Here is a weekly roundup of all that is happening in security, globally:
Attacks on smart homes, enterprises and control systems increase by 46%
Subex, the digital technology provider reported the detection of a 46% increase in attacks on enterprises, smart homes, and control systems that are connected to sensitive infrastructure while the cyber
US Defense warns of 3 new malwares used by North Korean hackers
The US government released three new malware strains namely, COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH being sued by state-sponsored North Korean hackers. This malware is the recent addition to other malware samples that have been identified by security agencies to originate from a series of malicious cyber activity by the government of North Korea. This series is commonly known as the moniker Lazarus Group.
EasyJet reveals a cyber-attack on nine million clients
British Airline’s EasyJet suffered a ‘sophisticated’ cyberattack that uncovered the names and travel details of around nine million customers. EasyJet still has not specified when the attack took place. Although, it suggests that they took immediate actions to respond and manage the incident. The security breach will be investigated further by forensic experts. They will soon be contacting the affected customers in the coming days. Additionally, it shut down the area where unauthorized access to the data was obtained.
New Bluetooth vulnerability exposes billions of devices to hackers
EPFL has disclosed a security vulnerability in Bluetooth. This can allow an attacker to spoof a remotely paired device. Such activity could expose billions of cellular devices across the globe to hackers. The devices which were not updated since December 2019 can be affected by this attack which has been dubbed Bluetooth Impersonation AttackS or BIAS. The findings responsibly disclosed to the Bluetooth Special Interest Group, the organization that oversees the development of Bluetooth standards.
Reactive security no longer works: Crowdstrike CTO
Crowdstrike suggests that having next-generation firewalls and other security measures like VPNs and MFAs in place may still not be enough to prevent organizations from ransomware attacks. The firm identifies attacks targeting the World Health Organization, US centers for disease control and prevention, the US department of health and human services, etc. It seems to be a part of the attackers’ strategy to lure health organizations. The attackers are increasingly looking to prey not only on people’s fears but also on their desire to get information on Covid-19.