Category: NCSC

Executive summary

A number of vulnerabilities have been discovered in the Qualcomm chipsets used in many Android handsets from many of the leading manufacturers. Exploitation of these vulnerabilities could allow an unauthorised user to take full control of an Android device but in order to do so an authorised user would first need to install a malicious app.

Google have stated that three of the four vulnerabilities have been patched with the fourth due in September, although updates will…

Link: Quadrooter vulnerability affecting Android
Source: NCSC Alerts

Universities under cyber attack

This week, various media outlets have reported on the high number of cyber attacks suffered by UK universities.

Universities are of interest to a range of attackers. Highly skilled hacking groups conduct cyber espionage, seeking to acquire cutting-edge research and intellectual property in areas such as defence, energy, and artificial intelligence. Most academics have detailed web pages describing themselves and their research interests, giving attackers more…

Link: Weekly Threat Report 8th September 2017
Source: NCSC Reports

WannaCry ransomware attack illustrates risk of using unlicensed software

The WannaCry international ransomware attack has highlighted the risks of relying on unpatched software. The scale of the outbreak has been blamed in part on the widespread use of unlicensed software. Pirated software is often insecure as it does not benefit from manufacturers’ updates to fix vulnerabilities.

Several of the countries reported by cyber security companies to be worst affected are also amongst the…

Link: Weekly Threat Report 19th May 2017
Source: NCSC Reports

Twitterbots spreading fake news on the internet

Recent reports suggest social media bots are widely spreading fake news on the Internet.

A Twitterbot is a bot program used to create accounts and automated tweets that requires little or no human intervention. This typically means that not all accounts have to be created by humans. Twitterbots can be used for entertainment, marketing, spamming, manipulating Twitter’s trending topics list and public opinion, trolling, fake followers, malware…

Link: Weekly Threat Report 27th January 2017
Source: NCSC Reports

Threat assessment and trend analysis

Shadow Broker’s Cisco vulnerabilities in the wild

Cisco’s Product Security Incident Response Team (PSIRT) has become aware that some of its customers have been targeted through the exploitation of one of the ‘zero-day’ vulnerabilities, leaked this summer by the hacking group known as Shadow Brokers.

The vulnerability [CVE-2016-6415] was found in the IKEv1 (Internet Key Exchange version 1) packet processing code and affects…

Link: Weekly Threat Report 23rd September 2016
Source: NCSC Reports

Cloud security – FedEx data leak from AW

Adoption of cloud computing (the process of providing applications, processing power and storage through remote servers over the internet) is increasing amongst medium and large organisations. However, as cloud is adopted, the securing of services in the cloud as well as the security claims of the cloud provider become mission critical priorities for both private and public-sector enterprises.

Media reports that scanned documents containing the…

Link: Weekly Threat Report 23rd February 2018
Source: NCSC Reports

Executive summary

HTTP/2 is a faster and more technically advanced version of the current HTTP 1.1 and is being widely adopted following its approval in February 2015. It is already supported by major browsers – Chrome, Firefox, IE11, Edge, Safari, and Opera – and is thought to be used by about one in ten websites.

Four vulnerabilities rated as severe have been discovered in this new version, but fixes have already been made available through a coordinated approach between the…

Link: HTTP/2
Source: NCSC Alerts

300% increase in attacks on Microsoft cloud services

Microsoft has revealed that the frequency of attacks against users of its cloud services, including Microsoft Azure and Office 365, has increased by 300% over the last year.

“A large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services,” said Microsoft in its ‘Security and Intelligence’…

Link: Weekly Threat Report 1st September 2017
Source: NCSC Reports

International cyber incident affecting the NHS

On Friday a set of global cyber attacks took place against thousands of organisations, including the NHS, and individuals in dozens of countries.

The NCSC statement on the incident can be read here and guidance on how to defend your organisation against ransomware can be found here.
 

US restaurant chain payment process system compromised

A US restaurant chain, Chipotle Mexican Grill, recently announced that unauthorised activity…

Link: Weekly Threat Report 12th May 2017
Source: NCSC Reports

Password security

In November 2016, a study of user passwords exposed by a Yahoo data breach revealed that “123456” was the most common password, followed closely by “password” at number two. A more recent report on the most commonly used passwords revealed that “123456” was still number one, followed by the ‘more complex’ “123456789”.

These reports highlight ongoing problems associated with conventional password policies, which tend to promote the use of complicated passwords that are…

Link: Weekly Threat Report 20th January 2017
Source: NCSC Reports