Top news stories this week
- Total recall. Microsoft delays new Recall feature after facing heavy criticism.
- Urgent appeal. NHS calls for O-type blood donations following cyber attack.
- Phone home. UK police arrest pair over illegal telephone mast used in smishing campaign.
- Video vandalism. Japanese online video platform Niconico down after cyber attack.
- Scrambled. Hackers steal source code from New York Times including data on viral Wordle game.
- Patch now. Nvidia releases fixes for critical vulnerabilities.
1. Microsoft delays new Recall feature after facing heavy criticism
The launch of Microsoft’s new AI-powered feature Recall, originally set for 18 June, will now be delayed amid intense backlash over privacy concerns. Recall is designed to take screenshots every few seconds and save them to a local database used to generate a searchable timeline. However, security experts have highlighted the dangers of this database being stolen by cyber criminals.
So What?
Organisations should assess the security implications of their products before release to avoid potential reputational damage.
[Researcher: David Broome]
2. NHS calls for O-type blood donations following cyber attack
The NHS has issued an urgent appeal for O-type blood donors following a ransomware attack on pathology system provider Synnovis. Hospitals and surgeries have reverted to using paper records, reducing the speed by which they can match patient blood groups. This has increased the demand for the O-type blood group as it can be used if a patient’s blood type is unknown.
So what?
Cyber attacks on healthcare organisations can have life-threatening consequences. Regularly testing your organisation’s readiness to prevent, detect, contain, and remediate attacks will help reduce their impact.
[Researcher: Anna Tankovics]
3. Two arrested in UK over illegal telephone mast used in smishing campaign
British police have arrested two individuals for allegedly using a homemade mobile antenna to send thousands of SMS phishing messages. The antenna enabled the pair to evade mobile network systems designed to block fraudulent text messages. Police confirmed it is the first time an illegal telephone mast has been used in a UK smishing campaign.
So what?
Criminals are continuously exploring innovative methods to circumvent security measures and deceive users into sharing confidential data.
[Researcher: Ineta Simkunaite]
4. Japanese video platform Niconico and parent company impacted by cyber incident
Japanese video-sharing website Niconico has temporarily suspended its services following a cyber attack. The attack has also affected Niconico’s parent company Kadokawa and its e-commerce site, Ebten.
So what?
Network segmentation can significantly reduce the impact of cyber attacks on large organisations with multiple subsidiaries.
[Researcher: Lawrence Copson]
5. Hackers steal data from New York Times’ GitHub including information on Wordle game
Hackers have stolen internal source code from the New York Times' GitHub repository, including data on its viral Wordle game. The publication confirmed that its data was leaked on an anonymous online message board after being stolen from the company's repository in January 2024.
SO WHAT?
Organisations should use automated tools to regularly review repositories, including GitHub, for exposed credentials and tokens.
[Researcher: Waithera Junghae]
6. Nvidia releases patches for recent vulnerabilities
Nvidia has discovered three high-severity vulnerabilities within its software. If exploited, a threat actor could carry out denial-of-service attacks, escalate their privileges and expose and tamper with data. The vulnerabilities were patched by Nvidia in their latest update.
So what?
Timely security updates are essential for promptly addressing software vulnerabilities.
[Researcher: Lena Krummeich]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
