01 February 2019

IRM Weekly Cybersecurity Roundup: Cyber Skills Immediate Impact Fund and more

Our weekly cybersecurity roundups gather the most important headlines in the industry from the last seven days. If you want the weekly roundup delivered straight to your inbox, you can sign up to the IRM newsletter.

New UK Gov’t funding to drive diversity in cyber

Four projects across England will benefit from a total investment of at least £500,000 as part of the “Cyber Skills Immediate Impact Fund (CSIIF).

The projects receiving funding are: Crucial Academy: Diversity in Cyber Security; QA: Cyber Software Academy for Women; Blue Screen IT: HACKED and Hacker House Ltd: Hands on Hacking, Training and Employer Portal.

The CSIIF was launched in February 2018 to support the UK’s aim to develop home-grown cyber talent across all demographics.

You can read more here.

Apple fixes ‘eavesdropping’ bug

Apple users have been warned of a glitch in iPhones and iPads which allows users to eavesdrop through the FaceTime app before the call is actually connected.

Despite the calls having to be made in a particular way for the glitch to appear, Apple has still been criticised for not protecting the human right of privacy.

iPhone and iPad users on version iOS 12.1 or later have been advised to disable FaceTime until the fix is rolled out.

You can read more here.

‘PewDiePie’ hackers speak out

The message broadcasted during the streaming dongle hack

At the start of January, two followers of YouTube star “PewDiePie” hacked into devices in order to broadcast a message about subscribing to the YouTube channel, as well as reinforcing a message about smart device security.

The ‘Internet of Things’ hack was mainly intended to raise awareness about the lack of security of smart devices such as printers and streaming dongles, as well as generating more subscribers for their YouTube idol.

In total, they used open-port vulnerabilities to hack over 100,000 printers across the world.

The authorities have not yet sought to prosecute the PewDiePie hackers, but the two have cancelled future hacks for fears of being caught.

You can watch a video on the hacks here.

B&Q leaks personal details of shoplifter suspects

An internal investigation has been launched at B&Q after the names and vehicle descriptions of suspected shoplifters has been leaked online.

Over 70,000 offender and incident logs were published on Elasticsearch server, which is an open-source search engine which can be accessed by anyone. The logs were taken down 11 days after the retailer was informed about the situation.

B&Q has stated it has “closed the issue down and are continuing to investigate how it occurred”.

You can read more here.

UK victims lose £190k a day due to cybercrime

Action Fraud research shows that UK victims of cybercrime lose more than £190,000 a day.

Out of the 13,357 who reported cyber incidents last year, over 50,000 were hacked via social media and email accounts. Consequently, the police has warned people to keep separate passwords for online accounts.

You can read more here.

YouTube impersonation scam tricked 70,000 people

A YouTube scam luring users to click on malicious links impersonating famous YouTubers has affected over 70,000 people, according to new research.

The scammers used the popular YouTubers’ names and profile pictures to impersonate their profiles and the ‘typical’ message invited the user to click to claim a prize. Once clicking on the link, data is collected and then sold on by the cybercriminal.

YouTube has acknowledged the issue as ‘spam’ and stated they are in the process of implementing additional measures to prevent impersonation.

You can read more here.

To receive this blog direct to your inbox every week, sign up to our newsletter.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM.