The National Cyber Security Centre has recently published their latest Threat Report. In this blog we have summarised some of the key information and urge you to speak with us about your cyber security to protect your business and your customers.
A key takeaway from the report is to be careful what you’re sharing online because cybercriminals often conduct research on individuals through social media platforms and other public information sources in an attempt to gain access to their network.
Patches released for Apple and Google Chrome vulnerabilities
Users should be aware that Google and Apple have released security updates to fix vulnerabilities affecting their respective products.
Apple’s two vulnerabilities include a remote code execution vulnerability (CVE-2022-32893) in its WebKit software, as well as a kernel vulnerability (CVE-2022-32894).
Google has released a standard update for its Chrome browser with eleven updates, but which includes a fix for the vulnerability CVE-2022-2856 which exists in the wild. The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities.
Microsoft report on a sustained phishing campaign by the SEABORGIUM threat actor
The Microsoft Threat Intelligence Center has published a new information on the sustained campaign of phishing and credential theft by the threat actor SEABORGIUM – you can read it here.
Cyber criminals often conduct research on individuals in an organisation to attempt to gain access and is known to identify legitimate contacts in the target organisation’s corporate network. The opening exchange with the target is often a benign email referencing an attachment that doesn’t exist. Once a target opens the email, they are directed to an actor-controlled server hosting a phishing framework. The final page is a prompt for authentication, mirroring the sign-in page for a legitimate provider and intercepting any credentials.
Warning as cyber criminals use HMRC branding in phishing scams
Cyber criminals continue to impersonate HMRC branding to trick the public into sharing personal or financial details.
Recipients of this phishing attempt are encouraged to ‘submit their tax refund request’ via a link, which would send them to a fraudulent website designed to harvest their personal details.
A cyber criminal’s main goal is to trick you into giving them your sensitive information, which could include bank details, often claiming to be from UK government or other official organisations.
As of July 2022, the NCSC has received over 13million reported scams, which has resulted in 91,000 scams being removed across 167,000 urls. You can reduce the likelihood of being phished by thinking about what personal information you (and others) post about you, and by reviewing your privacy settings within your social media accounts.
Speak to our team to see how we can help educate your team towards safer online activity.