The year 2021 has just begun, and the cyber adversaries are already strengthening their game. The following headlines from cybersecurity echo the dynamic events associated with the cyber realm:
Ray Of Hope For Victims Of British Airways’ Breach
British Airways underwent two major data breaches in 2018 – one between April and July (which affected 185,000 reward-booking customers) and another between August and September (which affected 380,000 app users). The Information Commissioner’s Office (ICO) had initially imposed a fine of £183m on the airlines, but in October 2020, the penalty was brought down to £20m.
User data compromised in the breaches included the customers’ names, addresses, email addresses, card numbers, expiry dates, and CVVs. However, no passport details were exposed in the breaches. The latest update is that British Airways plans to discuss compensation plans for the breach’s victims in Q1 of 2021.
The airlines realizes that its cybersecurity tools were incompetent to prevent breaches that compromised the PII (personally identifiable information) of thousands of users and therefore wants to settle compensation claims. Victims of the breach must act fast and join the Group Litigation Order (GLO) before 19th March 2021. The average compensation of £6,000 is to be rewarded to each affected customer. And this is apart from those who claim to have experienced financial losses because of this breach.
Chrome Users: Go Update Security Patches!
Security researchers have identified 16 vulnerabilities in Chrome, which are removed by the latest Chrome 87 update. Google has also rewarded the researchers for highlighting security flaws. If exploited, these security flaws would allow attackers to gain complete access to victims’ systems.
While the bugs CVE-2021-21106, CVE-2021-21107, and CVE-2021-21108, are identified as use-after-free issues affecting drag and drop, autofill, and media components, the CVE-2021-21110 and CVE-2021-21109 bugs affect safe browsing and payments, respectively. Google is offering rewards of $20,000 and $15,000 to the security researchers who discovered the vulnerabilities.
Since these vulnerabilities can prove fatal for large and medium businesses, Google advises users to get the Chrome 87.0.4280.141 updates for macOS, Linux, and Windows to ensure they are not prone to any cyberattacks.
Mozilla To Remove The Backspace Key
Some six years after Google had removed the backspace key as a shortcut for the back action, Mozilla Firefox has finally decided to do the same for its browser. Using backspace to go back in a webpage often risks losing data from a typed form. In 2014, acknowledging this cybersecurity issue, Google had disabled the backspace key’s function to go back to a previous page.
While Mozilla had discussed disabling the backspace key back in 2014, it is only now that the change has been implemented. However, users who still wish to have the backspace key enabled can do so by configuring and changing the browser.backspace_action preference to 0.
Singapore Government Officials Impersonated in Bank-Related Phishing Scam
Bank-related scams have increased significantly in Singapore over the last year – the number of reported cases rising from 34 in Q1 & Q2 of 2019 to 900 in the same period in 2020. These scams involve the adversaries impersonating the Singapore government officials and asking victims to verify their details to rectify a fake account error. Victims who fell for the scam lost over $3.6 million to unauthorized account transactions.
Hence, the police are advising people to adopt the following cybersecurity and email security measures:
- Ignore calls that ask for banking or personal details.
- Calls with unknown international numbers (as hackers often mask their phone numbers).
- Do not reveal personal or banking details and OTPs over the phone to anyone.
- Report suspicious calls or those seeming like bank-related phishing scams to the police hotline on 1800-255-0000.
Six Attackers Sentenced In Cuba For Credit Card Skimming
Over $5,000,000 have been stolen by a group of adversaries in the last couple of years through credit card skimming attacks. But the good thing is that cybersecurity laws are strengthening, and the Cuban jurisdiction has recently sentenced six Cuban nationals to prison. These include the crew leader Yasmani Granja Quijada, Jorge Bello Fuentes, Luis Miguel Fernandez, Guillermo Bello Fuentes, Yariel Monsibaez Ruiz, and Pedro Emilio Duran.
The defendants were guilty of placing skimming devices on gas pumps in Northampton County. All customers who used their payment cards in these gas pumps had their credit and debit card numbers and ATM PINs compromised. The adversaries then used these cards to purchase prepaid gift cards, expensive vehicles, and other items. The crew leader Granja Quijada was found guilty of selling more than 9,800 credit card numbers to date. The culprits have been given varying prison sentences, with the highest being 120 months and the lowest – 19 months.
Get Ready For The ‘Hack The Army 3.0’ Bug Bounty Program
The Defense Digital Service (DDS) department of the U.S. government has been launching bug bounty programs since 2016. These bug bounty programs reward white-hat hackers for identifying vulnerabilities in the government systems, and millions of dollars have been awarded to participants since the first program. The latest program to make it to the headlines is ‘Hack the Army 3.0’, taking place from 6th January to 17th February. The U.S government and HackerOne have organized the bug bounty program.
Although the program is open to military and civilian white hat hackers, only civilians shall receive rewards on identifying vulnerabilities accurately. The last ‘Hack the Army’ program run by the DDS between October and November 2019 saw over $275,000 being paid as rewards for more than 146 vulnerabilities. $290,000 was paid out in rewards by the Pentagon in 2020 for over 400 vulnerabilities in the Hack the Air Force 4.0 program. Such programs create a healthy cybersecurity milieu and promote other crucial aspects of cyber hygiene, such as the importance of adopting email security services!