Cyber Security Watch June

By Claire Snook | July 7th, 2020 | Cyber Security Watch

Sun Tzu, The Art of War, commented: “attack like the fire and be still as the mountain”, and it seems appropriate this month. Cyber attacks are all about stealth, picking your moment, and attacking as hard as you can at the target. Traditional AV feels like it’s struggling to keep up and with attacks becoming more sophisticated it really is time we started creating a deep predictive understanding of the enemy. As Sun Tzu said: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.”

What-is-Virtual-Office-Space

Only as strong as the weakest link

https://www.hindustantimes.com/world-news/massive-spying-on-users-of-google-s-chrome-shows-new-security-weakness/story-SbwJGLsyhgJODuIhDqgfLM.html

More than 32 million downloads of Chrome extensions have discovered to contain spyware. Google removed 70 add-ons affected from the official Chrome Web Store following the malicious discovery in May. The majority of the free add-ons afflicted were used to warn users about problematic websites or file format conversions. This has been the farthest-reaching malicious campaign to date suing Chrome store.

 

rajeshwar-bachu-K4txLik7pnY-unsplash

There’s a fine line between collecting data and breaching privacy

https://www-zdnet-com.cdn.ampproject.org/c/s/www.zdnet.com/google-amp/article/google-faces-class-action-for-allegedly-tracking-private-browsing-activity/

A class action suit is being filed against Google’s parent company, Alphabet Inc. The lawsuit claims that Google is tracking and collecting personal details such as browsing history and other web activity, even when browsing in private mode.

The complaint claims that Google Analytics, Ad Manager and other applications and plug-ins are used by Google to collect users’ IP addresses, what users view, what was last viewed and details of hardware back to Google.

Google’s services are allegedly used by over 70% of all online publishers. This means that Alphabet Inc needs to be clear about how user data is being collected and analysed.

 

nick-fewings-S3AeFMlyITA-unsplash

Why trust needs to be built into smart technology.

https://www.which.co.uk/news/2020/06/the-truth-behind-smart-appliance-security-updates/

Washing machines, printers, and even vacuums are being turned into smart appliances to make our lives easier, but how secure is this software? Consumer watchdog Which has identified that in order for consumers to be willing to pay extra for smart technology, manufacturers need to prove they will provide ongoing security updates for their connected products for the foreseeable future. How long is a lifetime guarantee? Without a clear definition or policy, it’s up to the brands to decide what a lifetime means to them.

 

nathy-dog-z1uDmJx3ZEQ-unsplash

How safe is your home security?

https://digit.fyi/home-cctv-security-flaws-put-thousands-of-uk-households-at-risk/

Thousands of homes have been put at risk of hacking due to a security flaw in home CCTV cameras. Weak Unique Identification Numbers (UID) were identified as the source of the issue. Dozens of brands are affected and the weakness allows cybercriminals to pinpoint the exact location of a user’s home and target other household devices linked to a broadband network.

Camera hardware had a chip installed by China-based manufacturer HiChip. Weak Unique Identification numbers (UID) were pinpointed as the source of the issue with many cameras. Ensuring devices are protected on a home network is becoming more critical than ever.

 

markus-spiske-FXFz-sW0uwo-unsplash

Malware attack

https://www.infosecurity-magazine.com/news/over-twothirds-of-q1-malware/

Over two-thirds of malware detected in the first three months of the year were hidden in HTTPS encrypted tunnels in a bid to evade traditional AV. Cybercriminals are learning to exploit measures used for the prevention of attacks.

67% of that malware was delivered via HTTPS connections. Cybercriminals are using their knowledge to deliver encrypted attacks featuring malware that would have been missed by legacy-signature based AV. It’s time to ensure networks are upgraded and can prevent increasingly more sophisticated
Want to stay in the loop? Join our newsletter here.

Leave a Reply