Apple Affected by Major Flaws in Computer Chips

Apple Affected by Major Flaws in Computer Chips
Apple has said that all iPhones, iPads and Mac computers are affected by two major flaws in computer chips. It emerged this week that tech companies have been racing to fix the Meltdown and Spectre bugs, that could allow hackers to steal data.

Billions of PCs, smartphones and tablets around the world are affected – Apple has now confirmed its products are too.

The firm has released some patches to mitigate the Meltdown flaw. It said there was no evidence that either vulnerability had been exploited yet, but advised downloading software only from trusted sources to avoid “malicious” apps.

Mac users have often believed that their devices and operating systems are less vulnerable to security issues than, for example Android phones or computers running Microsoft systems.

Winter Olympics Targeted by Hackers

Winter Olympics Targeted by Hackers
Hackers have attempted to steal sensitive data from groups involved with next month’s Winter Olympics, cyber-security firm McAfee said. The report found malware-infected emails were sent last month to organisations linked to the Pyeongchang Games. It did not identify those responsible, but said more attacks tied to the upcoming Olympics were likely. In similar past attacks, hackers tried to obtain passwords and financial data.

McAfee said a number of groups associated with the Olympics had received malicious emails – including several affiliated with ice hockey.

“The majority of these organisations had some association with the Olympics, either in providing infrastructure or in a supporting role,” the security firm said.

“The attackers appear to be casting a wide net with this campaign.”

The emails were sent from a Singapore IP address and told readers to open a text document in Korean.

McAfee said the hackers were trying to trick recipients into believing the emails had come from South Korea’s National Counter-Terrorism Centre – which at the time was in the process of conducting anti-terror drills in the region.

In some cases the hackers used a technique in known as steganography which hides malware in text and images.

McAfee echoed recent warnings from University of California researchers to expect more cyber-attacks targeting major sporting events. “With the upcoming Olympics, we expect to see an increase in cyber attacks using Olympics-related themes,” the security firm said.

It comes as Pyongyang prepares to hold official talks with South Korea for the first time in more than two years.

North Korea accepted an offer to attend the meeting on 9 January that will focus on finding a way for its athletes to attend the Games.

Disability Plan to Help a Million into Work

Disability Plan to Help a Million into Work
The BBC are reporting that the government plans to get one million more disabled people in work over the next 10 years have been set out by the government. Ministers say the new strategy will help those with disabilities keep their jobs and progress in their careers.

The new measures include widening the number of people who can issue fitness-to-work notices and additional training for mental health professionals. Labour’s Debbie Abrahams said benefit cuts had already pushed more disabled people towards poverty.

The pledge comes after ONS figures from June 2017 suggested that disabled people were twice as likely to be unemployed as non-disabled people. About 80% of non-disabled people are in work compared with just under 50% of disabled people.

Prime Minister Theresa May said a person’s life and career “should not be dictated by their disability or health condition”.

“Everyone deserves the chance to find a job that’s right for them,” she added. “I am committed to tackling the injustices facing disabled people who want to work, so that everyone can go as far as their talents will take them.”

The government says in the past four years 600,000 disabled people have found work. However, the disability charity Scope says progress is too slow. The new strategy includes:

  • Measures to provide access to personalised support for those with mental health issue
  • Extending “fit note” certification – which details how a condition affects someone’s ability to work – beyond GPs to a wider group of healthcare professionals, including physiotherapists, psychiatrists and senior nurses
  • Reform statutory sick pay

The 10-year plan builds on a green paper published last year which pledged to halve the so-called disability employment gap. The government hopes the changes to the fit note system will improve the identification of health conditions and treatments to help workers get back to work quickly.

But some disability activists say the problem lies in employers’ attitudes. Mik Scarlet, an inclusion specialist, says he chose to be self-employed after some “disastrous attempts” at getting work.

“Employers have little idea of how beneficial disabled employees can be to a workforce,” he said. “They also don’t understand that creating flexible inclusive work systems improves the working environment for all.”

BBC disability correspondent Nikki Fox said it was not the first time the government had pledged to get more disabled people into work. However, she said “the employment gap between disabled and non-disabled people has not significantly changed for some years”.

Labour’s shadow work and pensions secretary, Ms Abrahams, warned the government’s plans “hinted at” further cuts. “The Tories’ cuts to social security support are pushing more and more disabled people into poverty,” she said.

“The Tories have already hit disabled people who are not fit for work but who may be in the future in the work related activity group. “I hope they are not going to now target the most disabled people in the support group, as their green paper hinted at.”

Pound Rises on Hopes of Brexit Progress

Pound Rises on Hopes of Brexit Progress
The value of the pound continued to climb on Thursday as hopes rose of progress in the Brexit negotiations. Sterling hit a two-month dollar high on Wednesday on reports the UK had offered to pay up to €50bn to settle its EU “divorce bill”.

The Times also reported on Thursday that the UK was close to a deal concerning the border with Northern Ireland and the Republic of Ireland.

