As kids return to school, it seems the hackers and cyber criminals did too. It was a bumper month of activity and we've selected the most important and interesting updates...
531.5 million records leaked
Apparently, the grand total number of records breached across all data breaches was a whopping 531,596,111 leaked records, and that's just the ones that were recorded. There were 75 core breaches listed representing a 363% increase in breached records compared with August.
Notorious hacker group out of 'retirement'
The infamous hacker group Notorious was believed by experts to have disbanded, but it appears that the group is behind a new wave of attacks. Researchers at Secureworks reached the conclusion that the group was active once again after they inspected a new virus.
Personal 'Security' devices not as secure as they seem
We all worry about ageing parents, elderly neighbours, our home security when we are out, but it appears the latest wave of security gadgets are not as secure as we'd like to believe. A family in Bedfordshire permitted a cyber security expert to infiltrate their gadgets if he could and the test demonstrated just how easily the products can be infiltrated. A personal tracker designed to support older people was breached and allowed the hackers to listen to private conversations, meanwhile the pet cam hack enabled hackers to spy into their home.
Ethical hackers given chance to target US satellite
Ethical hackers are being given the opportunity to target an orbiting US satellite at the 2020 Def Con hacker event. Vetted experts will be encouraged to see if they can breach the US Defence Department satellite in the hope that the process will identify security risks and improve performance.
Who's listening in?
Tech security company Wandera has set about testing whether mobile phones are 'listening' to their users and fuelling tech giants advertising by promoted related posts. They wanted to prove or disprove the urban legend that our phones are listening by conducting a controlled experts on brand news phones. Using two identical Samsung phones and two identical Apple phones, they downloaded and enabled a multitude of common apps including Facebook, Amazon and Instagram, granting them all full permissions. One of each phone was then placed in a silent room for three days while the other was placed in an 'audio' room. The audio room played adverts and conversations and then the phones in both rooms were compared for data and battery usage, as well as for adverts on popular sites. There was very limited difference between the phones and their usage, nor in the adverts presented suggesting that the Big Brother legend really is a myth. Read the full report on the BBC...
Teletext Holidays leaves customer purchases unprotected
212,000 records were breached from a British holiday firm after recordings were made as part of a call center analysis project. The calls, which include names, date of birth, email and home addresses could be heard along with flight details and partial card details. They were found on an Amazon Web Services server and were promptly removed, but it is believed that they had been publically available for over three years.
Irish Government admits ransomware breach last year
In response to a parliamentary question from Jack Chambers, raising concerns over the way the Irish Government handles cyber security, the Department of Communications, Climate Action and the Environment has admitted that there was a ransomware breach last year. The Department confirmed the attack and stated that the ransomware was isolated and safely removed, but provided no further details. There has now been a question posed as to whether the Department should be responsible for the cyber security, despite having no security, defence or intelligence credentials.
Facial recognition app leaks photos of suspects
The Tamil Nadu police force in India used CopsEye to enable a facial recognition security system, allowing police to take photos of people suspected to be involved in criminal activities. The app then automatically scans previous criminal records making it easy to identify criminals. Over 7,000 images with suspected criminal IDs were left exposed. The database has now been removed and app taken offline, but not before security researchers were able to breach the data.
Tesco parking app taken offline after exposing number plates
Tesco has taken its parking validation app offline after tens of millions of Automatic Number Plate Recognition images were found on a Microsoft Azure blob. The images included photos of cars entering and leaving car parks, including car number plates and timestamps. It is not believed that the vehicle occupants were visible in the low res images. Reportedly, the images were left exposed accidentally after a data migration exercise.
NHS records used to 'weigh down' scaffolding
Acting as an important reminder for the security of printed documents is the story of an art festival in Milton Keynes which used unshredded NHS documents as ballast for a scaffolding structure. The documents from GP surgeries and pharmacies were meant to be shredded, but was purchased from the recycling company in bales. What's more, the loose structure of the recycled materials meant that as well as putting public data on display, some sheets came loose and blew down the street. Read the full story...
Wigan Hospital Employee views records without reason
Employees are often the weakest link in a cyber security policy as it can be difficult to predict and control human behaviours. This story serves as an important reminder of why strong policies and procedures are required, after the Wrightington, Wigan and Leigh NHS Foundation Trust revealed that an employee viewed over 2,000 patient records for not legitimate reason, without permission to do so.
Database of Facebook users' mobile phone numbers found
Hundreds of millions of phone numbers linked to Facebook accounts have been found online on a server that can be accessed without a password. More than 419 million records including 18 million UK records were left exposed including the users unique Facebook reference ID and the phone number listed on their account. Many of the records also include names, gender and country location. The data set is old and predates changes made by Facebook last year to restrict access to users' phone numbers, however many of the numbers are still valid and puts them at risk of spam call, SIM-swapping and the opportunity to force-reset the password on any internet account connected with the number.