bbc-breaches.png

This week we've heard that the BBC has been involved in 169(!) reported data breaches; Habitat for Humanity has their appplicants' background checks exposed and researchers discovered an exploitable functionality dubbed "AtomBombing" that affects all versions of Windows.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.


Breaches

  1. Since 2007, BBC has been suffered from 169(!) data breaches.

    why is this signficant?

    • According to the Freedom of Information Act (FOI) nearly 10,000 people have had their phone numbers and bank account details stolen from breaches stemming from the BBC.
    • Information Commissioner’s Office (ICO) is an independent body set up to uphold information rights in the UK and reported last year. “While we recognize that high profile events at the BBC have resulted in a rise in the number of FOI requests received, it has become clear that the organization is consistently failing to meet its legal requirements to respond to FOI requests in a timely manner”.
    • In response, the BBC downplays these breaches by stating phone numbers, addresses and bank account details are not considered ”sensitive personal data” under the ICO classifications.
    • The ICO has the authority to fine English companies failing to meet security standards. While fine amount differs, it’ll be interesting to see how they fine a firm divulging a constant stream of breaches.

      Read the full story on Business Insider

  2. Habitat for Humanity of Michigan’s data breach exposes more than 5,000 individuals personal information.

    why is this signficant?

    • A researcher discovered Habitat for Humanity Michigan's 400 GB of backup files exposed online in early October, dubbed by the researcher as an identity theft hackers' dream.
    • The culprit? An insecure backup database found by a researcher.
    • Exposed data includes personal info of volunteers and applicants such as the personal background checks provided by Experian. In particular, these background checks can be very beneficial in the hands of an attacker.
    • TThis is the first time Habitat for Humanity has reported a breach.  Habitat for Humanity is a known non-profit organization est. in 1976.  Over the past 40 years Habitat for Humanity started as a U.S. based organization that has expanded globally.  Non-profits may be an easy target for threat actors, due to limited budgets to invest in cybersecurity and the extensive personal data that people from all socio-economic backgrounds volunteer.

      Read the full story on Daily Dot

 

AtomBombing

enSilo’s security researchers have identified a unique method that allows injection of malicious code into legitimate processes without getting identified by most security solutions. This method has been labeled as AtomBombing because it exploits Windows atom tables. Atom tables are specially designed tables that are provided by the operating system and can be used for initiating data sharing between various applications.

why is this signficant?

  • “AtomBombing” is a method of attack that involves the injection of malicious code based on atom tables - that are present in all versions of Windows dating back to the year 2000.
  • "Once the code has been injected into a process, the attackers can do as they please as though the code was loaded legitimately by the target process."
  • This injection technique could leverage the fundamental design of Windows operating systems in a malicious manner, whether it be at the initial infection or by taking a screenshot to steal passwords by injecting malicious code into chrome.exe or explorer.exe.  AtomBombing cannot be prevented or fixed with a patch, as the operating system design is susceptible and would have to be re-structured. Infiltration is inevitable.  An innovative solution lies in exfiltration prevention, that can only help prevent data from being breached.
    /**Learn more about Vulnerabilities by Design here **/

    Read the full story on DarkReading