The pound was up more than half a cent against the dollar at $1.3467. Against the euro, sterling also rose 0.4% to €1.1363. On the stock market, the benchmark FTSE 100 share index was down 25.06 points at 7,368.50.

Shares in Aviva rose 2.6% after the insurer increased its targets for growth and dividend payouts.

Outside the FTSE 100, shares in the owner of the Daily Mail newspaper – Daily Mail and General Trust – plunged by a quarter after the publisher reported a full-year loss and gave a downbeat outlook for next year.

The company reported a loss of £112m after writing down the value of some of its businesses by more than £200m, and added that expected earnings in the short-term to be “adversely affected by recent disposals and challenging conditions in some of our sectors”.

Pub operator Marston’s saw its shares jump nearly 10% after it reported a rise in full-year profits and said it was “well positioned” for growth next year.

But results from rival Greene King fell flat by contrast. Its shares dropped 2.8% after the brewer and pub owner reported an 8% fall in half-year profits and said trading conditions were likely to “toughen” in the next few years.

Google Faces Mass Legal Action in UK

Google Faces Mass Legal Action in UK
Google is being taken to court, accused of collecting the personal data of millions of users, in the first mass legal action of its kind in the UK. It focuses on allegations that Google unlawfully harvested information from 5.4 million UK users by bypassing privacy settings on their iPhones.

The group taking action – Google You Owe Us – is led by ex-Which director Richard Lloyd. He estimates the users could get as much as “several hundred pounds each”.

The case centres on how Google used cookies – small pieces of computer text that are used to collect information from devices in order to deliver targeted ads. The complaint is that for several months in 2011 and 2012 Google placed ad-tracking cookies on the devices of Safari users which is set by default to block such cookies.

The Safari workaround, as it became known, affected a variety of devices but the UK case will focus on iPhone users.

Mr Lloyd said: “In all my years speaking up for consumers, I’ve rarely seen such a massive abuse of trust where so many people have no way to seek redress on their own.” He added: “Through this action, we will send a strong message to Google and other tech giants in Silicon Valley that we’re not afraid to fight back.”

Mr Lloyd said Google had told him that he must “come to California” if he wanted to pursue legal action against the firm. “It is disappointing that they are trying to hide behind procedural and jurisdictional issues rather than being held to account for their actions,” he said.

Google told the BBC: “This is not new – we have defended similar cases before. We don’t believe it has any merit and we will contest it.”

Those affected do not have to pay any legal fees or contact any lawyers as they will automatically be part of the claim, unless they wish to opt out.

The case is being supported by law firm Mishcon de Reya, which specialises in large-scale litigation.

Although there is no precedent for such a mass legal action in the UK, there is in the US. Google agreed to pay a record $22.5m (£16.8m) in a case brought by the US Federal Trade Commission (FTC) on the same issue in 2012. The firm also settled out of court with a small number of British consumers.

The case will be heard in the High Court, likely in spring 2018.

Ethical Hackers to Boost NHS Cyber Defences

Ethical Hackers to Boost NHS Cyber Defences
The NHS is spending £20m to set up a security operations centre that will oversee the health service’s digital defences. It will employ “ethical hackers” to look for weaknesses in health computer networks, not just react to breaches.

Such hackers use the same tactics seen in cyber-attacks to help organisations spot weak points.

In May, one-third of UK health trusts were hit by the WannaCry worm, which demanded cash to unlock infected PCs.

In a statement, Dan Taylor, head of the data security centre at NHS Digital, said the centre would create and run a “near-real-time monitoring and alerting service that covers the whole health and care system”.

The centre would also help the NHS improve its “ability to anticipate future vulnerabilities while supporting health and care in remediating current known threats”, he said. And operations centre guidance would complement the existing teams the NHS used to defend itself against cyber-threats.

NHS Digital, the IT arm of the health service, has issued an invitation to tender to find a partner to help run the project and advise it about the mix of expertise it required.

Kevin Beaumont, a security vulnerability manager, welcomed the plan to set up the centre. “This is a really positive move,” he told the BBC.

Many private sector organisations already have similar central teams that use threat intelligence and analysis to keep networks secure.

“Having a function like this is essential in modern-day organisations,” Mr Beaumont said. “In an event like WannaCry, the centre could help hospitals know where they are getting infected from in real time, which was a big issue at the time, organisations were unsure how they were being infected”.

In October, the UK’s National Audit Office said NHS trusts had been caught out by the WannaCry worm because they had failed to follow recommended cyber-security policies. The NAO report said NHS trusts had not acted on critical alerts from NHS Digital or on warnings from 2014 that had urged users to patch or migrate away from vulnerable older software.

Imgur Confirms 1.7 Million Users Hit by Data Breach

Imgur Confirms 1.7 Million Users Hit by Data Breach
Image-sharing website Imgur has confirmed that the emails and passwords of 1.7 million users were compromised in 2014. The data breach has only recently come to light after being discovered by security researcher Troy Hunt. Mr Hunt said he was impressed with the company’s swift response.

Imgur said in a statement that no other personal data had been taken as it did not collect information such as real names and phone numbers. “We apologise that this breach occurred and the inconvenience it has caused you,” wrote Roy Sehgal, Imgur’s chief operating officer, in a blog post.

Mr Sehgal said Imgur was “still investigating” but its former encryption method – a hashing algorithm – may have been “cracked with brute force”. That algorithm had been replaced in 2016, he added.

“We recommend that you use a different combination of email and password for every site and application,” he wrote. “Please always use strong passwords and update them frequently.”

Troy Hunt tweeted that Imgur had released a statement 25 hours after he had contacted the company. “This is really where we’re at now: people recognise that data breaches are the new normal and they’re judging organisations not on the fact that they’ve had one but on how they’ve handled it when it’s happened,” he wrote.

This month it was revealed that ride-hailing app Uber had concealed a 2016 data breach affecting 57 million users and drivers. It also admitted to paying the hackers $100,000 (£75,000) to delete the stolen data. “None of this should have happened,” said chief executive Dara Khosrowshahi.

Citizens Advice Warns about Subscription Contracts

Citizens Advice Warns about Subscription Contracts
Many consumers still struggle to get out of unwanted subscriptions such as gym memberships and online streaming services, according to Citizens Advice. Analysis of almost 600 problems reported to the service found that in just three months consumers paid an average of £160 on unwanted services. Sometimes, consumers misunderstood terms and conditions, while some companies made cancellation difficult.

The head of the consumer group, Gillian Guy, said firms must “act responsibly. Subscriptions are very easy to sign up to but can be difficult for consumers to get out of. We know people are wasting time and energy trying to cancel subscriptions while paying out of pocket,” she said.

Companies refused cancellations by asking for more notice – stretching to six months in some cases – or told people they needed to cancel through a specific route, such as phone or email.

CA said one person who contacted the service said they tried to cancel a subscription after they were made redundant, and were asked for proof from their employer – including a P45. Most payments are thought to be through a Continuous Payment Authority, where companies can change the date or amount of a payment without giving advance notice.

Frequently, consumers said they felt it was unclear they were being signed up to a recurring payment or that the contract may continue on an auto renewal basis. Under the Consumer Rights Act 2015, businesses can’t enforce terms on consumers that are unfair.

Google & Website Security

Google & Website Security
Because of website hacking and personal data theft in recent years, most Internet users are aware that their sensitive information is at risk every time they surf the web. And yet, although the personal data of their visitors and customers is at risk, many businesses still aren’t making website security a priority. Enter Google.

The folks over at Google are known for paving the way for Internet behaviour. Last month, they took a monumental step forward in helping protect people from getting their personal data hacked. The update they released to their popular Chrome browser now warns users if a website is not secure – right inside that user’s browser. While this change is meant to help protect users’ personal data, it’s also a big kick in the pants for businesses to get moving on making their websites more secure.

Google’s Chrome update
On October 17, 2017, Google’s latest Chrome update (version 62) began flagging websites and webpages that contain a form but don’t have a basic security feature called SSL. SSL, which stands for “Secure Sockets Layer,” is the standard technology that ensures all the data that passes between a web server and a browser – passwords, credit card information, and other personal data – stays private and ensures protection against hackers. In Chrome, sites lacking SSL are now marked with the warning “Not Secure” in eye-catching red, right inside the URL bar!

What’s the impact on businesses?
Because Chrome has 47% of market share, this change is likely noticed by millions of people using Chrome. And get this: 82% of respondents to a recent consumer survey said they would leave a site that is not secure, according to HubSpot Research.

In other words, if your business’ website isn’t secured with SSL, then more than 8 out of 10 Chrome users said they would leave your website.

What’s more, Google has publically stated that SSL is now a ranking signal in Google’s search algorithm. This means that a website with SSL enabled may outrank another site without SSL.

Cash Converters Reveals Customer Data Breach

Cash Converters Reveals Customer Data Breach
High Street pawnbroker Cash Converters has warned customers about a data breach on its website. The company said customer usernames, passwords and addresses had potentially been accessed by a third party. The data breach exposed accounts on the company’s old UK website, which was replaced in September 2017.

The company told the BBC it was taking the breach “extremely seriously” and had reported it to the information commissioner.

Cash Converters lets people trade in items such as jewellery and electronics for cash, and then sells the items on to others. It operates an online store that lets people buy items traded in at Cash Converters shops around the UK.

The online store was relaunched in September 2017, and the data breach affected only people with an account on the old website.

Cash Converters said no credit card information had been breached, and people who visited its stores but did not use the website had not been affected. “Our customers truly are at the heart of everything we do, and we are disappointed that they may have been affected,” the company said in a statement. “We apologise for this situation and are taking immediate action to address it.”