Weekly cyber news update
October is European Cyber Security Month, where special attention is given to raise awareness of the online risks we are exposed to everyday. from dodgy apps on Android, Talk Talk waving goodbye to old email services, a company finds out about a breach 3 years later and some prying eyes on web conference facilities.
Welcome to European Cyber Security Month:
The EU’s annual awareness campaign that takes place in October across Europe. The aim is to raise awareness of cybersecurity threats, promote cybersecurity among citizens and organisations; and provide resources to protect europeans online, through education and sharing of good practices. This is supported by the European Commission and ENISA - The European Agency for Cyber Security.
App flaws
The Register has reported a Google warning about some popular Android device's following the release of an exploit for an unpatched flaw.
A post (listing all the phone models affected) from Project Zero crew outlines the flaw, this is already being targeted in the wild by criminals exploiting a local app to elevate privileges. The vulnerability must be exploited locally so protect yourself by not downloading any apps from untrusted sources. Also keep systems updated to block against other flaws that could be chained with this bug.
Talk Talk
Talk Talk customers must migrate off old Tiscali email or face increased bills.
From 20th November all your legacy Tiscali mailboxes will be shut down unless you pay £5 a month or £50 a year announced an email seen by The Register. If you choose not to sign up for TalkTalk Mail Plus, from 20/11/2019 you'll lose the vast majority of TalkTalk Mail features. A few months later, they will start closing down mailboxes that aren't registered to a TalkTalk Broadband account or signed up for TalkTalk Mail Plus. You will lose mail in these accounts when they are deleted.
From The Register
From NCSC Weekly threat reports:
A customer service software company, Zendesk, has found that 10,000 support and chat accounts were accessed by an unauthorised third party back in November 2016. Information accessed included emails, names and phone numbers. The company were only told about the breach by a 3rd party on 24 September 2019.
Earlier this week, researchers at Cequence Security blogged that they’d found a flaw that could allow hackers to snoop on video conferences. The “Prying-Eye” vulnerability, affecting Cisco WebEx and Zoom video conferencing, exposes open meetings or calls that aren’t protected by passwords. Attackers could use an enumeration attack to gain access, using brute force to guess ID numbers. Both Cisco and Zoom have since altered default security settings and issued advice to customers.
From NCSC