The computer security world started the year off at a sprint when security researchers disclosed details about processor-level vulnerabilities they dubbed Meltdown and Spectre.
Later in South Africa, Liberty became the victim of a data breach and extortion attempt in 2018, which dominated headlines.
Here are the top security stories of 2018.
Cambridge University academic Aleksandr Kogan developed an online personality test as a Facebook app called “YourDigitalLife”.
The app allowed Cambridge Analytica to collect data on Facebook users who took the test.
Facebook confirmed that 80 million users were affected, including 96,121 people in South Africa.
Bloomberg reported that China had developed a chip it implanted on Supermicro motherboards used in Amazon, Apple, and US Department of Defence servers.
Security experts have questioned the accuracy of the report, and Supermicro stated that an independent test found no malicious hardware in its motherboards.
Apple, Amazon, and Supermicro denied the story.
Google Project Zero researcher Jann Horn identified three types of attacks on CPUs which other researchers classified into two types of attacks – Meltdown and Spectre.
At the start of December, researchers released information on a new variation of the Spectre vulnerability which they said was easier to exploit. It was called SplitSpectre.
More data leaks
While the Facebook/Cambridge Analytica scandal dominated headlines for months, there were several other significant data leaks in 2018:
- Google+ data bug exposes info of 52.5 million users
- Massive data breach at Quora
- Amazon mistakenly leaks customer data
- Instagram security flaw exposed some users’ passwords
- 9.4 million customers affected by Cathay Pacific security breach
- Hackers accessed intimate information of 14 million Facebook users
- 126 million unique e-mail addresses exposed by Apollo data leak
Financial services provider Liberty informed clients in June that it had been hit by hackers who were demanding payment for their “services.”
Subsequent reports revealed that the attackers were demanding millions under the threat that they would release sensitive client data unless they were paid.
Liberty later confirmed that an email server had been compromised and that the attackers were trying to extort the company.
For nearly two years, messaging app Signal beat censors in Egypt, Qatar, and the UAE through a technique known as domain fronting.
Telegram has used a similar approach to ensure its app remains accessible in Russia, despite the regulator’s shotgun approach to block it.
Google and Amazon said they never intended for domain fronting to be possible on their platforms.
South African developer Lionel Chetty discovered a security flaw in Pizza Hut’s website which allowed users to view the information of clients who used it to place an order.
The flaw allowed an attacker to get a list of order numbers, then retrieve the information relating to that order – such as the client’s name, delivery address, and contact information.
Researchers at the US Naval War College and Tel Aviv University found evidence to suggest that China Telecom is using Border Gateway Protocol (BGP) to hijack Internet traffic and route it through computers under its control.
The BGP hijacking conducted by China Telecom involved traffic to a “large Anglo-American bank headquarters” in Italy from the United States, as well as traffic from Canada to Korean government sites.