11 Nov 2020
Keeping an eye on cyber news and threats
Attacks and data breaches happen every day, and you probably won’t ever hear about most of them, even though they may actually affect you. As technology and computing moves forward and becomes more widely available, the threat from cyber crime increases. More and more data is being stored digitally which can leave it vulnerable to hacking, and this includes your online accounts, social media, email, bank accounts and so on.
It’s not just your data that is potentially vulnerable, however; company data and client data is at risk too. Just think for a second how much information you can access with just your company username and password. Imagine if you used that same password everywhere, and that password was compromised.
Without being too lengthy, the aim of this newsletter is to keep you updated on the latest breaches and attacks, to help increase your cyber awareness and improve your security mindset – to make you more ‘cyber savvy’.
So without further introduction, here are some key news points from the last week or so:
Credential stuffing attack impacts Nando’s customers
Some of Nando’s customers have seen their online accounts hacked following a credential stuffing attack.
Credential stuffing takes advantage of people reusing username and password combinations across different accounts. Stolen credentials from data breaches can be used against multiple online accounts with an eventual match giving attackers access.
Hackers who have gained access to accounts have placed large orders and caused huge bills for those affected.
Nando’s have promised to reimburse affected customers and have said in a statement that their systems had not been hacked.
Protecting yourself from attacks such as this can be achieved in a few ways:
Use separate passwords for important accounts
Create strong passwords with three random words
Consider saving your passwords in a browser
The key point here – do not reuse passwords! Keep them strong, keep them varied. ‘But how will I ever remember?’ I hear you cry! Keep your passwords safe and don’t worry about remembering them again by using a password vault or saving them to your Google account. Your passwords will be encrypted and kept super safe, just make sure your main account password is strong. They also allow you to generate strong random passwords, which is a useful tool when changing passwords or creating a new account.
Deleted – or so you think.
Just recently Cybersecurity investigators from Abertay University discovered about 75,000 files on 100 used USB drives bought from Ebay, including tax returns, bank statements and files containing passwords.
Although they appeared to be empty, widely available tools were used to recovered deleted data from the memory sticks.
Whenever we delete something, it doesn’t get erased as you may think, but in fact the storage space used by the file is reallocated back to the drive, and the data is hidden from view. Special software can be used to recover that data, but it can also be used to make sure the data is unreadable.
Bottomline – be careful what you keep on removable storage and keep the devices safe. If you sell the storage device or repurpose it, make sure you wipe it properly using the right software.
That’s all for now,