Top IT security stories in 2018

The computer security world started the year off at a sprint when security researchers disclosed details about processor-level vulnerabilities they dubbed Meltdown and Spectre.

Later in South Africa, Liberty became the victim of a data breach and extortion attempt in 2018, which dominated headlines.

Here are the top security stories of 2018.


Facebook and Cambridge Analytica

Cambridge University academic Aleksandr Kogan developed an online personality test as a Facebook app called “YourDigitalLife”.

The app allowed Cambridge Analytica to collect data on Facebook users who took the test.

Facebook confirmed that 80 million users were affected, including 96,121 people in South Africa.

Facebook Logo


Allegations that China infiltrated Supermicro

Bloomberg reported that China had developed a chip it implanted on Supermicro motherboards used in Amazon, Apple, and US Department of Defence servers.

Security experts have questioned the accuracy of the report, and Supermicro stated that an independent test found no malicious hardware in its motherboards.

Apple, Amazon, and Supermicro denied the story.

microchip in hand


Spectre and Meltdown

Google Project Zero researcher Jann Horn identified three types of attacks on CPUs which other researchers classified into two types of attacks – Meltdown and Spectre.

At the start of December, researchers released information on a new variation of the Spectre vulnerability which they said was easier to exploit. It was called SplitSpectre.

Meltdown and spectre


More data leaks

While the Facebook/Cambridge Analytica scandal dominated headlines for months, there were several other significant data leaks in 2018:


Liberty hacked and extorted

Financial services provider Liberty informed clients in June that it had been hit by hackers who were demanding payment for their “services.”

Subsequent reports revealed that the attackers were demanding millions under the threat that they would release sensitive client data unless they were paid.

Liberty later confirmed that an email server had been compromised and that the attackers were trying to extort the company.

Malicious email hack


Amazon and Google crack down on domain fronting

For nearly two years, messaging app Signal beat censors in Egypt, Qatar, and the UAE through a technique known as domain fronting.

Telegram has used a similar approach to ensure its app remains accessible in Russia, despite the regulator’s shotgun approach to block it.

Google and Amazon said they never intended for domain fronting to be possible on their platforms.

Censorship lips sealed zip


South African developer finds Pizza Hut security flaw

South African developer Lionel Chetty discovered a security flaw in Pizza Hut’s website which allowed users to view the information of clients who used it to place an order.

The flaw allowed an attacker to get a list of order numbers, then retrieve the information relating to that order – such as the client’s name, delivery address, and contact information.

Pizza


China reportedly hijacking Internet traffic

Researchers at the US Naval War College and Tel Aviv University found evidence to suggest that China Telecom is using Border Gateway Protocol (BGP) to hijack Internet traffic and route it through computers under its control.

The BGP hijacking conducted by China Telecom involved traffic to a “large Anglo-American bank headquarters” in Italy from the United States, as well as traffic from Canada to Korean government sites.

Africa internet connectivity


Now read: Biggest South African tech stories of 2018

Latest news

Partner Content

Show comments

Recommended

Share this article
Top IT security stories in 2018