Posted on May 29, 2018 by staff

The cyber security briefing: Quick! Turn your router off!


People around the world have been told to turn their Wi-Fi routers off and back on again by the FBI to halt a botnet attack.

A dangerous piece of Russian malware labelled as VPNfilter has infiltrated hundreds of thousands of devices in more than 50 countries. Hackers can then control those devices, collect information about their internet activity or shut them down altogether.

The FBI said turning the routers off and on would fix the problem but also allow authorities to see where the problem has spread to.

Ukrainian state security claimed late last week that the Russian government was preparing an enormous cyber-attack around the Champions League final, which was hosted in its capital Kiev on Saturday.

Broadcasts from the match did not seem to be interrupted, although Liverpool keeper Loris Karius may have wished they were after his two huge blunders saw the Reds go down 3-1 to Real Madrid.

Are you using a rubbish password?

We’re all guilty of reusing passwords across accounts to a greater or lesser extent – but many of us are also picking inexplicably bad passwords to begin with.

A study by Virginia Tech University and Dashlane analysed 61 million leaked credentials which showed that ‘12345678’ and ‘password’ lead the way in an age of two-factor authentication and password managers.

‘1q2w3e4r’, formed by ‘password walking’ along the top of the keyboard, was a surprise inclusion in the top 10, which you can see below.

In more uplifting news, ‘Iloveyou’ made the top three.

  1. 12345678
  2. Password
  3. Iloveyou
  4. football
  5. princess
  6. baseball
  7. sunshine
  8. 1q2w3e4r
  9. superman
  10. linkedin

Keeping porn private

Now cast aside that feeling of worldwide romance with the news that Pornhub has launched a free VPN (virtual private network).

The pornographic video site said its VPNhub will provide users with privacy and security while browsing for and watching naughty videos through an encrypted connection.

The firm’s VP Corey Price said: “While browsing in incognito may keep users’ browsing history secret, the truth is they’re still susceptible to prying eyes, especially when browsing on unsecured public Wi-Fi networks… now they can do so without worry.”

Stir of Echoes

I was having a conversation with my wife over dinner last night when the Alexa living inside our Echo Show woke up and informed us that she couldn’t carry out our request. We swapped a glance and carried on chatting.

This seems to be happening more and more. A family in America revealed an extreme example last week: their Amazon device recorded and sent the audio recording of a conversation they had about hardwood floors to one of their contacts on a seemingly random basis.

Amazon said it was due to an “unlikely string of events”, begun when the device interpreted a word in the conversation as wake-word ‘Alexa’.

“Subsequent conversation was heard as a ‘send message’ request,” the company said in a statement. “At which point, Alexa said out loud ‘To whom?’ At which point, the background conversation was interpreted as a name in the customer’s contact list.”

It hasn’t stopped the family from unplugging the device after they felt their privacy was “invaded”.

‘Make cyber security fun or get hacked’

A cyber resilience expert believes that engaged employees transform a company’s greatest weakness into its best defence.

Nick Wilding, general manager of cyber resilience at AXELOS, says dull, annual ‘tick-box’ cyber security training is ineffective in changing behaviours.

He suggests that putting employees into the mind of a cyber attacker is the most effective way of reducing the risk of falling victim.

Insane in the AimBrain

A free platform is allowing SMEs to ditch passwords for biometrics.

AimBrain On Demand lets entrepreneurs, app developers and technical audiences swap PINS and passwords for more secure facial and voice technology.

AimBrain On Demand is free for life for small users or enterprise users wishing to try-before-they-buy, and as such is capped at 1,000 API calls a month.


German car maker BMW is known for the reliability and quality of its vehicles.

However its car computer systems were found to contain 14 separate flaws, according to Keen Lab, a cyber security division of Chinese tech giant Tencent.

Researchers said they compromised the cars by plugging in infected USB sticks as well as via through-the-air methods such as Bluetooth and the vehicles’ own 3G/4G data links.

These could in theory allow hackers to take partial control of affected vehicles. BMW is working on fixes.