UK Parliament Hit by Cyberattack, Up to 90 MPs’ E-mail Accounts Hacked

By Mohit Kumar

uk-houses-of-parliament-emails-hacked

A cyber attack has hit the email system of UK Houses of Parliament on Friday morning that breached at least 90 emails accounts protected by weak passwords belonging to MPs, lawmakers, and other parliamentary staff. Meanwhile, as a precaution, the Security service has temporarily shut down the remote access (outside the Westminster) to its network to protect email accounts.

Liberal Democrat Chris Rennard has advised on Twitter that urgent messages should be sent by text message.

MORE: http://thehackernews.com/2017/06/uk-parliament-emails-hacked.html

 

Personal details of nearly 200 million US citizens exposed

A US flag made out of binary code The personal details and political biases of almost 200 million US citizens have been leaked online.

Sensitive personal details relating to almost 200 million US citizens have been accidentally exposed by a marketing firm contracted by the Republican National Committee.

The 1.1 terabytes of data includes birthdates, home addresses, telephone numbers and political views of nearly 62% of the entire US population.

The data was available on a publicly accessible Amazon cloud server.

Anyone could access the data as long as they had a link to it.

Political biases exposed

The huge cache of data was discovered last week by Chris Vickery, a cyber-risk analyst with security firm UpGuard. The information seems to have been collected from a wide range of sources – from posts on controversial banned threads on the social network Reddit, to committees that raised funds for the Republican Party.

The information was stored in spreadsheets uploaded to a server owned by Deep Root Analytics. It had last been updated in January when President Donald Trump was inaugurated and had been online for an unknown period of time.

MORE: http://www.bbc.com/news/technology-40331215

Posting X-ray photos jeopardize hospital networks

raioX

by Robert Abel

June 13, 2017

While vulnerabilities in medical systems continue to leave patients and their data vulnerable to ransomware attacks, researchers identified a new way patients can put hospital networks at risk.

In addition to the obvious threat of opening oneself to doxing attacks, which could be enabled by disclosing personal information on the forms themselves, researchers warn you could also jeopardize hospital networks by posting X-ray pictures, according to a June 9th blog post.

Even if a user takes the precaution to crop out data, they could unintentionally leave information such as the server name.

“Perhaps the server receiving the image is a local machine that’s air-gapped from the Internet but needs to receive images from multiple machines in an office or hospital,” the report said. “If you are a security professional reading this, we know that this is extremely unlikely.”

This could tip attackers off to potential access points or worse. Photos could also disclose active user account in the program, and other information that could allow an attacker to identify whether or not a server is web facing, if the WHOIS on the web server is public, if the server’s subdomains are enumerated, and the possibility to traverse the subnet of the medical record server.

Researchers recommend users take extra precaution, if they must post the pic at all, to crop out any data to ensure they don’t compromise their own personal information, or that of others.

Beware! This Microsoft PowerPoint Hack Installs Malware Without Requiring Macros

By Mohit Kumar

microsoft-powerpoint-macros-malwareDisable macros and always be extra careful when you manually enable it while opening Microsoft Office Word documents.

You might have heard of above-mentioned security warning multiple times on the Internet as hackers usually leverage this decade old macros-based hacking technique to hack computers through specially crafted Microsoft Office files, particularly Word, attached to spam emails.

But a new social engineering attack has been discovered in the wild, which doesn’t require users to enable macros; instead it executes malware on a targeted system using PowerShell commands embedded inside a PowerPoint (PPT) file.

MORE: http://thehackernews.com/2017/06/microsoft-powerpoint-malware.html

 

UK Healthcare Accounts for 43% of all Breaches

allied-health-careers-uk-us

By  Dan Raywood

01/01/2017

The British healthcare system experienced 2447 incidents and accounted for 43% of all reported incidents between January 2014 and December 2016.

According to data received from the Information Commissioner’s office and analyzed by Egress Software Technologies, the number of incidents rose by 20% compared to the previous time period from 184 incidents in the last quarter of 2014, to 221 in the last quarter of 2016.

“Following the WannaCry exploit, the vulnerability of the healthcare industry, and the critical importance of improving its cybersecurity, has come into sharp focus,” said Tony Pepper, CEO and co-founder of Egress Software Technologies. “While it’s clear there is a security problem in healthcare, these figures show that it is as much about internal activity as external threat.”

The incidents were attributable to: theft or loss of paperwork (24%), data faxed or posted to incorrect recipient (19%), data sent by email to incorrect recipient (9%) and failure to redact data (5%).

More: https://www.infosecurity-magazine.com/news/uk-healthcare-43-breaches/

With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?

By Grant Elliott

Technology alone won’t keep you safe. Fully engaged employees should be your first line of defense.

In 2016, over $18 billion was spent on cybersecurity. It’s estimated that almost a trillion dollars more will be spent over the next five years. Despite this, research shows that the problem is getting worse. Data breaches are at an all-time high, and the fierceness of these attacks has never been greater.

The reason is not that we’re unable to develop smarter, better technologies to secure our data but that we use these technologies in a scattered and siloed approach. Also, we fail to leverage most companies’ greatest asset — their people.

Protecting data has always been a challenge, but there are a number of reasons why it’s becoming harder in the digital age.

MORE: http://www.darkreading.com/application-security/with-billions-spent-on-cybersecurity-why-are-problems-getting-worse/a/d-id/1328896

 

RSA: Quarter of UK Consumers Boycott Breached Firms

mulher-fumaca1

UK / EMEA News Reporter

19 MAY 2017

Over a quarter of UK adults have boycotted companies that mishandled their data, according to new RSA research highlighting plummeting levels of consumer trust as the volume of high profile data breaches rises.

The Dell-owned security firm polled over 2000 UK consumers recently to find out more about their attitudes to the rising tide of breach incidents sweeping the globe and upcoming regulations from Europe.

The findings should represent a wake-up call for many organizations, not least the fact that 28% of consumers have left companies which mishandled their data in favor of more secure rivals.

That stat echoes the findings of a Centrify study earlier this week which revealed that 27% of customers had discontinued their relationship with a company following a breach.

A third (34%) of those polled by RSA claimed to have lost faith in the ability of firms to look after their data, but continue to use them anyway – suggesting they feel powerless to change anything – and over half (57%) said they have no idea how many times their data has been lost.

Read more: https://www.infosecurity-magazine.com/news/rsa-quarter-of-uk-consumers/