The Information Commissioner’s Office has found that more local authorities have breached the Data Protection Act, reports The Register. Basingstoke and Deane Borough Council breached the Data Protection Act four times in 2011 and in July 2011, a member of staff at Brighton and Hove council e-mailed personal details about another council employee to 2,821 council workers. 

read the full report here    

Security: TicketWeb investigating online attack 

Ticketing agent TicketWeb says it is investigating an online attack which saw an ‘unauthorised party’ contact their customer database and ask them to click on a software update. According to a BBC News report, TicketWeb says customers’ credit card information was not ‘vulnerable during the attack’. 
Security: Mobile platforms make stealing trade data easier 

read the full report here  

Security: Mobile platforms make stealing trade data easier 
          
What might have once sounded like the behaviour of a paranoid is now standard operating procedure for some smartphone owners, reports The New York Times. It has become easier to steal information remotely because of the Internet, the proliferation of smartphones and the inclination of employees to plug their personal devices into workplace networks and cart proprietary information around. 

read the full report here  

 Security: Anonymous crashes Brazil banking sites 

Hackers in Brazil linked to the Anonymous collective have crashed websites belonging to a raft of the country’s leading banks, including Banco de Brasil and Citigroup. According to a Finextra report, Anonymous Brazil claimed on Twitter that it was targeting the banks with denial of service attacks as part of a crusade against corruption. 

read the full report here  

Security: CIA site taken down in hack attack 

An Anonymous-related Twitter channel has claimed that the group had successfully taken down the CIA’s public-facing website, notes an Information Week report. The CIA website reportedly remained inaccessible several hours after the attack in the face of what appeared to be a distributed denial of service attack. 

read the full report here 

Facebook scammers have started redirecting victims through Amazon’s cloud in order to bypass malicious URL filters. PC World reports that according to F-Secure’s chief research officer, Mikko Hypponen, scammers prefer to redirect users through links on Amazon’s cloud because its domain name and corresponding IP addresses have a high trust rating.

Click here to read the full story

Security: SEC charges hacker with stock manipulation

The US Securities and Exchange Commission has charged a Latvian man, Igors Nagaicevs, with hacking into online brokerage accounts and manipulating stock prices. Finextra reports that according to the SEC complaint, Nagaicevs broke into online accounts of customers at large US broker-dealers and drove stock prices up or down by making purchases or sales.

Click here to read the full story 

Security: Megaupload users warned of data loss  

US prosecutors have warned that Megaupload users could start losing the data they uploaded to the company as early as this week. Megaupload lawyer Ira Rothken is quoted in The Register as saying that at least 50m users had stored data with the company, including family photos and personal documents.

Click here to read the full story  

   Security: Users warned of WordPress hack attacks

Researchers are warning users to be cautious and publishers to watch their blogs following an outbreak of attacks targeting the WordPress publishing platform, notes a v3 report. Security firm M86 Labs said that, designed as an automated kit for infecting systems, Phoenix allows malware distributors to automatically embed exploit code into their sites.

Click here to read the full story 

Security: Android users target of massive Trojan attack

Millions of Android users may have unwittingly installed a Trojan known as Android.Counterclank, notes a v3 report, making it the most widely distributed piece of malware on Google’s smartphone operating system. Symantec explained that a compromised device can have data stolen or be made to carry out certain tasks without permission.

Click here to read the full story 

Cyberattackers have struck Zappos, the Amazon-owned fashion e-retailer, reports BBC News. Zappos said up to 24m names, e-mail addresses and other personal information may have been exposed, but not full credit card numbers. 

Read the full story here

Security: Hackers hit Israeli airline and stock exchange 

The websites of Israel’s national airline, El Al, and the Tel Aviv stock exchange have been disrupted just hours after they were reportedly threatened by a Saudi computer hacker. BBC News reports that the most serious of the recent attacks on Israeli sites saw details of tens of thousands of Israeli credit cards posted online. 

