ICYMI: Home IoT; £40 bn attack bill; Bupa leak; malware duo; Dow Jones

News by SC Staff

In Case You Missed It: IoT home vulnerability; Cyber attacks cost £40 bn; Bupa insider data leak; dual malware vectors; Dow Jones data at risk

Multiple vulnerabilities found in connected IoT home security device

Security researchers have discovered various vulnerabilities in an internet-enabled burglar alarm that could see the device being remotely switched off by an attacker. According to a blog post, Ilia Shnaidman, head of security research at Bullguard, said that the discovery of multiple flaws in iSmartAlarm is another example of a poorly engineered device that offers attackers an easy target.

The device, said Shnaidman, has flaws that can lead to full device compromise. The cube-shaped iSmartAlarm provides a fully integrated alarm system with siren, smart cameras and locks. It functions like any alarm system but with the benefits of a connected device: alerts pop up on your phone, offering you full remote control via mobile app wherever you are. More ...


Lloyd's of London: Major global cyber-attacks could cost £40 billion

Lloyd's of London has predicted that a global cyber-attack could end up costing anywhere between US$4.6 billion to US$53 billion (£3.5 billion to £40.5 billion). Such an international catastrophe could put major cyber-attacks on a par with natural disasters like Hurricane Sandy, the insurer said on Monday.

The figure comes as insurers struggle to put concrete currency to this new kind of threat. Cyber-attacks can often puzzle insurers, even as they face a massive growth in demand for the nascent field of cyber-insurance. Cyber-attacks being a relatively new phenomenon, insurers are often deprived of the actuarial data which would be so plentiful in other fields.  More...


Insider at healthcare giant BUPA Global leaks 547,000 customer records

The UK's largest private health insurer BUPA has been breached, potentially exposing the data of over half a million customers. An insider is believed to have been at fault in leaking the records of 547,000 BUPA Global customers. Of those accounts, 43,000 are believed to be located in the UK.

Sheldon Kenton, managing director of BUPA Global, wrote to customers to say “some of your policy information has been inappropriately copied and removed from one of our systems by an employee who has subsequently been dismissed”. Information exposed included names, email addresses, dates of birth and phone numbers but, said Kenton, no financial or medical data. More ...

Evil twins NemucodAES and Kovter spreading in joint malware campaign

Two types of malware, NemucodAES and Kovter, have been bundled together by hackers in email attachments and sent to victims via a spam campaign, according to a security researcher.

Brad Duncan, writing on the Sans ISC InfoSec Forums blog, said that over the last two weeks he had noticed a significant increase in malicious spam (malspam) with attached zip archives disguised as delivery notices from the United Parcel Service (UPS). These zip archives contain JavaScript files designed to download and install NemucodAES ransomware and Kovter malware on a victim's Windows computer. More ...

Dow Jones leaves 2m customer records hanging out on unsecured AWS repo

Dow Jones, the US publishing and financial information company, has joined a long list of companies which have left a customer database viewable by anyone on the web. Prolific database-finder Chris Vickery said in a blog post that various internal databases had been left unsecured on an AWS S3 server. A total of 2.2 million customers are believed to be affected by the cloud security blunder.

Dow Jones has confirmed the breach. SC understands that Dow Jones considers the incident to be a storm in a teacup and not serious enough to warrant a customer announcement.

 More ...

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews