Online Security News Recap: April

internet-security-vpnWith so much happening in the world of online security and cybercrime, we’ll give a quick summary of some major news stories happening across the world in April 2019. Despite the fact that security fatigue is, unfortunately, a common occurrence for many Internet users nowadays, it’s actually imperative that everyone is aware of the practices used by cybercriminals, such as phishing, ransomware, and even malvertising. Understanding how to recognize and remove malware can give you a real advantage in combating hackers.

NBA team’s store hit with malware

The Atlanta Hawks basketball team didn’t have too much to celebrate on the court in this past season, but its merchandise store was also an absolute shocker. Lead forensic analyst at Sanguine Security, Willem de Groot, spotted that the team’s online store was infected with malware designed to steal card information. Though not the only online store to suffer a recent malware attack, it’s still a bad look that thousands of customers could have had their payment details taken from them. Using a program designed to spot malware across the web, de Groot saw the malicious software and contacted the Atlanta Hawks straight away.

“The frequency of hacked stores has gone down somewhat. However, the volume of stolen transactions apparently has gone up,” said de Groot. “They seem to have shifted from hacking many small stores to manual breaches of larger, more profitable targets.” The online store is now clean from malware, according to a recent update by the NBA team.

Ethical hackers easily get past dozens of universities’ online defenses

Ethical hacking, otherwise known as penetration testing, is a very common practice in this day and age for businesses, organizations, and schools and universities to ensure their cyber security is strong. Jisc, one such company which provides ethical hacking services, recently tested the defenses of over 50 universities across the UK. It quickly became apparent that not a single university had decent resistance in place, as each one’s online defenses were quickly bypassed within a few hours. This means that, should an unethical hacker have attempted the breach, they could have easily gained access to student and staff personal data, financial systems, and research databases.

“Cyber-attacks are becoming more sophisticated and prevalent and universities can’t afford to stand still in the face of this constantly evolving threat,” said John Chapman, head of Jisc’s security operations center. “We are not confident that all UK universities are equipped with adequate cyber-security knowledge, skills, and investment”.

Hacker admits his masterplan to control vehicles

In a stunning revelation, a hacker going by the name of L&M has detailed his exploits of breaking the defenses of two vehicle-monitoring apps, iTrack and ProTrack, which are often used by businesses to track their fleet of automobiles. L&M said that he could gain access to 27,000+ accounts because users were given a default password of ‘123456’ and often didn’t bother to change this. As well as access the private information of the drivers, the hacker could tell exactly where each vehicle was and even turn off the engines remotely.

“I can absolutely make a big traffic problem all over the world,” L&M explained. “I have control of thousands of vehicles, and by one touch, I can stop these vehicles [sic] engines.” Though the hacker didn’t want any money from the customers, he did ask for a ransom from the two companies for pointing out the mistake.