cybersecurity alert

Cybersecurity Alert: Keylogger Installed on Certain HP Devices

Threat Summary

A security researcher discovered keylogging code in software pre-installed on certain HP devices, including EliteBook, ProBook, Pavilion, and others. The keylogger was originally installed as a debugging tool to check for errors in the Synaptics Touchpad software. The keylogger is disabled by default, however anyone with physical access to the device could activate the keylogger. HP has issued a software patch to remove the keylogger.

Cybersecurity Alert: North Korean Trojan Malware and Microsoft DDE Security Advisory

North Korean Trojan Malware (Volgmer)

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a joint technical alert on Monday, November 14 regarding malicious cyber activity by the North Korean government referred to as HIDDEN COBRA. The alert identified IP addresses and other indicators of compromise connected to a backdoor Trojan malware variant commonly known as Volgmer. The DHS and FBI suspect that spear phishing is the primary delivery mechanism for Volgmer infections.

Cybersecurity Alert: Equifax Data Breach Affects 143 Million Customers

Threat Summary

On September 7, 2017, Equifax announced that personally identifiable information for 143 million customers may have been compromised in a breach that occurred between May and July of 2017. The data includes names, social security numbers, birth dates, addresses, and driver's license numbers. Equifax set up a website so customers can determine whether their data was impacted. The company is also offering free identify theft protection and credit file monitoring services.

Cybersecurity Alert: “BlueBorne” Attack Vector and Several Critical Bluetooth Vulnerabilities Affect Over 8.2 Billion Devices

Threat Summary

Researchers discovered a new attack vector, “BlueBorne,” along with eight zero-day Bluetooth vulnerabilities, four of which are critical, that could allow an attacker to remotely control Bluetooth-enabled devices and install malware that can rapidly jump from one device to another on the same network.

Mobile device manufacturers were notified of the Bluetooth vulnerabilities in April of this year, so the vulnerabilities have been patched in the majority of new phones. However, devices with older software may be at risk.

UK Government’s New Data Protection Laws Will Enforce Larger Fines

The British government confirmed their intention on August 7 to introduce a new Data Protection Bill which is set to transfer the European Union’s General Data Protection Regulation (GDPR) into UK Law. Digital Minister, Matt Hancock, who is leading the changes has said that the bill will provide the UK with ‘one of the most robust, yet dynamic, sets of data laws in the world’.