Smart doorbells 'easy target for hackers' study finds

Popular smart doorbells have been found to contain major security flaws that put consumers and their homes at risk from hackers and cyber criminals. 
Watchdog tested 11 devices which were purchased from popular online marketplaces in the UK and found that common flaws included weak password policies and an overall lack of data encryption. Two of the devices tested had the potential to be used by criminals as an entry point into the home system where  network passwords could be stolen and used to hack other smart devices within the home.
Android Messenger App Still Leaking Photos and Videos

The Android app GO SMS Pro has been downloaded over 100 million times, in November a major security flaw was disclosed. Since then two new versions of the app have emerged, neither of which fixes the original issue leaving its many users at risk for privacy violations.

According to Trustwave SpiderLabs, the organisation who originally uncovered he security issues, the flaws can be exploited to expose private voicemails, videos messages and photos sent using the messaging app.
Zoom Impersonation Attacks Aim to Steal Credentials

A Zoom-themed phishing attack has been circulating via emails, text and social media messages. These phishing messages, equipped with convincing Zoom logos, inform recipients that they have missed a meeting or have had their account suspended. The victims are urged to click a link to reactivate their account or reschedule a meeting. Other variant of these attacks can be seen in the form of messages 'welcoming' users to the platform with a link to active their account.
These attacks are intended to steal login credentials, with this information cyber criminals could potentially access web conference calls, where sensitive files and data are shared, or to launch denial-of-service attack.
Winter Cyber Challenge

The NCA is running a Winter Cyber Challenge starting on the 1st of December and ending on the 31st.

This competition will give young people the opportunity to practice and expand their knowledge around important aspects of the cyber world including topics such as cryptography and firewall configuration complemented by questions about the Computer Misuse Act. There will be the opportunity to win prizes each week and those who have completed all challenges will be entered into a draw to win grand prizes. 

For more detail and information on how to join please visit:
Staying Safe Online over Christmas

Unfortunately, the festive season can be a treat for cyber criminals. While shoppers are blindsided by the thought of great deals and employees are mentally clocking out for the holidays cyber criminals can strike. Below are some top cyber tips that can help keep you safe over the festive season and into the New Year.
Online Shopping
  • When shopping online make sure the site is legitimate, you can check by carefully reading the URL playing close attention for misspellings, out of place numbers and full stops.  It is best practice to type in the site you want as rather than clicking on links from emails, texts or social media posts/adverts as these can be sites set up by scammers that look almost identical to the real thing.
  • When you are paying for goods make sure the sites URL begins with ‘https:’, the ‘s’ stands for secure. There should also be a padlock icon in the address bar, though it is important to note that just because a site has this ‘https:’ and is secure it can still be run by scammers so always ensure the site you use is authentic.
  • NEVER pay for goods via bank transfer to people or companies you do not know. If the exchange turns out to be a scam it is unlikely that your bank will be able to recover or refund your lost money.
  • As always, be vigilant of phishing attacks and avoid opening any links or unexpected email attachments.
New devices
  • Whether bought new from a shop or second-hand, if a device is new to you always ensure you protect your devices with a trusted and secure software.
  • Password protect all devices and ensure data is backed up to avoid losing important or sentimental files.
  • To avoid the risk of your device being infected with malware it is recommended that updates are installed as soon as they become available and operating systems are equipped with antivirus software. 
  • If you buy or receive a second hand device, it is good practice perform a factory reset. This will but the phone back to its original state, easing any data from the previous owner.

Downloading Apps
  • Only download apps and games from the official source for you device (i.e. Google Play, Microsoft Store or App Store) as apps from external sources may be malicious and could result in data being stolen, fraud or even identity theft.

Weekly Threat Report 4th December 2020
Ransomware disrupts Maryland students
Phishing attacks focus on online shoppers
Misconfigured Docker Servers Under Attack by Xanthe Malware

Researchers have discovered a new cryptomining botnet, dubbed Xanthe, that has been exploiting misconfigured Docker API's in order to infect Linux systems.
New telecoms security law to protect UK from cyber threats
Under a new law laid in parliament, telecommunications companies in the UK must adhere to stricter security rules or face fines of up to 10% of their turnover.
Digitally Signed Bandook Trojan Reemerges in Global Spy Campaign
A influx in targeted espionage campaigns have been utilising a strain of a 13 year old backdoor trojan called Bandook.
Alert: Multiple actors are attempting to exploit MobileIron vulnerability CVE 2020-15505
MobileIron remote code execution vulnerability is a target for APT nation state groups and cyber criminals to compromise the networks of UK organisations.
What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch
If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040 for 
 report and get advice about fraud or cyber crime

Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.

The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2020 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp