Cyberattacks continue to infiltrate systems because our email security measures are still not robust enough in comparison to the malicious tactics deployed by the adversaries. Hence there is a need to understand current cyber-attack trends and adopt the right cybersecurity tools. Here are the latest security headlines from this week to keep you abreast of various cyber happenings worldwide.
Brazil Introduces A Cyberattack Response Network
Brazil has initiated a cyberattack response network to address the cybersecurity concerns of its citizens, wherein federal government bodies will coordinate to respond faster to cyber threats.
This news comes after Brazil has improved its ranking in the latest Global Cyber Security Index by the United Nations from the 70th rank in 2018 to the 18th rank in 2021. Creating a cyberattack response network would enable the Brazilian federal government to strengthen its position against threat actors.
The Federal Cyber Incident Management Network was created on 16th July through a presidential decree and encompassed the entities under the federal governing administration, the Institutional Security Office of the presidency, and mixed capital companies. The Digital Government Secretariat (DGS) will play a strategic role in the network formation. The Information Security Department will coordinate it through the Center for Prevention, Treatment, and Response to Cybersecurity Incidents. The Brazilian government considers this a measure in line with the transforming digital technologies and the vulnerabilities involved in today’s times.
Google Play Protect May Not Be The Best Malware Detection System For You
If you rely on Android’s built-in malware defense system – Google Play Protect, you probably need to reconsider your choice. Of the 20,000 malicious apps that Google Play Protect was supposed to detect in a real-world malware test conducted by AV-TEST, Google’s malware defense system could detect only two-thirds! This isn’t surprising because even last year, Google Play Protect did miserably in a test of six points in Android protection tests (scoring zero out of six).
Google’s Android mobile threat protection has been in operation since July 2017 and is currently active on more than 2.5 billion Android devices. The AV-TEST results indicate that Google Play Protect ranked last among the 15 Android security apps tested from January to June 2021. The test concluded that Google’s malware detection system doesn’t provide good security and almost every other security app outperforms it.
The application could not detect malicious apps accurately; it even marked 10,000 harmless apps as potentially malicious. Hence, AV-TEST recommends Android users install an external malware detection application to ensure ransomware protection.
RandoriSec Detects Vulnerabilities In UDP Technology
Researchers at the cybersecurity firm RandoriSec discovered that IP cameras offered by several vendors are vulnerable to remote attacks. This is because of critical and high-severity flaws in the South Korean company UDP Technology products, which provides digital video solutions for IP surveillance industries.
RandoriSec notified users about the vulnerabilities associated with UDP Technology via a blog post. Soon after, the US Cybersecurity and Infrastructure Security Agency also published an advisory warning people of the risks. The cybersecurity firm discovered one authentication bypass issue and 11 remote code execution flaws using which threat actors can quickly gain access over targeted cameras.
The vulnerabilities were initially detected in the IP cameras offered by the German provider Geutebrück (which uses UDP Technology). Still, RandoriSec is confident that the loopholes exist in IP cameras of other vendors using UDP firmware as well. These include Sprinx Technologies, Ganz, TripCorps, Visualint, THRIVE Intelligence, Cap, VCA, Sophus, etc. Most of the exposed devices were detected in the United Kingdom and the United States.
RandoriSec further mentioned that though UDP Technology didn’t comment on the vulnerabilities after being notified, it quickly released patches. Geutebruck has already made the patches available for users, and we can only hope that the rest of the vendors are doing the same!
India Undergoes Over Half A Million Cyberattacks In Just 6 Months
Rajeev Chandrasekhar – the Indian Minister of State for Electronics and IT, recently informed the parliament that there had been over 600,000 cybersecurity incidents in the country in the last six months, a number almost double that in 2019. Consequently, the Indian Computer Emergency Response Team (CERT-In) has been instructed to monitor the cybersecurity incidents in the country.
The Indian government has adopted several cyber protection measures, including the circulation of advisories on the latest attack trends by CERT-In. A National Cyber Security Strategy 2021 (NCSS2021) has also been drafted, along with the allocation of funds worth INR 416 crore (About $53 million) for strengthening cybersecurity in the country (for 2021-22).
Tokyo Olympics Commentator Discloses Booth Password On Air
Another cybersecurity incident associated with the Tokyo Olympics that has gone viral on Twitter is an Italian TV announcer’s disclosure of this computer password on air. The announcer didn’t realize that he was still on air when he asked for a password for his computer to a colleague and cracked internal jokes about it.
While broadcasting the Turkey-China volleyball game, the commentator asked his colleague: do you know the password for the computer in this commentator booth? His colleague responded by saying that the password depends on the Olympics organizers and asked the announcer if he had it.
An associate professor of cybersecurity at the Polytechnic University of Milan – Stefano Zanero, uploaded a video of this conversation on Twitter where the commentator eventually discloses the booth password. The password was Booth.03, and once again, he mocks the password calling it desperate to be complicated (use of the dot) and says the organizers might use a semicolon the next time. Although this password leak would not have been useful to many, its public announcement is still embarrassing, especially in an event with global significance!
Beware Of Fake Windows 11 Updates
Scammers are exploiting the global discussions on the launch of Windows 11 and spreading bogus versions of the same. The fake Windows 11 version looks just like an actual MS Windows installer file, but instead of Windows 11, it installs malware on the victim’s device.
Cybersecurity firm Kaspersky has already blocked hundreds of such infection attempts. Since this hype for Windows 11 is likely to remain until it is finally launched, users are advised to visit the official Microsoft website for updates instead of downloading random installations from third-party websites.