09 August 2019

IRM Weekly Cybersecurity Roundup: North Korean cyber-attack and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter. 

North Korean cyber-attack generates £1.6bn to fund weapons program

A leaked United Nations report states that the capital of North Korea, Pyongyan, has stolen £1.6bn to fund its weapons program by using widespread and increasingly sophisticated cyber-attacks.

North Korea Cyber-Attack Missiles

The report mentions that the North Korean cyber-attack targeted banks and cryptocurrency exchanges to collect cash. The UN are now investigating 35 cyber-attacks.

This information comes after North Korea launched two missiles on Tuesday in which their leader, Kim-Jong-un, said was a warning against joint military exercises being carried out by the US and South Korea.

This is the fourth launch North Korea have sent in less than two weeks. You can read more here.

Apple increase vulnerability scouting payout to $1 million

Apple has updated their bug bounty program, announcing an increased maximum reward for finding vulnerabilities from $200,000 to $1 million. This is the largest bug bounty offered by any major tech company.

If you find a severe deadly exploit such as a ‘zero-click kernel code execution’ vulnerability, the hacker will be rewarded with the $1 million payout.

The announcement was made at the Black Hat security conference on Thursday 8th August. You can read more here.

Three WhatsApp flaws could allow hackers to alter messages

An Israeli cybersecurity firm company has identified three flaws in the WhatsApp messaging service that could allow a hacker to manipulate messages in both public and private conversations.

The three flaws are:

  • Using the “quote” feature in a group conversation to change the appearance of the identity of a sender
  • A hacker can change the text to someone else’s reply
  • A private message can be sent to another group participant disguised as a public message to all, when a targeted individual responds it is visible to everyone in the conversation

The third flaw has been addressed by WhatsApp owner, Facebook Inc, and has since been fixed. Due to the app’s encryption, the other problems are more difficult to solve. You can read more here.

Twitter apologises for advert data leaks

Twitter has announced it found a bug in its advertising platform. The bug is thought to result in some user data being shared with advertising partners without the consent.

Users who have been infected are those who clicked or viewed an advertisement for a particular mobile application (that has not been named) and then interacted with that application. The data exposed included device type, country code and ad details.

The exposure of data started in May 2018 and followed on until 5th August 2019 when the bug was then found and fixed.

Twitter did not disclose the name of the mobile apps which advertised on its platform and triggered the bug.

Twitter are still conducting an investigation to determine who may have been impacted. You can read more here.

Quick-fire Updates

British Airlines (BA) hit by IT glitch causing huge delays: On Wednesday the 7th August, BA found themselves hit by an IT glitch that grounded planes and left 100 flights cancelled and more than 200 flights delayed. Pay-out to those affected could reach £5m. Read more here.

Facial recognition to be installed on South Wales Police phones: Police in South Wales will be introducing a facial recognition app installed onto their mobile phones to help identify a suspect without taking them to a police station. Read more here.

Government have launched their second cybersecurity survey: The research from the survey will be used to see how organisations are employing and training professionals with expertise in cybersecurity and better understand the issues they are facing. Read more here.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM. 

Are you looking to get into a career in cyber? Check out IRM’s job vacancies on our careers page or sign up to our careers newsletter for future roles.