Cyber Security Training from QA

Cyber Pulse: Edition 10

Read the latest edition of Cyber Pulse, our roundup of Cyber news.


12 April 2018

Facebook to extend GDPR data protection changes to global users

Facebook CEO Mark Zuckerberg intends to implement the EU's forthcoming data protection changes worldwide, rather than confining them to European users of its platform. Fresh from its own data misuse scandal, Facebook has announced a string of changes to its data policy, and has also committed to rolling out GDPR to apply to all citizens. After the social network appeared in news reports yesterday under headlines suggesting it wouldn't extend the new protections to US citizens, Zuckerberg since clarified his remarks in a press conference confirming his company would in fact introduce equivalent safeguards for all users. Facebook has toughened up its data protection policy following reports that a data modelling company called Cambridge Analytica had collected millions of Facebook users' profile data to help influence voters ahead of the US presidential election in 2016. The company in fact harvested up to 87 million users' data, according to Facebook's best estimates, via a university professor's quiz app that was able to access users' friends' profile data as well, under platform rules that existed in 2015 (and have since changed to prevent this). Details about how Facebook will roll out GDPR globally, and a timeline for doing so, are yet to emerge. The UK is currently passing a new Data Protection Act to ensure GDPR-style legislation is replicated in native law before the UK leaves the EU.

Warning to police staff as force fined £130,000 for losing rape victim interview

Humberside Police has been fined £130,000 by the Information Commissioner’s Office (ICO) after disks containing a video interview of an alleged rape victim went missing. The three unencrypted disks and accompanying paperwork were left in an envelope on an officer’s desk. The bundle contained the victim’s name, date of birth and signature as well as details about the alleged rape itself, the victim’s mental health and the suspect’s name and address. The envelope was due to be posted to Cleveland Police but never arrived. It is not known whether the package was actually sent. An ICO investigation found Humberside Police failed to encrypt the disks before sending (or intending to send) by unsecure mail, they failed to maintain a detailed audit trail of the package and Protecting Vulnerable People Unit within Humberside Police failed to adhere to its ‘Information Security Policy’ in relation to removable media.

Royal Mail fined £12,000 after sending more than 300,000 nuisance emails

Royal Mail Group Ltd has been fined £12,000 by the Information Commissioner’s Office (ICO) after sending more than 300,000 nuisance emails. On two dates in July 2017, the company sent emails to 327,014 people who had already opted out of receiving direct marketing. The emails outlined a price drop for parcels, but the company did not have the recipients’ consent to send them, and so broke the law. The ICO launched an investigation after receiving a complaint from a member of the public, who had received a marketing email from Royal Mail despite having opted out. During the investigation, Royal Mail claimed the emails were a service rather than marketing; informing customers of a price drop. The Commissioner found that the emails sent constituted marketing and not simply a service message, therefore breaching regulation 22 of the Privacy and Electronic Communications Regulations (PECR). Nuisance calls and spam texts and emails can be reported via the ICO’s website or by calling 0303 123 1113 with as much detail as possible. Mobile phone users can also report spam texts by forwarding the message to 7726.

What you need to know about the Facebook BFF hacking hoax

A Facebook hoax is claiming typing three letters can show if your account is safe from hackers. The BFF claim has been floating around the site since March and has popped up again since Facebook CEO Mark Zuckerberg faced US Congress for the first time on Tuesday over the Cambridge Analytica data sharing scandal. Users are told that they can type BFF in a comment, and if it turns green, your account is secure. You might have seen a post doing the rounds which claims: “Mark Zuckerberg, CEO of Facebook, invented the word BFF,” it says. “To make sure your account is safe on Facebook, type BFF in a comment. If it appears green, your account is protected. If it does not appear in green, change your password immediately because it may be hacked by someone.” Snopes, that trusty debunker of internet myths and legends, has already labelled this a hoax. BFF is one of the words included in Facebook’s recent animation feature – type in common phrases such as congratulations and they will change colour and produce a brief animation. BFF turns green – but if it doesn’t that’s probably related to your browser settings and NOT your account security.

Great Western Railway Resets Passwords After Hackers Access Accounts

Hackers are said to have attempted to access the accounts around 1,000 Great Western Railway (GWR) customers. The company said it had identified a number of automated attempts to access the accounts of their website users over the past week. GWR says that customers' usernames and passwords had not been compromised and no bank details are stored on their servers. However, the firm has written to all those who had been affected - asking them to change their passwords. A spokesman for GWR said: “We have identified unauthorised automated attempts to access a small number of GWR.com accounts over the past week. While we were able to shut this activity down quickly and contact those affected, a small proportion of accounts were successfully accessed”. This kind of attack uses account details harvested from other areas of the web to try and catch out consumers with poor password habits. Sadly, it is the kind of attack that is experienced daily by businesses across the globe, and is a reminder of the importance of good password practice.


Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

 

Useful links

Cyber Pulse: Edition 1

Cyber Pulse: Edition 2

Cyber Pulse: Edition 3

Cyber Pulse: Edition 4

Cyber Pulse: Edition 5

Cyber Pulse: Edition 6

Cyber Pulse: Edition 7

Cyber Pulse: Edition 8

Cyber Pulse: Edition 9

 

Edited and compiled by

 

James Aguilan

James Aguilan

Cyber Security Trainer

James has worked on many high complexity eDiscovery Projects and Forensic Investigations involving civil litigation, arbitration and criminal investigations for large corporation and international law firms across UK, US, Europe and Asia. James has assisted on many notable projects involving: one of the largest acquisition and merger case of all time – a deal worth $85 billion, multijurisdictional money laundering matter for Government bodies, and national cyber threat crisis including the more recent ransomware, phishing campaigns, and network intrusion. James has comprehensive knowledge of the eDiscovery lifecycle and forensic investigation procedures in both practise and theory with deep focus and interest in Forensic Preservation and Collection and Incident Response. In addition, He holds a first class bachelor’s degree in Computer Forensics and is accredited as an ACE FTK certified examiner.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.