Copy
Twitter's algorithm favours right-leaning politics, research finds

The social-media giant said it made the discovery while exploring how its algorithm recommends political content to users. But it admitted it did not know why, saying that was a "more difficult question to answer". Twitter has previously faced claims of anti-conservative bias on its platform. Twitter's study examined tweets from political parties and users sharing content from news outlets in seven countries around the world: Canada, France, Germany, Japan, Spain, the UK, and the US.
Watch Out: ‘Squid Game’ Malware Hits Google Play As Hundreds Of Unofficial Apps Flood Store

Developers have already managed to get malware masquerading as a Squid Game phone wallpaper app onto Google Play as hundreds of unofficial apps have hit the Android app store.
The malicious app, which was downloaded at least 5,000 times before Google caught it and threw it out of Play, was discovered by an Android security researcher using the handle @ReBensk and was subsequently analyzed by ESET Android malware researcher Lukas Stefanko.
Three more UK universities recognised by the National Cyber Security Centre (NCSC)

Three universities have been recognised by the UK’s leading cyber experts for showing their commitment to delivering first-rate cyber security education on campus and beyond. The successful institutions are the latest to be named Academic Centres of Excellence in Cyber Security Education (ACEs-CSE) by the National Cyber Security Centre (NCSC) – a part of GCHQ. De Montfort University and Royal Holloway, University of London, have both attained Gold recognition for their approach to promoting cyber security excellence, and Kingston University London is the latest institution to receive a Silver award.

Here at West Midlands RCCU the focus this week in Cyber Security Month has been the financial/ banking side of cyber security. This week we will discuss ways we can keep our financial and banking data safe and secure from attackers who may wish to acquire such data for their own use and prevent this data falling into malicious hands.
One of the main methods used by scammers to acquire this data is phishing attacks. A phishing attack is type of social engineering attack which has the attacker pose as a trusted organisation (in this case a bank) and send out thousands of emails to members of this bank. The idea being the user will believe the email that is sent is actually the trusted entity and will fill in the email/ click on links to malicious websites etc.
Specifically for this example a scammer may send an email disguised as a bank email which may ask the user to login to their bank account. If the user falls for this then they will have inadvertently given their banking details over to the scammer who can now access their account, take money out, transfer money to other accounts etc.
Red flags to watch for to see phishing emails:

  • The email looks like it’s from a company you may know and trust:  HSBC / Santander etc.
  • The email says your account is on hold because of a billing problem.
  • The email has a generic greeting, “Hi Dear.” If you have an account with the business, it probably wouldn’t use a generic greeting like this.
  • The email invites you to click on a link to update your payment details.

While, at a glance, the email might look real, it’s not. The scammers who send emails like this one do not have anything to do with the companies they pretend to be.
If you’ve been tricked into providing your banking details, contact your bank and let them know.
If you think your account has already been hacked (you may have received messages sent from your account that you don't recognise, or you may have been locked out of your account), refer to our guidance on recovering a hacked account.
If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk

Further information can be found on the NCSC Website.

Microsoft is force installing PC Health Check in Windows 10

Microsoft has begun force installing the PC Health Check application on Windows 10 devices using a new KB5005463 update. PC Health Check is a new diagnostics tool created by Microsoft and released in conjunction with Windows 11 that provides various troubleshooting and maintenance features. However, its primary use has been to analyse a device's hardware to check if it's compatible with Windows 11.
Its Windows XP's 20th birthday and way too many still use it

​Today is the 20th anniversary of Windows XP, and although the operating system reached the end of support in 2014, way too many people continue to use the insecure version of Windows. The continued use of Windows XP is a testament to its success, but also raises concerns about its lack of security as cyberattacks and ransomware are a constantly evolving threat that pose a great risk to organizations, especially if XP devices power critical systems.
Polygon pays out record $2 million bug bounty reward for critical vulnerability

The blockchain technology company Polygon has paid out $2 million in a bug bounty, for a ‘double spend’ vulnerability that could have caused them serious issues. The flaw was discovered by Gerhard Wagner, who found that using this would allow an attacker to double the amount of cryptocurrency they withdraw up to 233 times. This could have allowed a malicious actor who has deposited just $4,500 to withdraw $1 million – and an attacker with $3.8 million could exploit the flaw to acquire up to $850 million.
Millions of Android Users Scammed in SMS Fraud Driven by TikTok Ads

Threat actors are using malicious Android apps to scam users into signing up for a bogus premium SMS subscription service, which results in big charges accruing on their phone bills. These fake apps are advertised on TikTok and cover a wide range of categories including custom keyboards, QR code scanners and scam call blockers. As soon as the apps are downloaded the users are prompted to enter their details, which then subscribes them to a premium SMS service, charging the user.
What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch

UK Education and Childcare Sector Alert and Resources

The National Cyber Security Centre has released the following guidance to schools - Cyber Security for Schools.  This page houses free resources for everyone working with schools. The education sector has recently been affected by a number of cyber incidents. 

Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals

Support for UK education sector after growth in cyber attacks

New NCSC guidance aimed at the UK Early Years education and Childcare sector
The new guidance, produced in association with key stakeholders in the Early Years sector, will help organisations protect the growing amounts of sensitive information held on children and their families, from both accidental damage or from online criminals.

Keeping children safe in education 2021

Please get in touch with us if you'd like to know more about the free education sector cyber protection support services we provide. 

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.
https://cyberthreatweekly.buzzsprout.com/
The West Midlands Regional Cyber Crime Unit will be taking part in this years Cyber Fringe Festival on the 23-27th November 2021. Get your free delegate pass today!

On the fringe of Cyber & Security: 5 days of Strategic, Operational and Technical sessions, covering: Cyber industry, Defence & Emergency services, Diversity, Government, Acceleration, and Skills.
 

 

The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Facebook
Twitter
Website
Spotify
YouTube
Apple Podcast
LinkedIn
Facebook
Twitter
Link
Website
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp