We bring you a brief summary of the top security stories that have been making news online around the world this week.
Fake Scotland Yard Ransomware
Police in the United Kingdom are warning people about a ransomware scam pretending to be a threatening message from Scotland Yard but is instead malware that holds the user’s PC to ransom.
The malware infects victims without their knowledge and, after freezing their computers, hits them with a message claiming to be from the Metropolitan Police’s Central e-crime Unit (PCeU). The warning accuses victims of visiting child pornography websites and other disturbing and illegal sites, and receiving emails containing “terrorist materials,” and says their IP address is now under official investigation.
The PCeU said it does not send messages like this demanding money and they should recognize that it’s a scheme and, if they’ve lost money, report the issue to their credit card company and to the police via a local non-emergency number.
TicketWeb issued a second warning this week following the weekend security breach by spammers supposedly offering an Adobe Acrobat upgrade.
The online ticket seller, who acknowledged the breach of their email database on 12 February, issued a statement advising customers not to click the link after they had received up to four emails with the subject ‘Action Required: Update Your PDF Application’.
The email claimed that the recipient’s version of Adobe Reader was out of date and offered a link where they could download the new version. However, the link in fact leads to a malicious site.
The Ticketmaster subsidiary assured customers that they had closed the vulnerability and that “none of your credit card information was vulnerable during this attack”.
TicketWeb added that they would be liaising with the Information Commissioner’s Office in relation to the security breach.
Dutch security breach
Dutch telecoms giant KPN has apologised for a security breach that forced it to suspend email access for two million of its customers in a measure to secure its systems.
The hack happened in January but the company’s hand was forced last week after the perpetrators of the offence posted details of 539 user accounts to an Internet site. Exactly where these accounts came from is still not clear, although KPN clearly believes it to be it’s customers.
Several Dutch sources claim the account details might not be from KPN’s user database but actually from a baby products website instead.
KPN has shut down email accounts for two million customers while the company attempts to get to the bottom of the breach. It has also advised customers to change their passwords as a precaution.
- Is this IT Security Breach “Stuff” really Happening? (blogs.avg.com)