CyNations’ Top Security News of the Week4 min read

ABTA Website hit by Cyber-Attack

The Association of British Travel Agents (ABTA) announced this week that a cyber-attack took place on the company website. The attack took place on 27th February 2017 and ABTA explained in a statement that they recently became aware unauthorised access to a web server supporting abta.com by an external attacker, it is believed to have affected around 43,000 individuals.

The infiltrator gained access to around 1000 files which may include personal identity information on customers of ABTA but is mostly email addresses and encrypted passwords. Members who have registered with an email address or who have filled out a form with contact details are the vast majority of the 43,000 who have been affected by the attack.

ABTA CEO, Mark Tanzer said:

“We recently became aware of unauthorized access to the web server supporting abta.com by an external infiltrator exploiting a vulnerability. The web server is managed for ABTA through a third party web developer and hosting company. The infiltrator exploited that vulnerability to access data provided by some customers of ABTA Members and by ABTA Members themselves via the website.

“We immediately notified the third-party suppliers of the abta.com website who immediately fixed the vulnerability. ABTA immediately engaged security risk consultants to assess the potential extent of the incident. Specialist technical consultants subsequently confirmed that the web server had been accessed.”
ABTA have advised anyone who has registered with abta.com to immediately change their password, and should also change their password for any other accounts or services that use the same password.

(Source: The Guardian)

WhatsApp & Telegram Vulnerability Allows Takeover for Millions of Accounts

A flaw in WhatsApp and Telegram allowed attackers to take complete control over users’ accounts. Victims personal and group conversations, contact lists, photos, videos and other shared content were accessed by the malicious attackers.

An analysis by Check Point stated that the vulnerability allows an attacker to send out malicious code to WhatsApp users’ which is hidden within an image. Once the users clicks on the image the attacker gains full access to the users’ account, which can then allow for more users to be infected with the malicious code via the victims contact list.

WhatsApp and Telegram use end to end encryption for all their messages to insure only end users can read the messages preventing them being read by someone who may intercept the message. This security measure meant that WhatsApp could not see the malicious being sent around, therefore they could not prevent it from being sent to users around the world.

Oded Vanunu, Head of Product Vulnerability Research, Check Point said:

“This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over,”

“By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user.”

Check Point disclosed this information to both the WhatsApp and Telegram Security Teams, after which both developed fixes for clients globally. Content is now validated before encryption occurs to prevent malicious content from being sent out to users. WhatsApp and Telegram are urging users to upgrade to the latest version to ensure they are protected against this vulnerability.

(Source: ZDNet)

Hackers Steal Personal Data from NHS Staff

Hackers gained access to information about thousands of NHS medical professionals by compromising the server of a private contractor.

Attackers managed to access a data server operated by Landauer, which contained names, dates of birth, radiation doses and National Insurance numbers of staff who work with X-Rays. Velindre NHS Trust in Cardiff operates radiation services for health boards across Wales through its Velindre Cancer Centre. They confirmed that 530 of its own staff have been affected by the attack and all those who have been affected were contacted. No patient information has been affected by this breach.

“Landauer has indicated that the breach was made on one of its UK servers, directly impacting on the Radiation Protection Service (RPS), a facility run through the Velindre Cancer Centre,” the Trust said.

“All those people affected by this incident are being kept updated with developments and supported with guidance and advice, as appropriate,” said a Velindre spokesperson.

The attack appeared to have happened in October 2016, but Velindre was only informed of the attack on January 2017 by Landauer and staff were informed in March.

(Source: BBC)