Copy
Revamped cyber guide will help small businesses work securely online
The NCSC Small Business Guide has been revamped for 2020 as well as the response and recovery guidance.
https://www.ncsc.gov.uk/news/revamped-small-business-guide
 
NHS COVID-19 app: improving its security posture
Stuart H explains security improvements within the NHS COVID-19 app since its launch
https://www.ncsc.gov.uk/blog-post/nhs-covid-19-app-improving-its-security-posture
 
UK found flaw of 'national significance' in Huawei tech
Chinese networking company Huawei’s software engineering and cyber-security practices have been criticised in Huawei Cyber Security Evaluation Centre (HCSEC) annual report set up by the UK government and Huawei. The report states the flaw is of ‘national significance’ though these findings referred to basic engineering competence and cyber-security hygiene and not flaws intentionally introduced.  - https://zd.net/2GGxN0o

HMRC urges universities to warn new students of tax scams danger
HMRC has written to universities, through Universities UK, asking them to help ensure their students know how to spot a scam. - https://www.actionfraud.police.uk/news/hmrc-urges-universities-to-warn-new-students-of-tax-scams-danger

Blackbaud: Bank details and passwords at risk in giant charities hack
Blackbaud is a cloud providing software used by many UK universities, charities and organisations. Bank information, passwords and other personal information are feared to have been breached in latest attack by hackers. The University of Birmingham and the national trust are among some organisations believed to have been impacted. - https://bbc.in/2F0KqCM

This Windows 7 ‘Upgrade’ Steals Passwords—How To Really Get Windows 10 For Free
Cyber criminals have been using convincing password-stealing scam disguised as a free upgrade for Windows 7 users. - https://bit.ly/2SAyFGk

COVID-19 Clinical Trials Slowed After Ransomware Attack
The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest a nation-state actor could be behind the incident. - https://bit.ly/3izzE45

Years-Long ‘SilentFade’ Attack Drained Facebook Victims of $4M Facebook detailed an ad-fraud cyberattack that’s been ongoing since 2016, stealing Facebook credentials and browser cookies. - https://bit.ly/3nrgTnm
Social Engineering
Social engineering is a term use to define malicious activities achieved through the manipulation of individuals. Social engineering attacks revolve around human interaction, in a cyber sense this may look like a criminal posing as trusted source, for example a IT support worker or banker, to manipulate the victim into giving out sensitive information.

What do Social Engineering Attacks Look Like?
  • Baiting – where an attacker ‘baits’ the victim to pique their interest, encouraging them to carry out an action. This could be a link to view or download something on a website or email that will then infect your device, or even in the form of a physical USB stick infected with malware placed on someone’s desk.
  • Phishing – a well-known and common attack where individuals are contacted, usually via email with malicious links, in order to gain personal and sensitive information.
  • Voice Soliciting – also known as ‘vishing’ is a form of attack that attempts to trick victims into giving up sensitive information over the phone, these calls can contain high-tech elements to make them appear more credible including the knowledge of your personal details harvested during a prior cyber-attack and caller ID spoofing.  Smishing is when fraudsters obtain personal details of a victim by SMS text messages.
  • An email from a friend – similar to phishing but the email originates from a known source. We tend to trust emails from friends and colleagues, some criminals will use this to their advantage by hacking email accounts and spamming their contact list with seemingly harmless emails that, in fact, contain malware or malicious links.
  • Pretexting – when an attacker creates false narrative as a means of compelling the victim to provide sensitive data. For example, an email received stating that information is needed to confirm your identity or to transfer you money.
  • Quid pro quo – scams that involve an exchange. The victim might hand over the login credentials to their computer, under the impression that they’re receiving IT support in return when in actual fact they are giving the attacker the ability to access they device and steal personal data.
Cyber Safety Tips
  •  Consider the source. Don’t give strangers the benefit of the doubt, even question emails received from someone you think you can trust if they seem suspicious or out of character, reach out the individual directly to ensure that the message did in fact come from them before taking any action.
  • Never open links, give out any information or download anything unless you are certain that the source is credible.
  • Lock you devices if you are leaving them unattended, even if at a workstation or at home.
  • Utilise anti-virus software and keep it up to date, having the latest versions of these software’s on will help ensure you devices are prepared for the most recent security threats.
NCSC Weekly Threat Report - https://bit.ly/2SBC7Au
  • QNAP issues new ransomware warning to network-attached storage device users
  • Cloud Security: The way forward?
  • Vulnerabilities Affecting MobileIron Products
Phishing pages leverage CAPTCHAs to fool users, evade detection
Cybercriminals have been targeting the hospitality industry with phishing pages featuring CAPTCHA’s as a means to avoid detection and provide victim with a false sense of security.
https://bit.ly/3itW0E9

HP Offering Big Rewards for Cartridge Vulnerabilities
HP has announced that it has extended its bug bounty program, inviting several white hat hackers to find vulnerabilities in its office-class ink and toner cartridges. The company has invested around $200,000 into this initiative and it’s willing to award an extra $10,000 for each vulnerability found, in addition to the researchers’ base fee. - https://bit.ly/2Gp1Idq

Insurance firm Ardonagh Group disabled 200 admin accounts as ransomware infection took hold
https://bit.ly/2SzxLKi
What can we offer you?
Get in Touch

The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.

www.wmcrc.co.uk

Our lives are relying on technology more every day. Join us each Monday for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.
https://cyberthreatweekly.buzzsprout.com/

Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Facebook
Twitter
Website
Spotify
YouTube
Apple Podcast
LinkedIn
Facebook
Twitter
Link
Website
Copyright © 2020 West Midlands Regional Cyber Crime Unit, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp