Cybersecurity roundup: April 22 to 28, 2018
In this week's Cybersecurity Roundup, ASEAN chair Lee Hsien Loong warns against the dual threats of ISIS and cyberattacks against countries in the region, the Philippines' National Privacy Commission summons a number of schools and government agencies which failed to disclose security breaches in a timely manner to affected users, and a multi-national operation takes down a site used to send over 4 million distributed denial of service attacks.
These stories and more, below!
ASEAN chairman: Southeast Asia faces 'very real' threats from ISIS, cyberattacks
Southeast Asia faces "very real" threats from the Islamic State (ISIS) group despite their defeat in the Middle East, as well as cyber-attacks, Singapore Prime Minister Lee Hsien Loong warned as he opened a regional summit on Saturday, April 28.
Opening the summit of the Association of Southeast Asian Nations (ASEAN) in Singapore, Lee warned that ISIS continues to threaten the region despite their military defeat in Iraq and Syria, while the move towards digitalization has made countries more vulnerable to cyberattacks.
National Privacy Commission summons officials of schools, government agencies hit by security breach
The National Privacy Commission (NPC) is investigating the defacement and security breaches of multiple school and government websites that happened in early April.
The affected organizations are asked to explain why each of their Personal Information Controllers (PICs) did not inform – and have still not sent data beach notifications to – the NPC nor the people affected by the data breach within 72 hours of the incident.
Security researchers hack Amazon's Alexa to spy on users
Threatpost reports researchers from CheckMarx created a proof-of-concept Alexa Skill that abuses the virtual assistant’s built-in request capabilities.
The hacked Alexa Skill will make keep the listening prompt of the device on, with Alexa transcribing audio and sending a text transcript to a hacker, if voices are captured. The proof-of-concept attack has been fixed as of April 10.
Multi-nation operation takes down website behind 4 million cyberattacks
A British and Dutch-led operation brought down a website linked to more than 4 million cyberattacks around the world, with banking giants among the victims, European law enforcement agencies said.
Cybercriminals used the website's services, which could be rented for as little as $14.99 (12.31 euros), to launch so-called distributed denial of service (DDoS) attacks, which swamps targets with spam traffic and disables their IT systems.
U.S. Securities and Exchange Commission imposes $35-M penalty for not telling investors of massive Yahoo hack
US securities regulators on Tuesday, April 24, announced that Altaba will pay a $35 million penalty for not telling the SEC that hackers had stolen Yahoo's "crown jewels" – data including usernames, email addresses, phone numbers, birthdates, encrypted passwords, and security questions from a 2014 breach.
While Yahoo discovered the data breach quickly, it remained quiet about it until more than two years later when it was being acquired by telecom giant Verizon Communications, the SEC case maintained.