Millions at security risk from old routers, Which? warns

Which? has examined thirteen router models that internet service providers such as Sky, Virgin Media and EE, offer to their customers and discovered that over two thirds have vulnerabilities. Which? also estimated that around 6 million people could potentially possess a router that has not been updated since 2018 or earlier, meaning that some individuals would not have received significant security updates.
Peloton’s Leaky API Spilled Riders’ Private Data

Exercise equipment company Peloton Interactive has seen the private data of its customers leaked after they failed to fully rectify a vulnerability found by a penetration testing company. According to the security researcher who found the bug, Jan Masters, the vulnerability allowed almost anyone to make unauthenticated requests for Peloton account data to the API with the API failing to validate their right to the data.

Exposed details included data from private profiles, gender, age, location, work-out history and even whether or not clients were in their work out studio.

Half of Britain’s manufacturers have been the victim of cyber-attacks in last 12 months

With the majority of workers shifting to remote working during the Covid pandemic, 50% of manufacturers in Britain have fallen victim to cyber crime during the last year. A quarter of organisations hit by a cyber-attack report loosing £25,000 per cyber breach with 6% suffering losses of over £100,000.

Google Dorking

Google dorking, also known as Google hacking, is an unusual technique used by hackers that utilises Googles advanced search option to uncover significant information that companies, corporations or individuals did not intend to make public. Cyber criminals hunt for this information by using search terms known as “dorks”, hence the term dorking.
How does Google Dorking work?

When a user inputs a keyword on a search engine (in this case Google) the search engine will crawl through its indexes, page content and link data and store this data in a way that is optimal in returning the results of the search made.
However, search engines will also store other information from websites that the pages developer or administrator did not intend to make public. Malicious actors will exploit this to gain sensitive information such as otherwise hidden code that is unsecure, recovered usernames, email addresses, passwords or financial details.

How to protect your organisation from being ‘dorked’
  • As with all areas of cyber security, it is vital that operating systems, applications and services are kept up to date and patched as and when updates are released.
  • Take the time to understand which information within your website is public and examine your exposure. If you uncover any sensitive information that is hidden but publicly accessible, move it to a private location.
  • Implement data loss protection software services to detect data breaches.
  • Perform frequent penetration testing.
  • Block access to non-essential resources from external parties.

Warning: ‘Hundreds Of Millions At Risk’ From 12-Year-Old Vulnerabilities Lying Deep In Dell PCs

A high severity vulnerability has been an underlying issue running on the Microsoft Windows of Dell PC’s for 12 years. If a malicious actor already has some level of access to an affected machine, the security flaw could allow them to take control of the PC. Dell has released a patch update to address the issue.
Critical Update Warning Suddenly Hits Millions Of Samsung Galaxy Users

Millions of Samsung Galaxy device owners have been issued a critical update warning. The update is to address vulnerability in the 5G chipset of the device which, if exploited by malicious actors, would enable them to use Android IOS as a gateway to inject malware onto the device as well as access text messages, call history and the audio of phone conversations

Anti-Spam WordPress Plugin Could Expose Website User Data

A WordPress plugin has been installed on over 100,000 sites. The ‘Spam Protection AntiSpam, FireWall by CleanTalk’ is home to a SQL injection vulnerability that has the potential to expose sensitive information, including card details, to an attacker.

Global Phishing Attacks Spawn Three New Malware Strains

Two upsurges in novel global phishing equipped with ‘professionally coded sophistication’ has flooded at least 50 organisations and delivered three never before seen strains of malware. The malware was delivered via APT utilising almost 50 domains.
What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch

SME Inputs 

Join our monthly online webinars aimed specifically at Small and Medium-sized Enterprises to discover what cyber threats could potentially impact your business and get the latest advice and cyber awareness training for all staff. To register visit:

Cyber Security Awareness Webinars: Schools and Education

Join our online webinar aimed at schools and educational organisations and discover how cyber attacks and ransomware are being used to target them. Get the latest advice and cyber awareness training for all staff.

Please note: All participants are screened before being invited to the event. Please use your corporate email address when registering.

Cyber Choices: Virtual School and Education Events

Join our online webinars aimed at schools and educational organisations for advice and support on how we can help young people make informed cyber choices and use their cyber skills in a legal way.

Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

UK Education and Childcare Sector Alert and Resources

The National Cyber Security Centre has released the following guidance to schools - Cyber Security for Schools.  This page houses free resources for everyone working with schools. The education sector has recently been affected by a number of cyber incidents. 

Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals

Support for UK education sector after growth in cyber attacks

New NCSC guidance aimed at the UK Early Years education and Childcare sector
The new guidance, produced in association with key stakeholders in the Early Years sector, will help organisations protect the growing amounts of sensitive information held on children and their families, from both accidental damage or from online criminals.

Get in touch with us if your school or organisation would like support with staff training. 

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.

Our colleagues in the West Midlands Police Economic Crime Unit also produce cyber and fraud focused business newsletters. If you wish to subscribe to their newsletter, please e-mail  - 


The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp