InfoSec Round-Up: Jan 22nd

Play Video

INTERPOL Warning, Leaked Pixlr Records & App Flaws

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

INTERPOL Dating App Warning

The International Criminal Police Organisation, INTERPOL has issued a warning concerning dating app users being lured into investment fraud schemes.

Having received reports from around the world, INTERPOL has warned that with the increasing number of people seeking relationships online, dating app users are being exploited via “artificial romance” intended to involve victims in sophisticated fraud schemes.

In a statement, INTERPOL noted, “Once communication becomes regular and a certain level of trust is established, criminals share investment tips with their victims and encourage them to join a scheme.”

Going on to say, “Victims download a trading app and open an account, buy various financial products and work their way up a so-called investment chain, all under the watchful eye of their new “friend”.

“As is often the case with such fraud schemes, everything is made to look legitimate. Screenshots are provided, domain names are eerily similar to real websites, and customer service agents pretend to help victims choose the right products.”

“One day, however, all contact stops, and victims are locked out of the account. They’re left confused, hurt, and worried that they’ll never see their money again.”

Hackers Dumps 1.9 Million Records

A notorious hacking group known as ShinyHunters has leaked around 1.9 million stolen Pixlr user records that could be used in targeted phishing campaigns.

A popular online photo editing application, Pixlr is thought to have been breached at the end of last year, with the hacker claiming that the records were taken from an Amazon Web Services (AWS) S3 bucket.

Containing usernames, email addresses, hashed passwords and users’ countries, the 1,921,141 exposed records could leave users open to a variety of information security attacks.

The threat actors behind the leak are well-known for hacking websites and selling stolen data, and are thought to be behind dozens of significant breaches including Tokopedia, US bank Dave, Minted and Unacademy. In the first two weeks of May 2020 alone, the group is thought to have sold around 200 million stolen records.

With Pixlr yet to make a statement on the database breach, it is recommended that users update their passwords, especially if they are using repeat passwords, and to be on the lookout for online scams.

Retail and Hospitality App Flaws

Research suggests that more than three-quarters of retail and hospitality sector applications contain at least one vulnerability, as well as 26% containing ‘high severity’ vulnerabilities.

Having analysed around 132,000 applications, the Veracode research shows that 76% of apps, across sectors, contain at least one security flaw; with hospitality and retail matching that likelihood for ‘any flaw’, but exceeding the ‘high severity’ percentage with 26% vs 24%.

Despite this, the retail and hospitality sector did rank second-best for overall fix rate, with around half of flaws being remediated within 125 days, over twice as fast as government app flaws. 

Speaking to their research, Veracode noted, “though [these] industries might have a higher than usual number of flaws, they are quick to act and remediate those flaws.”

Adding, “Flaws that the retail and hospitality sector should keep a close eye on include encapsulation, SQL injection, and credential management issues. These flaw types seem to be more prevalent in the retail and hospitality sector compared to other industries, and they can lead to a serious breach.”

Thank you for reading this edition of InfoSec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Information Security Resolutions 2021

10 Information Security Resolutions for the New Year: Part One

Information security in 2021: blog by Information security awareness training and phishing simulation provider Hut Six Security.

ISO 27001 vs SOC 2: What is the difference?

ISO 27001 vs SOC 2 Certification - Hut Six

Find out the key differences between ISO 27001 and SOC 2 and which one is best for your business. Learn about both security standards, focus areas, and the benefits of each one to make an informed decision.

Top 5 Breaches 2020

The Five Biggest Breaches and Hacks of 2020

The Five Biggest Breaches and Hacks of 2020. Information Security blog by Information Security Awareness provider Hut Six Security.

SOC 2 Compliance Security Awareness Requirements

Preparing for SOC 2 Compliance - Hut Six

Preparing for SOC 2 Compliance. What are the 5 Trust Service Principles? Security · Availability · Processing Integrity · Confidentiality · Privacy

Securing Work from Home

Top 10 Security Tips for Remote Work

Top 10 Security Tips for Remote Work. Securing Work from Home blog image by Information Security Awareness Training provider Hut Six Security.

Business Case for Security Awareness Training

Building a Business Case for Information Security Awareness Training

Building a Business Case for Information Security Awareness Training blog by Information Security Awareness Training provider Hut Six.

Zero Trust Security

How Zero Trust Works

How Zero Trust Works - Zero Trust Security blog by Information Security Awareness Training provider Hut Six Security.

Writing a Cyber Job Specification

How to Write a Cyber Job Specification

How to Write a Cyber Job Specification: Finding the Best Cybersecurity Talent. Cyber blog by Information Security Awareness solution provider Hut Six Security.

Building your Cyber Security Team

How to Build a Cyber Team

How to Build a Cyber Team - Top Points to Consider When Building Your Team. Blog by Information Security Awareness solution Hut Six Security.

UKGDPR Compliance

What is GDPR Compliance UK?

What is GDPR Compliance UK? Understanding the General Data Protection Regulation and UK Compliance. Blog by Hut Six Security.

Speak to us about your Cyber Awareness