Employees working from home see cybersecurity as a hinderance | Apple zero-click vulnerability | 61 million fitness tracker records breached | MOD data breach
Employees Working From Home See Cybersecurity As A Hinderance
Last week HP Wolf Security released a report in which employees and IT executives were surveyed online. It found that many of those who responded that were under the age of 24 view cybersecurity as a hinderance and have tried to bypass controls, which poses a threat to organisations. Almost half of the younger workers polled (48%) view cybersecurity as a hinderance, which lead to a third of them (31%) admitting to trying to bypass the security to do their work.
Other key findings in the report include how 48% of workers agreed that cybersecurity measures result in wasted time – this rises to 64% in the age group 18-24. Interestingly, 83% of IT executives think that working from home has created a ticking time bomb for a corporate breach. Lastly, 37% of office workers believe that security policies and technologies that are put in place are too restrictive.
Apple Zero-Click Vulnerability
At the end of last week and before the release of iOS 15, Apple released an emergency patch to fix a security vulnerability that would allow hackers to directly infect Apple devices without any action from the user. This vulnerability affects all major Apple devices such as iPhones, Macs, iPads, and Apple Watches.
Ivan Krstić, Apple security chief, said that these exploits “are not a threat to the overwhelming majority of our users”. Nevertheless, it is important that everyone spends a few moments to protect themselves by installing the newest available update.
61 Million Fitness Tracker Records Breached
A huge database has been leaked containing the records Apple HealthKit, Google FitBit, and several other well-known brands of fitness tracking products. More than 61 million people had their records included in this breach. This database was 16.7GB and was found unsecured. It was exposed to the internet without password protection.
Data contains names, height, weight, gender, location, and date of birth. The affected users are across the world. ComputerWeekly reports that while most owners of these devices would assume that no cyber-criminal would be interested in their daily step count, this information could be used to track the movements of someone who, for example, walks their dog at the same time every day and use that information to figure out when they are unlikely to be at home. It’s more likely that this intimate data could be used by malicious actors to target people who have set weight loss goals and send them phishing emails using diet or personal training plans as bait.
Echoing the previous story, it’s important to keep your devices up to date and be on the lookout for any suspicious activity following this breach.
MoD Data Breach
Finally, a data breach by the Ministry of Defence has ‘put lives at risk’ for more than 250 people in Afghanistan. An email was sent by the MoD to Afghan interpreters who worked for the British Forces and are looking to relocate to the UK.
The email was asking for an update on their situations, but accidentally copied in their email addresses, meaning that they were visible to all other recipients. Some of these emails contained profile pictures and contact details of these interpreters, many of whom are in hiding from the Taliban. An investigation has begun into this breach, and efforts are being made to safeguard those affected.