06 September 2019

IRM Weekly Cybersecurity Roundup: Huawei blames US government

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter. 

Huawei blames US Government for launching cyber-attacks and threatening staff

Huawei and the US Government have constantly had issues with each other. The main problem being the US believes Huawei pose a national security risk. So much so, that they put the company on a trade blacklist earlier this year. The US Government believes the tech giant are conspiring with the Chinese Government.

This week, Huawei blames the US government for using “every tool at its disposal” to disrupt the tech giants business with cyber-attacks. They claim that the Government has been attempting to infiltrate their internal information systems.

The US has also been accused of threatening Huawei staff by unlawfully detaining them. Employees are apparently being pressured into collecting information on the company by FBI agents.

The US has not responded to these allegations and Huawei repeatedly deny their alleged conspiring with the Chinese Government. You can read more here.

Facebook announces data leak of over 200 million user phone numbers

Facebook has confirmed another privacy lapse with over 200 million phone numbers and Facebook IDs being exposed on an open online database.

The online database server was not protected by a password and included around 133 million US users, 18 million UK and 50 million records of Vietnam users. This equates to over 400 million entries overall, but including duplicates according to Facebook.

Although the exposed information was classed as “old”, the phone numbers could still have been a potential vulnerability.

The data set has since been taken down. Facebook has not yet responded to whether they will inform users of the exposed information. You can read more here.

Yahoo email fault now affecting BT, Sky and TalkTalk accounts

Yahoo’s mail service has been experience a crashing fault, preventing users from sending and receiving messages via their webmail accounts.

It has now started to affect other email accounts which are powered by Yahoo’s service, including BT, Sky and TalkTalk.

The issue began yesterday at 7:00 BST and Yahoo are “working diligently” to solve the fault. Customers of Sky and TalkTalk have been notified via Twitter. You can read more here.

Twitter shuts down tweeting via SMS after CEO account was hacked

Twitter have temporarily shutdown the ability to tweet via SMS, after CEO Jack Dorsey’s account was hacked last Friday.

A hacker group named “Chuckling Squad” was able to get access to his phone number. This enable them to access Dorsey’s Twitter account via the SMS twitter service. They proceeded to post tweets with racial slurs, bomb threats, sexist and anti-Semitic comments along with other crude messages.

The hackers gained control of Dorsey’s phone number by using “SIM Hacking”. This is an increasingly used technique which convinces a carrier to assign a number to a new phone that they can control.

Dorsey’s account was back under control within 15 minutes, but it’s a clear reminder of the serious vulnerabilities that can be exploited and the weaknesses in phone-based authentication. You can read more here.

Quick-fire Updates:

Google and YouTube pay-out $170 million in alleged violations of privacy: Google and YouTube have paid $170 million settlement after FTC allegations that YouTube knowingly tracked and sold ads targeted to children. You can read more here.

Tesla drivers have been reminded to keep key cards on them after app outage: Tesla’s smartphone app suffered an outage causing Tesla owners stranded. Tesla have had to remind owners that the backup key card all owners receive is to be used for such emergencies. You can read more here.

Raspberry Pi computer takes a photo of Earth: A Raspberry Pi computer and camera that was sent into space has taken an image of the Mediterranean from above. You can see it here.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM. 

Are you looking to get into a career in cyber? Check out IRM’s job vacancies on our careers page or sign up to our careers newsletter for future roles.