Cyber security news round up

Our latest cyber security round-up covers news of a massive cyber-attack on British Airways and findings from a survey that esuggests only half of UK companies have secured critical data.

British Airways falls victim to major cyber-attack

British Airways has been subjected to a ‘sophisticated’ cyber-attack on its website that affected some 380,000 customer transactions.

The airline has warned that personal and financial details of customers were compromised during the attack between 21 August and 5 September.

BA has contacted customers whose details are believed to have been stolen.

Security researchers have suggested that the attack, which involved planting malicious code in BA’s website, bares strong resemblance to the ‘Magecart’ skimming attack launched against Ticketmaster over the summer.

RiskIQ, which compiled a report on the Ticketmaster breach in July, had warned that the attack on the ticket seller was “just the tip of the inceberg” and that up to 800 e-commerce websites could be targeted.

Only half of UK firms securing critical info

A report from NTT security has found that half of UK firms are failing to secure critical data.

NTT Security interviewed 1,800 global business decisionmakers to understand their position on cybersecurity.

It concluded that many organisations are “still making the same mistakes” by failing to address cyber security awareness and preparedness.

Of the UK firms quizzed, a fifth (21%) said they would rather pay off a ransom to a hacker than invest in IT security, believing this would help them cut costs.

It also indicated an “over-confidence” about cyber security, with 41% claiming their organisation had never been affected by a data breach and 31% believing such a breach would never happen.

Despite this, there was a general consensus amongst respondents that cyber security should be regularly discussed, with 84% saying the topic should appear regularly on board agendas.

“Some organisations in the UK are taking a long-term, proactive stance, but there are signs that many are still prepared to take a short-term, reactive approach to security in order to drive down costs,” NTT said.

“In cyber security as in medicine, prevention is better than cure. NTT Security advises companies to follow both the spirit and the letter of regulatory guidelines, paying attention to how they evaluate risk and prepare for the time when hackers come calling.”

Trend Micro booted from Mac app store

A number of anti-virus tools from Trend Micro are reported to have been removed from Apple’s app store for Mac after leaking users’ browsing habits.

According to the Register, the Dr Cleaner, Dr Antivirus and App Uninstall apps are no longer available to download for Mac users after Apple was alerted to the issue.

It was discovered that the three apps, developed by security software firm Trend Micro, were collecting users’ browsing history and other personal info and then sending it to an internet server in a password-protected format.

Trend claimed that this feature was intended as a one-time “small snapshot of the browser history…done for security purposes”. It denied allegations that it was “stealing user data and sending it to an unidentified server in China”

It added that it has since removed the “browser history collection capability”.

Google patches Wi-Fi jacking vulnerability in Chrome

Google has issued a security patch for its Chrome web browser, after discovering a flaw that allowed potential hackers to steal Wi-Fi logins.

The vulnerability was discovered by a researcher from cloud security firm SureCloud and affects the feature that allows Chrome users to auto-fill username and password fields.

The flaw, which also affects the Opera browsers (which is built on Google’s open-source Chromium platform), enabled hackers to disconnect nearby Wi-Fi users from their networks and then trick them into connecting to a malicious one set up by the hacker.

By creating a portal page that resembles the user’s home router, the hacker is able to set the URL of the page to that of the user’s router, which will automatically be populated with their login details – provided this feature has been enabled within Chrome.

SureCloud noted that the attack only worked if the target network’s router admin interface was unencrypted.