Hackers are Getting Smarter

Take a glance at the most discussed cybersecurity topics of the week.

Still falling for spam

ZDNet on August 1, 2018

The old and most common way of spreading malware, viruses, and links to malicious websites is a spam email. Malicious attachments used by cybercriminals are mostly ZIP, .DOC, .XLS, .PDF, and .7Z. Although humans have long been aware of potential threats coming from emails they receive daily, perpetrators update their methods and achieve even better results.

Hackers try new tricks to entice users by pretending to be a friend and featuring a URL. So, stay alert!

1,100 reports of data breaches since the introduction of GDPR rules

Irish Times on July 30, 2018

EU General Data Protection Regulation’s requirements came into force on May 25th. According to the new rules, any data breach is to be reported in case the incident resulted in any risk to the rights and freedoms of individuals, or data subjects. This should be done “without undue delay” and not later than 72 hours after the disclosure.

The office of the Data Protection Commissioner stated that it had logged 1,184 data breach notifications since May 25th and the regulation applied in 953 cases. Also, it logged 743 complaints with regulation applied in 267 cases. The total number of received complaints was 2,642 in 2017, which demonstrated an increase of 79 percent in 2016.

The commission was receiving complaints and breach notifications related to both post and pre-GDPR and the pre-GDPR cases, which were to be dealt with under the old legislation. “By way of comparison, the Irish DPC received, on average, approximately 230 data breaches and 220 complaints per month last year (2017). As you can see there has been a significant increase in the volumes of both breaches and complaints to the DPC since May 25th,” commented the spokesman of the commission.

The most frequent GDPR complaints fell into the categories of improper disclosure of personal information, access requests, and unauthorized processing.

$10,000 to hack your HP printer

ZDNet on July 31, 2018

The tech giant HP announced the new bug bounty program. Under its terms, researchers will get between $500 and $10,000 reward for discovering loopholes in HP’s printers. While home printers are regularly used occasionally for printing document or photo, in a company, they are often found in a network. In case of a weak link in business networks, any device may provide attackers with an access to a wider network system.

Shivaun Albright, HP’s Chief Technologist of Print Security, commented that “Today, bad actors are targeting endpoint devices. Protecting connected devices, like printers, at the edge of the network has become paramount.” Also, according to “2018 State of Bug Bounty Report” research by Bugcrowd, a 21 percent increase in the number of endpoint bugs was reported over the past 12 months, which means that endpoint devices including printers are becoming a tempting target for hackers.

Currently, in partnership with Bugcrowd bug bounty platform, HP claims that it is the “only vendor” launching a vulnerability disclosure scheme designed for printers exclusively.