With GDPR Regulations coming into effect just last month, we're now starting to see just how serious of an issue it is for businesses, with data breaches and leaks popping up all over the news. Meanwhile, the public continues to fall for the ever-evolving tricks and tactics used by hackers and phishing criminals.
- Yahoo fined £250,000 over cyber-attack - via BBC
Yahoo's UK sector has been fined £250,000 by the UK Information Commissioner's Office (ICO) over a data breach affecting more than 500 million users which took place in 2014. The ICO's investigation also found that the firm failed to ensure that its Yahoo-owned data processor "complied with the appropriate data protection standards", It did not ensure that the credentials of employees with access to customer data were monitored, and there was "a long period of time" before the flaws which led to the breach were discovered or addressed.
- Dixons Carphone admits huge data breach - via BBC
Dixons Carphone are under investigation for the hacking attempt, which began in July last year. The company stated it had no evidence that any of the cards had been used fraudulently following the breach. There was "an attempt to compromise" 5.8 million credit and debit cards but only 105,000 cards without chip-and-pin protection had been leaked, it said.
- Tesla hacked by former employee - via Digital Trends
Tesla are suing a former employee after accusations by Elon Musk suggesting the work of a secretive internal saboteur. The employee in question has been accused of writing software that hacked Tesla's manufacturing operating system, and transferring several gigabytes of Tesla data to outside entities, including "dozens of confidential photographs and a video of Tesla's manufacturing systems."
- Cortana Software could help anyone unlock your Windows 10 computer - via The Hacker News
With its latest patch Tuesday release, Microsoft has pushed an important update to address an easily exploitable vulnerability in Cortana that could allow hackers to break into a locked Windows 10 system and execute malicious commands with the user's privileges. In a worst case scenario, hackers could also compromise the system completely if the user has elevated privileges on the targeted system.
- Ex-CIA employee charged with leaking 'Vault 7' hacking tools - via The Hacker News
A former CIA computer programmer has now been charged with masterminding the largest leak of classified information in the agency's history. The employee who once created malware for both the CIA and NSA to break into adversaries computers, was indicted Monday by the Department of Justice on 13 charges of allegedly stealing and transmitting thousands of classified CIA documents,software projects, and hacking utilities.
- Mac OS bug reveals encrypted file information - via SCMagazine
A duo of security researchers have re-discovered a bug in the newest version of MacOS that allows unauthorised eyes to glean information about the content of files - even if they are encrypted. The security flaw concerns Apple's 'Quick Look' feature, which works with PDFs, HTML and iWork documents as well as a range of other files, such as images including PNG.
- Email Phishers using a simple method to bypass MS Office 365 protection - via The Hacker News
Security researchers have been warning about a simple technique that cyber criminals and email scammers are using to bypass most AI-powered phishing detection mechanisms implemented by widely used email services and web security scanners. Dubbed ZeroFont, the technique involves inserting hidden words with a font size of zero within the actual content of a phishing email, keeping its visual appearance same and making it non-malicious in the eyes of email security scanners.
- New Netflix phishing scam using TLS-certified sites - via ThreatPost
Researchers are warning of a new Netflix phishing scam that leads victims to sites with valid Transport Layer Security (TLS) certificates. The attackers will take advantage of unpatched installs or plugins, or weak passwords, to compromise usual-suspect CMS software, like WordPress or Drupal. From there, they can create phishing sites that could be mistaken for real Netflix domains.
- Google Home and Chromecase leak location information - via ThreatPost
Google Home and Chromecast devices allow attackers to uncover the precise physical locations of the connected gadgets as, like many other IOT devices, they don't require authentication for connections received on a local network. A fix from Google is incoming in July.
- Cyber-criminals try to score with FIFA World Cup phishing emails - via SCMagazine
IBM and Check Point have each noted several scams being run that take advantage of World Cup fans, with most telling the recipient that they had won upwards of $1 million (£0.8 million) and in a few cases, the criminals used Coca-Cola, which is an official World Cup sponsor, to help make the offer legitimate.