Cybersecurity news headlines for December 1-31, 2019
In the last edition of cybersecurity news headlines of the year 2019, we have a few stories to report on. Music streaming service Mixcloud suffered a data breach, as did LifeLabs, a clinical laboratory services provider. A series of hacks of Ring security cameras left many homeowners terrified, and Russia has successfully tested disconnecting from the worldwide Internet.
In no particular order, here are cybersecurity news headlines for December, 2019.
Hackers target Amazon’s Ring security cameras
Mid-December various news outlets started reporting about hackers taking over Ring security cameras and taunting homeowners and their children. Multiple customers of the Amazon-owned home security company were left terrified in their own homes when voices were broadcast from the cameras’ built-in speakers. Multiple incidents involve children.
In a particularly worrying incident, the attacker was able to hack a Ring security camera in an 8-year old girl’s room. The hacker first played the song “Tiptoe Through the Tulips” to an empty room, and when the girl entered the room looking for the source of the music, he started speaking to her, claiming to be Santa Claus and encouraging her to destroy her room.
In another instance involving a child, an attacker communicated with a young boy when he was alone via the camera. In a video released by the family, the attacker can be heard asking the boy whether he plays video games. After a brief conversation, the boy is seen disconnecting the camera but soon after, the same man uses another camera in a different room to say “I still see you”. In other instances, the attackers insulted homeowners and demanded money.
In response to the hacks, Ring said that many customers reuse their usernames and passwords, which allows hackers to easily take over accounts. The company denied unauthorized access to their systems, which could have led to the hacks. However, the company’s lax security has been criticised, as customers were not notified when someone new logged in to their accounts.
LifeLabs data breach exposed data of 15 million customers
Canada-based clinical laboratory services provider LifeLabs disclosed a data breach that exposed personal information of 15 million Canadian customers. According to the announcement made by LifeLabs CEO Charles Brown, the company identified unauthorized access to their computer systems, and believe that certain customer information was stolen.
The customer data in question includes names, addresses, emails, logins, passwords, dates of birth, health card numbers and lab test results. The majority of affected customers are located in B.C. and Ontario. 85,000 customers located in Ontario had their lab test results accessed.
The company contacted cyber security experts in order to isolate and secure the affected systems, as well as determine the scope of the breach. LifeLabs also made the decision to pay to retrieve the data, a decision made in collaboration with specialists familiar with negotiating with cyber criminals. Privacy commissioners and government partners have been notified about the incident.
According to the company, the system issues related to the attack have been fixed, and additional safeguards have been put in place. Furthermore, security companies advising LifeLabs on the incident do not believe that customer data has been publicly disclosed, nor do they think that customers are at risk. Nevertheless, affected customers are offered one free year of dark web monitoring and identity theft insurance.
Data of 21 million Mixcloud users sold on the dark web
Music streaming service Mixcloud suffered a data breach that reportedly exposed more than 20 million accounts, which were put up for sale on the dark web.
According to reports, the breach took place in early November but Mixcloud became aware of it later on in the month. An unauthorized party gained access to the company’s systems and was able to steal user information. The stolen data reportedly contained usernames, email addresses, scrambled passwords, IP addresses, countries of origin, and links to profile photos. The passwords appear to have been scrambled with the SHA-2 algorithm, which means it’s unlikely that someone will be able to unscramble them. The company does not store credit card numbers and mailing addresses.
The stolen data, listed as 21 million records, was put up for sale on the dark web for $2,000. But if passwords are scrambled, the data for sale is merely a list of emails. Mixcloud does not believe that passwords were compromised in the breach, but still recommends users change theirs as a precaution. It also notes that the majority of its users are signed up via Facebook authentication, which means their accounts are not in any danger.
Russia successfully tests disconnecting from the Internet
The Russian government confirmed that it was able to successfully disconnect from the worldwide Internet during a series of tests. The tests, which took place over a couple of days, were performed to find out whether RuNet, the country’s internet infrastructure, could function without accessing the global DNS system and the external Internet. The tests involved government agencies, internet service providers and Russian internet companies. Ministry of Communications said regular internet users did not suffer disruptions or notice any changes during the tests.
The government did not reveal many details about the tests and how exactly they were carried out. However, it is known that the government tested several scenarios, including one simulating a cyberattack from a foreign country. If a disconnect from the global Internet were to happen, Russia’s internet service providers would reroute traffic to internal connection points regulated by the Russian government. Privacy advocates have expressed concerns that potential cyberattacks are not the only reason for disconnecting from the worldwide Internet. Some fear that the Russian government is aiming to tighten surveillance and censor content more effectively.
Alexei Sokolov, deputy head of the Ministry of Digital Development, Communications and Mass Media, said that both authorities and telecom operators are prepared to respond to potential risks and can “ensure the functioning of the Internet and the unified telecommunication network in Russia”. Russia’s President Vladimir Putin is expected to review the results next year.
WiperSoft.com is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.
The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.
Leave a comment