 Read the full story here 

Security: Canadian university reports data breach 

An electronic storage device holding more than 11,000 names, along with social insurance numbers and personal banking information, was taken during a break-in at Canada’s University of Victoria in the first weekend of the new year, notes a Saanich News report. 

 Read the full story here  

Security: New Trojan targeting US Department of Defence 

A new strain of the Sykipot Trojan is been used to compromise the Department of Defence-sanctioned smart cards used to authorise network and building access at many US government agencies. The Register reports that Chinese hackers have adapted the Sykipot Trojan to lift card credentials from compromised systems. 

 Read the full story here 

Security: ICO issues heaviest fine for data breach 

The Information Commissioner is proposing to issue its heaviest ever fine for a breach of UK data protection laws. The Register reports that according to Brighton and Sussex University Hospitals NHS Trust, hard drives containing patient data had been sold on eBay by a contractor it employed to destroy them. 

 Read the full story here          

A computer worm has stolen 45,000 login credentials from Facebook, security experts warn in a BBC News report. According to security firm Seculert, the culprit is a well-known piece of malware – dubbed Ramnit – which has been around since April 2010 and has previously stolen banking details. 

Full report here

Security: Statfor hack also exposes UK and NATO details 

Hackers who breached the systems of strategic intelligence firm Stratfor over Christmas have also exposed the details of British and NATO defence staff, notes a v3 report. The usernames, e-mail addresses and other details of 850,000 customers were posted to Pastebin by the hackers, while more than 70,000 credit card details were also exposed. 
 
Full report here

Security: Symantec confirms anti-virus source code leak 

Symantec has confirmed earlier versions of its anti-virus source code have leaked, following a security breach of what the company said was the network of a ‘third party entity’ rather than their own. The Register reports that the admission follows claims by an Indian hacking group that it had accessed source code used in the company’s flagship Norton anti-virus program. 

Full report here

Security: Bogus LinkedIn investment adviser charged with fraud 

The US Securities and Exchange Commission has charged an investment adviser with trying to sell $500bn worth of fictitious securities on LinkedIn and other social networking sites, reports Finextra. The watchdog claims that Anthony Fields used LinkedIn discussions to promote fictitious ‘bank guarantees’ and ‘medium-term notes’, managing to entice several potential buyers into expressing interest. 

Full report here

Copyright: Anonymous targets Finnish anti-piracy group 

Hacktivist group Anonymous has urged its followers to target Finnish anti-piracy body, the Copyright Information and Anti-Piracy Centre, after it persuaded the Helsinki District Court to force one of the country’s biggest ISPs to block access to The Pirate Bay. According to a v3 report, Internet censorship and the battle between rights holders and file-sharers remains a key focus for Anonymous. 

Full report here

McAfee has painted a gloomy security picture for 2012 in which enterprises and criminals shift to new platforms and tactics for securing and infiltrating networks. According to a v3 report, the company’s 2012 Threat Predictions Report said that attacks on industrial systems and embedded hardware will continue as utility companies increasingly use network-connected systems to control infrastructure. 

Full report here

Security: ‘Vast phishing attack’ against Apple customers 

A ‘vast phishing attack’ that attempts to capture the credit card information of Apple customers was launched on Christmas day. PC World reports that according to a report from Mac security-software company Intego, the attack is an attempt to fool Apple customers into clicking on a link under the guise of updating the billing information of their accounts. 

Full report here   

Security: Researcher finds critical Wi-Fi flaw 

Security researcher Stefan Viehböck has demonstrated a critical flaw in the Wi-Fi Protected standard, reports The Register. Wi-Fi Protected Setup is used to secure access to wireless networks and requires each router to have a unique eight-digit PIN. But the protocol used reports back after the first four digits have been entered, and indicates if they are right, which means they can be attacked separately. 

Full report here               
               

Copyright: Court asked to dismiss claims against Google Books 

Google asked a US Federal Court to dismiss copyright claims against its Google Books project by groups representing authors and photographers, saying the groups could not sue over copyrights they did not own. PC World reports that the Authors Guild and the American Association of Publishers charge that scanning the books without always seeking permission would violate copyrights. 

