NCSC (National Cyber Security Centre) - Weekly Threat Report @ncsc #cybersecurity

Weekly Threat Report - 20th September 2019

Ecuador data breach affects millions

Ecuador suffered the biggest data breach in its history this week after the records of most of its population were exposed online. The leak, which was reported by ZDNet, occurred after a data analytics company had left a server exposed without a password. This then meant that anyone could access the data. The data included the personal information of 20.8m Ecuadorian citizens as well as financial and car ownership records.

The director of the company at fault has since been arrested by the Ecuadorian authorities, and at the request of the country’s President a planned new data privacy law has been brought forward. Reports of organisations suffering data leaks are sadly commonplace, although something on the scale of the Ecuador breach is unusual. The NCSC has previously provided advice around preventing data leaks, and particularly in relation to one specific service we’ve been asked about: Amazon Web Services (AWS).

LastPass patches recent credentials vulnerability

LastPass, a freemium password manager, has released an update to fix a vulnerability which would expose credentials previously entered on a previously visited website.

The fix in LastPass’s version 4.33.0 was released last week and users should update to this version as soon as possible. LastPass also highlighted that the bug only affects Chrome and Opera browser extensions in a blog post.

The bug itself relied on executing malicious JavaScript code with no user interaction needed. An attacker could potentially pull users to a malicious webpage and exploit the vulnerability to extract the credentials which users had used on a previously visited website.

Password managers help users to securely store their passwords, so you don’t have to remember them all. The NCSC has published advice which outlines the benefits of using a Password Manager and how to protect it. Users should also consider enabling automatic updates for password manager like LastPass. This is good practice for all apps and software you have installed on your devices.

Despite this recent vulnerability password managers remain a great way to securely store your password and users should not be put off from using an established application to manage their credentials.

National Cyber Security Centre Weekly Threat Reports

ASKET Cyber Security Resources