CSS News Round-Up: Major Security Flaw Affects Millions of Consumer IoT Products

News Round-Up – Get a Quick Rundown of What You Need to Know

 

The Converged Security News Round-Up looks into recent reports and journalism covering converged security threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @ConvergedSecSol. Visit our services page to learn more about the CSS suite of services, including managed security services and end-to-end cyber-and-physical protection.

Over 80 Million Americans’ Data Exposed

According to a recent article from The Hacker News, a public database was found by researchers unprotected and containing data on over 80 million households in the nation. The data includes names, ages, addresses, and birth dates, totaling to 24GB of data altogether. Luckily, the article notes, payment card information, passwords and social security numbers were not included in the exposure. It is still unclear who the database belongs to, but it has since been taken down.

Major Security Flaw Affects Millions of Consumer IoT Products

“A security researcher has discovered severe flaws in an Internet of Things (IoT) software feature called iLnkP2P, which renders the millions of consumer devices using it vulnerable to remote discovery and hijack,” says Naked Security. The software is used in a minimum of two million IoT devices, such as products by Sricam, HVCAM, Eye Sight, and more, according to the article. The purpose of the feature is to allow users to quickly connect the devices peer-to-peer (P2P) style, but the ease of use comes with incredible security sacrifices.

Church Loses $1.8 Million to BEC Scam

Saint Ambrose Catholic Parish located in Brunswick, Ohio fell victim to a BEC scam resulting in a loss of $1.8 million, according to Info Security. The contractors responsible for the church’s renovations contacted the church claiming that two months’ worth of payments had not been received, despite the fact that they had indeed paid them right away. After investigating, it was found that the church was scammed via emails stating that the contractors had changed their payment instructions, says the article. Before the incident was known, the criminals had already taken all funds from the fraudulent bank account that they had the payments wired to.

Data of Citycomp’s Largest Clients Stolen and Published

Citycomp, an IT company based in Germany, had the sensitive financial data of its most popular clients stolen and published online, says Bank Info Security. The company works with giants such as Volkswagen, Toshiba British Telecom, Airbus, Oracle, and more. The criminals say they’ve stolen 516GB of private and financial data, says the article, uploading it both for free download as well as on the dark web. The criminals originally demanded a ransom payment and took action upon Citycomp refusing to pay.

United States Grid Network Disrupted in March

According to E&E News, the Department of Energy has revealed that a cyber-incident interrupted the grid network in the western U.S. on March 5th. The report is not specific as to what exactly happened, the article states, but it seems as though hackers were responsible for the event. Areas affected include California, Wyoming, and Utah, but none of the entities involved has been willing to give any additional details on the cause of the interruption.