Full report here

In mid-September, a European hacker broke into the computer network of a US company and grabbed 1400 credit card numbers, reports Businessweek. He then sold them for $3.50 each on his own seller’s site. The Ponemon Institute, which researches data security, estimates that thieves annually steal 8.4m credit card numbers in the US alone.

Full report here

Security: Healthcare breaches top the list

The the second half of the year has been comparably calmer than the first half’s database breaches at RSA, Sony, and Epsilon, the breach numbers continued to roll in – especially at healthcare organisations, which made up a disproportionate number of exposed records, notes an Information Week report.

Full report here

Security: Visa Europe investigates possible data breach

Visa Europe is investigating a possible data breach at an Eastern European payment processor that may have hit thousands of cardholders. Finextra reports that the firm has confirmed it is looking into the problem which appears to have hit a processor serving a merchant chain operating in several Eastern European countries.

Full report here

Security: US banks lose claim over data breach

A US judge has dismissed most claims brought by a group of banks against Heartland Payment Systems over a massive data breach that exposed millions of credit card details in 2007, notes a Finextra report. Heartland revealed in January 2009 that malicious software in its processing system had been found, compromising the card data of 130m people.

Full report here

Security: Experts concerned over Google mobile wallet

Google’s mobile wallet application fails to securely store some personal information on the users’ phone, says security specialist viaForensics. Finextra reports that its initial testing of the app on a rooted handset shows that credit card balances, limits, expiration dates, names on cards, transaction dates and locations are all stored in various SQLite databases in unencrypted form.

Full report here

The European Commission is pushing for the power to fine businesses up to 5% of annual turnover for breaches of privacy rules, according to a draft of the Data Protection Directive. A v3 report notes that documents suggest that the proposals will also impose mandatory notifications for all companies within 24 hours of any data breach, as the institution looks to strengthen citizens’ privacy.

Full v3 report

Copyright: Swiss say personal downloads to remain legal

The Swiss government has ruled that downloading pirated copies of films, music and video games for personal use will remain legal because it is not detrimental to copyright owners, reports The Register. Last year, the Swiss Senate ordered an investigation into the impact downloading may have on society, in case further legislation was required on the matter.

Full report in The Register

Security: Hack attacks strike Russian political sites

A series of alleged hack attacks have struck political sites in Russia during the country’s parliamentary elections, reports BBC News. Radio stations, election monitors and newspapers said they came under sustained attack. The sites’ owners said they were bombarded with data in an attempt to overwhelm their computers and knock them offline.

Full BBC News report

Security: Stolen credit card details ‘donated’ to the poor

Online collective Anonymous has teamed up with hacker group TeaMp0isoN on its latest campaign, OpRobinHood; using stolen credit card details to ‘donate’ to the ‘99%’. Finextra reports that the campaign is presented as an extension of the Occupy movement that will ‘turn the tables on the banks’.

Full Finextra report

Litigation: Apple loses bid to ban Samsung devices in the US

Apple has lost an attempt to have a number of Samsung devices banned from sale in the US. According to a v3 report, this was after a judge ruled against the iPhone manufacturer at a preliminary hearing. Apple’s request for an injunction was based on four alleged infringements covering design and technology.

Full v3 report

What is Cyber Insurance

The dangers online businesses face while they are uninsured ]]> http://www.websiteinsurance.co.uk/our-articles/the-dangers-online-businesses-face-while-they-are/feed/ 0 http://www.websiteinsurance.co.uk/our-articles/website-owners-need-to-get-serious-about-cyber-attacks/ http://www.websiteinsurance.co.uk/our-articles/website-owners-need-to-get-serious-about-cyber-attacks/#comments Sat, 16 Jul 2011 12:04:07 +0000 livi http://www.websiteinsurance.co.uk/?p=719 As if worrying about the economic climate wasn’t enough for website owners, according to a new study, small businesses are expected to be a growing target for cyber-attacks. 

Read the full Article