Weekly cyber news

42 million fitness app users exposed after data breach 

As we are all adjusting to the new normal, many of us now use services that enable us to work out at home.  In March, 40GB worth of information has been reported to have been leaked belonging to users of Kinomap. 
Researchers at vpnMentor have discovered that Kinomap’s database was exposed online, resulting in 42 million user records from 80 countries across Europe, UK and the US were viewable for over a month.  
Had malicious actors discovered the vulnerability, they could have taken over accounts or executed a variety of cyber-attacks. More information about this breach can be found at IT Pro

Critical vulnerability in Chrome 

New high-rated security vulnerabilities have been discovered in the Chrome browser, that could put billions of users at risk. Google has issued an urgent warning after Zhe Jin from Qihoo 360, a Chinese internet security company discovered the vulnerabilities.  
The exact details have not been disclosed, however, “CVE-2020-6457” is said to be of the use-after-free variety, which means that malicious actors could take advantage of freed memory on the system by executing remote code. Users of major operating systems, including Windows, Mac and Linux are all at risk. 
To date, there has been no indication of the vulnerabilities being compromised and Google promised that security fixing will take place “over the next coming days and weeks”. 
The Google notice is available for further information. Also, to ensure you stay secure, keep your software and apps up to date. 

UK electricity systems under cyber attack 

Elexon, the electricity system’s administrator has confirmed that IT infrastructure running the electricity market was attacked on Thursday afternoon. 
Elexon plays a crucial role overseeing the payments in the energy market that exists between UK power station operators and the electricity suppliers that provide electricity to consumers and businesses. As the result of this attack the lights across the UK did not go off, however, Elexon’s internal IT systems and laptops were affected. 
Further investigations are being carried out. More information on this matter can be found on The Guardian

 
BlueScope Steel hit by ransomware attack  
BlueScope Steel is facing disruptions after their production systems were forced to halt company-wide on Thursday morning. This is believed to be due to a ransomware attack.  
Tania Archibald, BlueScope’s chief financial officer said the company has reverted to manual operations and operations such as steel dispatches were continuing as normal. 
Alastair MacGibbon, cyber security expert from CyberCX stated that this attack is likely to be the result of phishing emails. Malicious actors use ransomware attacks for financial gain and to disrupt or shut down company operations.  
More information on this can be found at IT News