Welcome to the Ironshare Cyber Round-up where we look back atthe events of that last week and cover some of the news, posts, views, and highlightsfrom the world of Security.
In this week’s round-up:
Over the holiday season, online fraud increasessignificantly, which is why it is so important that you understand how to shoponline safely and securely. The National Cyber Security Centre (NCSC) havecreated a guidance post to help you understand the dangers of online fraud, andhow to effectively minimise the risk of being hit. Some of the advice includesstrong password practice, MFA, choosing where to shop and avoiding unknownlinks. We highly suggest taking the time to read this guide so that you don’tbecome a victim of online fraud over the holidays.
By NCSC.gov.uk
Twitter has offered its users two-factor authentication fora few years now, but they have relied on a method that needed the use of theirphone number, so users been waiting for a more secure way to protect theiraccount. As of last week, twitter is allowing you to remove your mobile phonenumber from your account, while also introducing the use of WebAuthn for 2FA. Thischange was largely the result of their CEO Jack Dorsey recently having hisaccount compromised. This gives users a more secure experience that is both easierand safer to use. If you do not already, we highly recommend enabling 2FA ontwitter to prevent the risk of your account and any associated personalinformation being stolen.
By GrahamCluley.com
The Chinese manufactured kid’s smartwatch SMA M2, which isbeing used by 5,000 children worldwide, has been discovered to have multiplevulnerabilities that leak the user’s personal data; this includes GPS data.Researchers found the data in an unencrypted publicly accessible web API sentfrom the watch’s SIM card. This product is very dangerous as it can reveal thelocation of everyone using it, as well as the names of the child and parentsand ages; another flaw also allows attackers to potentially listen to alltransmitted voice messages and manipulate messages sent from the device. Ifcontinuing to use these Smart Watches we highly recommend updating or simply avoidusing them; at least consider these security risks presented by it.
By ThreatPost.com
As we get closer to the UK Tax Self-Assessment deadline on31st January, HMRC are actively trying to educate its customers onthe dangers of tax scams. They have published a blog discussing tax scams andhow you can effectively spot and avoid them. In the last year, almost 900,000customers have reported suspicious contact from HMRC and over 100,000 of thesewere confirmed to be scams. HMRC want to keep their customers safe and havecompiled a list of advice that they recommend looking into. This includes whatto look out for when checking if you’re being scammed, and what kind ofinformation attackers may ask for. We encourage all customers to take a look atthis guide to help protect you from tax scams.
By Gov.uk
Adobe recently disclosed a security breach that is affectingusers of the Magento Marketplace; the marketplace allows users to buy pluginsfor Magento-based online stores. The breach occurred because of a vulnerabilitythat allowed an unauthorised attacker to gain access to sensitive accountinformation belonging to registered users, however it was confirmed that noaccount passwords or financial information were exposed in the incident.Shortly after the breach, Adobe took the marketplace down, but have announcedthat it is now back online and fully operational.
By ZDNet.com
The research team at Kaspersky Lab has discovered 37CVE-listed vulnerabilities including memory-corruption and remote codeexecution flaws that are affecting the Virtual Network Computing’s (VNC) remotedesktop software. These flaws pose serious threat to users of the product andcan potentially allow an attacker to remotely take control of a targetcomputer. According to the research team, these flaws are affecting around600,000 users who have public-facing machines with VNC access. Immediatesoftware updates are highly recommended so that you are not at risk from theseserious vulnerabilities.
By TheRegister.co.uk
And that’s it for this week round-up, please don’t forget totune in for our next instalment.
Why not follow us on social media using the links providedon the right.
Edition #69 – 29th November 2019
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
