Latest News Articles

#######################################################
				
##### CSIRT-IE End of Week Report ####

########################################################


Date : Friday 26-04-2019 10:00 ; Friday 03-05-2019 10:00


=====================================

= News =

=====================================
		
− Over 23 million breached accounts were using ‘123456’ as password

A cyber survey conducted by the United Kingdom’s National Cyber Security
Centre (NCSC) revealed that ‘123456’ is still the most hacked password.
Security experts at the United Kingdom’s National Cyber Security Centre
(NCSC) analysed the 100,000 most-commonly re-occurring breached passwords
using data from Have I Been Pwned (HIBP). 
https://blog.eset.ie/2019/05/01/over-23-million-breached-accounts-used-123456
-as-password/



− Irish data regulator looking into Facebook password gaffe

Data Protection Commissioner to investigate Facebook over password storage.
https://www.irishtimes.com/business/technology/data-protection
-commissioner-to-investigate-facebook-over-password-storage-1.3871585



− Department of Energy: A ‘Cyber Event’ Disrupted the 
  Power Grid in California and Wyoming

On March 5, between 9 a.m. and 7 p.m. in some parts of California, Utah, and
Wyoming, a “cyber event” caused the interruption of energy grid operations, 
according to a Department of Energy report The report is cryptic at best, 
and the Department of Energy has not responded to a request by Motherboard 
for more information about the incident. 
https://motherboard.vice.com/en_us/article/9kxb85/cyber-event-
california-wyoming-utah-dont-panic



− Fingerprint glitch in passports swapped left and right hands

True, we accidentally swapped fingerprints for Danish citizens’ left and right 
hands on their passports, but it probably won’t cause much grief for these 
228,000 people, said the head of Kube Data, which encoded the biometric data 
on the passports’ microprocessors. 
https://nakedsecurity.sophos.com/2019/04/26/fingerprint-glitch-in-
passports-swapped-left-and-right-hands/

 

− FinServ Sees 60% Spike in Business Email Compromise

Identities of at least five employees were weaponized in more than half of 
FinServ orgs, says report. 
https://www.infosecurity-magazine.com:443/news/finserv
-sees-60-spike-in-business-1/
 


− Credit Card Compromise Up 212% as Hackers Eye Financial Sector

Financial services firms saw upticks in credential leaks and credit card 
compromise as cybercriminals go where the money is. 
https://www.darkreading.com/vulnerabilities---threats/credit-card-
compromise-up-212--as-hackers-eye-financial-sector/d/d-id/1334562

 

=====================================

= Vulnerabilities =

=====================================

 

− Oh dear. Huawei enterprise router 'backdoor' was Telnet, 
  sighs Vodafone (The Register)

A claimed "backdoor" in Huawei routers used in the core of Vodafone Italy's 
3G network was, in fact, a routine implementation of The Bloomberg financial 
newswire reported this morning that Vodafone had found 'vulnerabilities going 
back years with equipment supplied by Shenzhen-based Huawei for the carrier’s 
Italian business'. 
https://www.theregister.co.uk/2019/04/30/huawei_enterprise_router_
backdoor_is_telnet/

 

− Piracy streaming apps are stuffed with malware

Researchers have found that hackers are exploiting vulnerable piracy streaming 
devices to steal credit card data or rope them into botnets. 
https://nakedsecurity.sophos.com/2019/04/29/piracy-streaming-apps-are-
stuffed-with-malware/?utm_source=feedburner&utm_medium=feed&utm_campaign
=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29"
 


− Office 365 Accounts Compromised via ATO Attacks Used in BEC Scams

Office 365 accounts are targeted and compromised in takeover attacks (ATO), 
accounts which cybercriminals later use for a variety of nefarious purposes 
ranging from spear-phishing and BEC attacks to malvertising campaigns. 
As explained by Barracuda Networks' researchers in a report published today,
more than 1. 
https://www.bleepingcomputer.com/news/security/office-365-accounts-
compromised-via-ato-attacks-used-in-bec-scams/