Week in review 05 January 2020 - December breaches, worst passwords, Travelex taken offline, IoT security stinks, Iran revenge cyber attacks expected on US
Week in review 05 January 2020 - Round up of the most significant open source stories of the last week, December breaches, worst passwords, Travelex taken offline, IoT security stinks, Iran revenge attacks expected on US
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Welcome to our first blog post of 2020:
List of data breaches and cyber attacks in December 2019 – 627 million records breached
The new year – and new decade – is underway, but before saying goodbye to 2019, ITGovernance had one more monthly round-up to get to.
December saw 90 disclosed data breaches and cyber attacks, with 627,486,696 records being compromised. That’s about a third of the average monthly total, although the number of incidents has climbed steadily throughout the year.
Refer to the original article for the full list of December’s incidents: https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-december-2019
These are officially the worst passwords of 2019
SplashData has released its annual list of the most commonly-used passwords across the world, uncovering that old security habits really do die hard.
The security firm investigated over five million leaked passwords over the past twelve months, and found that many of the most common logins would be easy to guess for even the most incompetent hackers.
In perhaps the most surprising news, "password" has for the first time been knocked out of the top two spots, being replaced by the painfully simple "123456" and "123456789".
SplashData estimates almost 10 percent of people have used at least one of the 25 worst passwords on this year’s list, with nearly three percent using "123456".
Here are the so-called "worst passwords of 2019"
123456
123456789
qwerty
password
1234567
12345678
12345
iloveyou
111111
123123
Read the original article here: https://www.techradar.com/uk/news/these-are-officially-the-worst-passwords-of-2019
Hacks and Breaches of 2019: A Year in Review
SecurityBoulevard have a review of the biggest hacks and breaches from 2019, including Fortnite in January, WhatsApp from May, Facebook from April, Amazon Web Services from July and Zynga from September.
Read the full article here: https://securityboulevard.com/2020/01/hacks-and-breaches-of-2019-a-year-in-review/
US based Company shuts down because of ransomware, leaves 300 without jobs just before holidays
An Arkansas-based telemarketing firm sent home more than 300 employees and told them to find new jobs after IT recovery efforts didn't go according to plan following a ransomware incident that took place at the start of October 2019.
Employees of Sherwood-based telemarketing firm The Heritage Company were notified of the decision just days before Christmas, via a letter sent by the company's CEO.
Speaking with local media, employees said they had no idea the company had even suffered a ransomware attack, and the layoffs were unexpected, catching many off guard.
This shows how devastating ransomware attacks can be on businesses of all sizes.
Read the original article here: https://www.zdnet.com/article/company-shuts-down-because-of-ransomware-leaves-300-without-jobs-just-before-holidays/
Travelex site taken offline after cyber attack
The foreign-currency seller Travelex had to suspend some of its services to protect data since the firm suffered from a ‘software virus attack’ on New Year's Eve.
The company has resorted to carrying out transactions manually, providing foreign-exchange services over the counter in its branches.
A spokesman stated the firm is doing all it can to restore full services as soon as possible
More from the BBC here: https://www.bbc.com/news/business-50977582
After latest hack, experts say smart home security systems stink at securing data
Another day, another smart home camera system security hack, this one affecting the Seattle-based company Wyze. First reported by a Texas-based cybersecurity firm and confirmed by Wyze, the hack is estimated to have affected 2.4 million customers who had their email addresses, the emails of anyone they ever shared camera access with, a list of their cameras, the last time they were on, and much more information exposed. Some customers even had their health data leaked.
Wyze is a home camera system similar to Amazon’s Ring that’s more economical: Wyze’s products are about a third of Amazon’s Ring. Both companies have now experienced at least one kind of major breach — either a hack or a leak — that should raise the eyebrows of anyone considering purchasing this type of home security.
Read the full article here: https://www.digitaltrends.com/news/wyze-data-hack-protection/
Iran 'revenge' could come in the form of cyber-attacks, experts warn
The US assassination of Qassem Suleimani has increased the likelihood of protracted cyber-hostilities between the US and Iran could escalate into true cyberwarfare.
With tensions mounting and Iran threatening “severe revenge” over the killing, concerns have arisen that blowback could come in the form of hacking attacks on critical infrastructure sectors, which include the power grid, healthcare facilities, banks and communications networks.
Iran has invested heavily in its cyber-attack forces since the Stuxnet attack in 2010 – which saw the US and Israel degrade Iran’s nuclear capabilities by means of a computer virus. It has demonstrated its capabilities with attacks on US banks and a small dam, and the US has countered with attacks on an Iranian intelligence group and missile launchers.
There is a danger attacks by Iran against the US spread to other targets in the West and we will continue to monitor any developments.
Read the original article here: https://www.theguardian.com/world/2020/jan/03/iran-cyberattacks-experts-us-suleimani