This Week in Cyber Security News, Aug 29 - Sept 4, 2018

This Week in Cyber Security News, Aug 29 – Sept 4, 2018

Cyber Security News highlights this week

  • Air Canada suffered a data breach on 29th Aug that affected about 20,000 customers of its 1.7 million mobile app users.
  • The Central Bank of Spain was hit by a DDoS attack that lasted for more than 2 days.
  • Card-Skimming Malware Campaign Hits dozens of e-commerce sites daily.
  • Researchers identified a vulnerability in Android OS which can expose the user’s data via Wi-Fi
  • Spyware Firm Family “Orbit App” Exposed several terabytes of user data.
  • A new Hakai IoT botnet exploited D-Link Huawei, and Realtek routers supporting the HNAP protocol.

In-Short Overview:

Air Canada had detected unusual log-in behaviour between August 22 and 24, during which the personal information for some of its customers “may potentially have been improperly accessed”. On August 29, Air Canada confirmed that it suffered from a data breach that may have affected about 20,000 customers of its 1.7 million mobile app users.

Read More: Air Canada suffered from a data breach (Global News, Aug 29, 2018)

The Central Bank of Spain’s website was hit by a DDoS attack last Sunday (Aug 26, 2018). Users were temporarily disrupted access to the site but it didn’t affect the normal functioning of the entity, a spokesman for the central bank said on Monday (Aug 27, 2018).

Read More: Central Bank of Spain’s website hit by DDoS attack (Bank Info Security, Aug 29, 2018)

More than 7,000 e-commerce sites in the past six months have been infected by a card-skimming malware campaign. Online card-skimming software that communicates with a domain hosted in Moscow, Magento core [dot] net, is being used to infect between 50 to 60 e-commerce sites a day.

Read More: Online Card-Skimming Software Hits 50 to 60 e-commerce sites daily (Bank Info Security, September 3, 2018)

Cyber Security researchers identified a vulnerability in Android OS which is about sensitive data exposure via Wi-Fi. An “API-breaking” vulnerability has been uncovered that potentially exposes Android device systems data to rogue apps – information that could be very useful to bad actors.

Read More: Android OS vulnerability exposes users’ sensitive information via Wi-Fi (CRN, September 3, 2018)

Spyware is exposed to hackers and is not protected from vulnerabilities. A spyware firm family orbit app exposed a huge chunk of customers’ data online. This time, it is the parental control app Family Orbit that allegedly left 281 gigabytes of data on the ill-secured server.

Read More: Spyware firm family orbit exposed 281 Gigabytes of data online(HackRead, September 1, 2018)

A new IoT botnet is now making its presence felt online, popping up on more and more Security researchers’ radars in the past two weeks.

Read More: A new Hakai IoT botnet exploited D-Link Huawei, and Realtek routers (ZDNet, September 3, 2018)