Cyber security news round up
- 14 September 2018

Our latest cyber security round-up covers news of a massive cyber-attack on British Airways and findings from a survey that esuggests only half of UK companies have secured critical data.
British Airways falls victim to major cyber-attack
British Airways has been subjected to a āsophisticatedā cyber-attack on its website that affected some 380,000 customer transactions.
The airline has warned that personal and financial details of customers were compromised during the attack between 21 August and 5 September.
BA has contacted customers whose details are believed to have been stolen.
Security researchers have suggested that the attack, which involved planting malicious code in BAās website, bares strong resemblance to the āMagecartā skimming attack launched against Ticketmaster over the summer.
RiskIQ, which compiled a report on the Ticketmaster breach in July, had warned that the attack on the ticket seller was ājust the tip of the incebergā and that up to 800 e-commerce websites could be targeted.
Only half of UK firms securing critical info
A report from NTT security has found that half of UK firms are failing to secure critical data.
NTT Security interviewed 1,800 global business decisionmakers to understand their position on cybersecurity.
It concluded that many organisations are āstill making the same mistakesā by failing to address cyber security awareness and preparedness.
Of the UK firms quizzed, a fifth (21%) said they would rather pay off a ransom to a hacker than invest in IT security, believing this would help them cut costs.
It also indicated an āover-confidenceā about cyber security, with 41% claiming their organisation had never been affected by a data breach and 31% believing such a breach would never happen.
Despite this, there was a general consensus amongst respondents that cyber security should be regularly discussed, with 84% saying the topic should appear regularly on board agendas.
āSome organisations in the UK are taking a long-term, proactive stance, but there are signs that many are still prepared to take a short-term, reactive approach to security in order to drive down costs,ā NTT said.
āIn cyber security as in medicine, prevention is better than cure. NTT Security advises companies to follow both the spirit and the letter of regulatory guidelines, paying attention to how they evaluate risk and prepare for the time when hackers come calling.ā
Trend Micro booted from Mac app store
A number of anti-virus tools from Trend Micro are reported to have been removed from Appleās app store for Mac after leaking usersā browsing habits.
According to the Register, the Dr Cleaner, Dr Antivirus and App Uninstall apps are no longer available to download for Mac users after Apple was alerted to the issue.
It was discovered that the three apps, developed by security software firm Trend Micro, were collecting users’ browsing history and other personal info and then sending it to an internet server in a password-protected format.
Trend claimed that this feature was intended as a one-time āsmall snapshot of the browser historyā¦done for security purposesā. It denied allegations that it was āstealing user data and sending it to an unidentified server in Chinaā
It added that it has since removed the ābrowser history collection capabilityā.
Google patches Wi-Fi jacking vulnerability in Chrome
Google has issued a security patch for its Chrome web browser, after discovering a flaw that allowed potential hackers to steal Wi-Fi logins.
The vulnerability was discovered by a researcher from cloud security firm SureCloud and affects the feature that allows Chrome users to auto-fill username and password fields.
The flaw, which also affects the Opera browsers (which is built on Googleās open-source Chromium platform), enabled hackers to disconnect nearby Wi-Fi users from their networks and then trick them into connecting to a malicious one set up by the hacker.
By creating a portal page that resembles the userās home router, the hacker is able to set the URL of the page to that of the userās router, which will automatically be populated with their login details – provided this feature has been enabled within Chrome.
SureCloud noted that the attack only worked if the target networkās router admin interface was unencrypted.
1 Comments
Hello, love to read your article and get so much information through your blog and learn new things. You write very well, am amazed by your blogging, you will definitely achieve success.
For Latest Jobs Updates. ts epass
Comments are closed.