In this week’s data privacy news summary…
A 19 year old man living in Bognor Regis, on the UK south coast, is one of three individuals charged over the recent major Twitter hack, according to the US Department of Justice. Californian authorities filed felony charges against Mason Sheppard.
The UK’s National Crime Agency (NCA) confirmed it had searched a property in Bognor Regis with police on Friday.
A teenager in Tampa and Nima Fazeli, 22, of Orlando, were also charged in Florida.
US Attorney David L Anderson said the arrests proved “nefarious hacking… for fun or profit” did not pay off.
Twitter accounts of multiple high-profile US figures were hijacked in an apparent Bitcoin scam on 15 July.
They included former President Barack Obama, Amazon boss Jeff Bezos, entrepreneur Elon Musk, Microsoft founder Bill Gates, Democratic presidential hopeful Joe Biden and reality star Kim Kardashian West, who all falsely tweeted out requests for Bitcoin donations.
In his statement, US Attorney Anderson said:
There is a false belief within the criminal hacker community that attacks like the Twitter hack can be perpetrated anonymously and without consequence.
Source & full story: BBC News
IBM Security report shows breaches cost companies $188 per lost or stolen record on average in Saudi Arabia and UAE.
The average cost per data breach incident in the Middle East is higher than the global average and it is the second-highest after the US, according to a new study.
Sponsored by IBM Security and conducted by the Ponemon Institute in 17 countries between August 2019 and April 2020, the 2020 Cost of a Data Breach Report states that the average cost per data breach in the US stands at $8.64m, followed by the Middle East at $6.52m and Canada at $4.50m.
In 2019, the average cost was $5.97m in the Middle East. The global average cost per breach is $3.86m.
In contrast, Latin American and Brazilian organisations had the lowest average total cost at $1.68m and $1.12m, respectively.
Source & full story: TechRadar
Advanced persistent threat (APT) groups or state-sponsored hackers have diversified their cyberattack methods in the second quarter of this year despite continuing to exploit the Covid-19 pandemic as a theme to lure potential victims.
Like other attackers, APT groups try to steal data, disrupt operations or destroy infrastructure. Unlike most cybercriminals, APT attackers pursue their objectives over months or years. They adapt to cyber defences and frequently retarget the same victim.
While Southeast Asia continues to be an active region for APT activities, Kaspersky has also observed heavy activity by Chinese-speaking groups in the second quarter, including ShadowPad, HoneyMyte, CactusPete, CloudComputating and SixLittleMonkeys.
The US government, two days ago, released information on a malware variant used by Chinese government-sponsored hackers in cyber espionage campaigns targeting governments, corporations and think tanks.
Source & full story: TechTelegraph
Twitter has urged all Android users to update to the latest version of its app due to a security issue that could allow people access to users’ direct messages.
In a blog post, Twitter said that attackers could work “around Android system permissions” to gain access to a users’ account.
This only affects Android OS 8 and 9 – known as Android Oreo and Android Pie, respectively. The current Android operating system is Android 10, with Android 11 launching imminently.
This is seemingly by using external apps which could access Twitter in-app data by adding extra safety precautions beyond those that are standard in the operating system.
Twitter has said the new update will now forbid such practises.
This news comes as Twitter is reeling off one of the most dangerous hacks in its history, as the accounts of many prominent figures including Bill Gates, Joe Biden, Kanye West, Jeff Bezos and others were hacked to promote a Bitcoin cryptocurrency scam.
Source & full story: Independent
Foreign exchange firm Travelex has struck a deal to stay afloat, but with the loss of more than 1,300 jobs in the UK. Administrators PwC said a cyber-attack followed by the Covid-19 crisis had “acutely” hit the firm.
Travelex was held to ransom by hackers in January after the cyber-attack forced it to turn off its systems.
PwC said that a so-called “pre-pack” administration deal had been reached which had saved 1,800 UK Travelex jobs.
This is where a firm sells all or some of its assets to a pre-determined buyer and appoints administrators to do so.
PwC said parts of the firm had been bought by a newly created company controlled by its lenders.
That includes the parts that deal with supermarkets and large corporate and banking customers, and some of its airport business.
However, the High Street shops and airport branches that were closed during lockdown will not reopen.
It said the deal had delivered £84m of new money and substantially reduced the business’s debts.
Source & full story: BBC News