Welcome to our latest round-up of news from the technology and hosting world. Here’s what we’ve discovered this week.
Coronavirus phishing attacks
Cybercriminals have a habit of seeking out the most vulnerable and are now taking advantage of Coronavirus by targeting those who are worried about its spread. According to cybersecurity company, Norton, there are reports of a growing number of different phishing scams being operated. The scam emails pretend to come from legitimate sources and provide links to information about Covid-19 or to products which falsely claim to protect people against the virus.
Of course, users are actually sent to bogus websites so the scammers can infect their devices with malware, steal personal data or take payments for fake products that will never arrive.
AI being used to hack Coronavirus
On a more positive note when it comes to Coronavirus, UK AI company, DeepMind, is putting its technology to good use by assisting with the fight to find a cure. It has shared its findings about the structure of six proteins with similarities to Coronavirus, to help scientists develop and speed up the deployment of a workable vaccine. By understanding the structures of the six proteins, virologists can discover how the virus works and find a way to stop it.
The benefit of using AI and machine learning is that progress can be made far more swiftly than in the lab, which is critical when there is a risk of a global pandemic. However, clinical trials would still need to take place before any vaccine could be licenced for use.
Huge Virgin Media database left online
An unsecured Virgin Media database, containing the details of over 900,000 customers, was left accessible on the internet. The marketing database contained unencrypted phone numbers, home addresses and emails, not just of existing customers but also of potential customers referred by friends with Virgin Media accounts. Some customer’s details also included links to pornography websites they had asked to be unblocked.
Perhaps most worrying, is that Virgin Media said that the database had been accessed at least once by someone online and could, therefore, have been downloaded and sold to cybercriminals.
Victims will be emailed by Virgin Media informing them about the specific data that was accessed. It will also give a warning about the potential for identity theft, nuisance calls and phishing scams they may receive. In the meantime, the breach is being investigated by the Information Commissioner’s Office.
Issue with Let’s Encrypt SSL certificates
Let’s Encrypt, one of the world’s most popular SSL encryption providers, recently discovered a bug in 3 million of its SSL certificates. As a result, websites using defective certificates to protect online payments may have experienced issues with their security status on various browsers. According to Let’s Encrypt’s parent company, ISRG, as the bug could not be fixed, the only solution was to revoke all 3 million defective SSL certificates.
ISRG contacted affected customers last week, informing them of the need to renew and replace existing certificates by 4 March. If you are one of the affected website owners and haven’t yet replaced your SSL certificate, it’s likely your website will now have lost its secure green padlock icon and will be labelled as ‘not-secure’ on browsers like Chrome and Edge. Obviously, this may affect public perception and could impact sales. If you haven’t received an email and the site still has a ‘secure’ status on browsers, it’s unlikely you were affected.
Vulnerabilities in devices using legacy Android versions
Millions of tablets and up to a billion mobile phones are at risk of hacking because their software no longer receives security updates by Google or by the device’s manufacturer, according to a Which? report. Of particular concern are pre-2013 Android phones which are vulnerable to data theft, ransomware infections and various other malware attacks.
While a staggering 40% of Android devices use version 6.0 or lower of the operating system, including 13% using version 4.4 and lower, no security patches for these versions were released last year. For some older versions, there have been no updates since 2017.
Carrying out tests on a range of popular older phones, like Samsung Galaxy S6 and Sony Xperia Z2, Which? discovered it was easy to infect them all with multiple types of malware. While this is a concern to owners of these devices, it also raises the question of why, if the products are made well enough to last years, are they not being protected for their full life-span?
Visit our website for more news, blog posts, knowledge base articles and information on our wide range of hosting services.