This post is a weekly cyber security news update for the 1st of August 2018. This post is part of the weekly news series on cybersecurity with content curated by the hackers & experts at Security Brigade.
New Gmail Feature Could Open More Users To Phishing Risks
Google is rolling out a sweeping redesign of its popular Gmail service. The redesign has a new feature called “Confidential Email” which requires users to click a link to access confidential emails. Google has essentially created an opportunity where malicious cyber actors could exploit this feature leading to a potential 1.4 billion users more susceptible to dangerous phishing attacks.
Worst Cyber Attack in Singapore’s Healthcare Industry Recorded
Singapore’s Prime Minister made an announcement that 1.5 million patient personal records, including his own personal data, have been stolen in a major cyber attack against SingHealth.
The data breach included the leakage of 160,000 prescription records, this can easily be dubbed as a record-breaking cyber attack against Singapore’s premier healthcare firm.
Google Chrome Is Calling Out Insecure Websites
The latest version of Google’s web browser, Chrome 68, is taking on one of the web’s basic but most important issues: encryption. Chrome is taking a stand against websites by marking those that don’t use HTTPS by default, as insecure.
“This is a really significant change in our default standards for security,” explains security researcher Scott Helme. “We’re now expecting it to be secure and if it is not we will tell the user.” What users see from Google isn’t going to be a radical change but if a website isn’t using HTTPS it will show a message next to the URL in the search bar saying “not secure”.
US-CERT Warns of ERP Application Hacking
Enterprise resource planning (ERP) applications from vendors such as Oracle and SAP are under attack and the critical data living inside them is vulnerable to both criminal and nation-state hackers. The three key steps an organization can take to reduce their attack exposure are to carefully review configurations for known vulnerabilities; change default passwords and require strong passwords for administrators and users, and try to reduce the exposure of ERP applications to the Internet.