your entire device network if the scam includes malware. In the post the FTC included a screenshot of one believable scam from a hacker posing as Netflix, stating that the user’s account was on hold due to “billing information” issues, then directing the user to a link to update their payment information. The FTC advises consumers to look closely at suspicious emails and small errors such as spelling mistakes or missing out your name might indicate the work of a scammer. Consumers are advised not to open these messages and to report any fraudulent emails to Netflix and the FTC.
EU launches bug bounty program for open source software
The European Union is funding a bug bounty program inviting ethical hackers to locate security bugs in 14 open source software projects, for a great reward. The EU is launching the program this month as part of the third stage of the Free and Open Source Software Audit Project (FOSSA), which began in 2015 after security flaws were found in various Free Software projects, such as a vulnerability in OpenSSL, the open software library responsible for many internet applications. Open Source Software is commonly used by EU organisations in their websites and as such FOSSA is aimed at safeguarding Free and Open Source software for, “the integrity and reliability of the internet and other infrastructure”. The total bug bounty price for this program is €851,000 with the amount varying depending on the importance of the project and the scale of the bug.