Archived News Articles
Scroll down for the latest news and views relevant to the cyber security world.
In an ever evolving security landscape Pelion Consulting takes the latest relevant news and compiles the best bits here.
Another day, another large company, another Ransomware attack....
Big Norwegian Aluminum Producer Suffers Extensive Cyber Attack. Company says attack originated in U.S.; some plants halted.
Norsk Hydro ASA, one of the world’s biggest aluminum producers, suffered production outages after a cyber attack affected operations across Europe and the U.S.
A recent spate of phishing attacks trying to blackmail people into paying extortion fees to an annonymous address using the untraceable cryptocurrency Bitcoin ( a type of money using numbers rather than printed paper or minted coins ) have been circulating. The nature of these phishing emails can be quite disturbing as they invoke fear, uncertainty and doubt (FUD). How can you report this when it suggests you have been involved in abhorent activities? If you tell someone, will they believe you? When mud can stick, who can you trust to know you?
They claim to have so much information on you. With fake news abounding, it would be feasible to actually create content that could make you look guilty even if not.
So how can you protect yourself?
Firstly, don't panic and NEVER respond to the email or send money. As soon as you do, they know they have found a live person who is willing to respond. You will become a target for more attempts to extort money.
Delete the email. You don't want it hanging around where it could play on your mind, or someone else find it and wonder what is going on.
Decide if you want to report it. Googling your local law enforcement should provide an address to which you can report it. If you would prefer, you can forward the email to Pelion and we can advise on a course of action.
Children's smartwatch recalled over data fears
The European Commission has ordered the recall of a children's smartwatch because it leaves them open to being contacted and located by attackers. In its recall alert, the Commission said the Enox Safe-Kid-One device posed a "serious" risk. Data sent to and from the watch was unencrypted allowing data to be easily taken and changed, it said. Enox said the decision was "excessive" and added that it had appealed against the ruling. The recall is believed to be the first issued because a product does not protect user data.
Hackers Dump Data on Merkel, Politicians in Giant German Leak - Phished!
We know the EU and inparticular Germany take the protection of their personal information very seriously, so imagine their shock to find their personal data dumped on hacker websites!
According to Bloomberg News, Email addresses, mobile phone numbers, and personal chat transcripts, where released via Twitter by "G0d" from Hamburg. "G0d" described as “security researching,” “artist” and “satire & irony.” organized what appears to be the biggest ever data leak on German politicians, media personalities and YouTube stars.
Hot Tub PWN machine
An app on your phone allows you to warm up, start the jets and basically set it up your way so when you get to the tub, all you have to do, is get in. However as the app has no username or password, all you need is the address of the card in the tub and you have full control. These addresses are all to easy to find on hacker sites like #pastebin. Enjoy the video
Meet Cayla; the interactive doll... or is she a spy?
Imagine if you would, a child with this toy being instructed to hide it in the boardroom and retrieve it tomorrow in reward for a new song to be played. Just one of the possible scenarios where toys can be turned into the tools of hackers. Rememeber anything connected with a camera, microphone or speakers can be used in ways that the manufacturer did not intend. These are cheap IoT devices and security is often a cost factor that outweighs what they preceive as the risk. You may think different.
Malware & Cyber Espionage Predictions for 2019
WatchGuard Technologies’ information security predictions for 2019 include the emergence of vaporworms, a new breed of fileless malware with wormlike properties to self-propagate through vulnerable systems, along with a takedown of the internet itself and ransomware targeting utilities and industrial control systems.
Cyber attack cost Maersk $300 million
Maersk were lucky to be able to recover their entire systems authentication data from ONE server that happened to be offline due to a power outage. Without this, they may never have recovered. In the end, they managed to ship the server to a data center from where they recoverd 4000 servers and 45000 workstations.
Don't be "collateral damage" in the ransomeware wars. They are indiscriminate, hitting any soft target just as that which hit the NHS in the UK.
Cyber crime the biggest threat to superyacht security!
Newer superyachts use a Controller Area Network (CAN) Bus to connect on-board systems, from navigation to engines and control systems, making this the prime target of remote attacks. To magnify this weakness, the control systems such as Systems and Supervisory Control and Data Acquisition SCADA were developed without consideration for security, which lead to serious compromises such as the destruction of centifuges in Iran's nuclear program. Talk with us today to learn more.
Why be a pirate when you can be a hacker?
With more and more superyachts now having WiFi internet everywhere, pirates are moving from the very risky direct attacks to the easier route of cyber crime. One yacht owner suffered a loss of $150,000 from one such attack, whilst others have been blakmailed after photos taken onboard were stolen remotely. Tracking yachts via sites such as Marine Traffic, https://www.marinetraffic.com/en/ais/home/centerx:-12.0/centery:25.0/zoom:4enables to wardrive by rich targets to see what they can sniff on the WiFi,