Category: NCSC

Twitterbots spreading fake news on the internet

Recent reports suggest social media bots are widely spreading fake news on the Internet.

A Twitterbot is a bot program used to create accounts and automated tweets that requires little or no human intervention. This typically means that not all accounts have to be created by humans. Twitterbots can be used for entertainment, marketing, spamming, manipulating Twitter’s trending topics list and public opinion, trolling, fake followers, malware…

Link: Weekly Threat Report 27th January 2017
Source: NCSC Reports

Threat assessment and trend analysis

Shadow Broker’s Cisco vulnerabilities in the wild

Cisco’s Product Security Incident Response Team (PSIRT) has become aware that some of its customers have been targeted through the exploitation of one of the ‘zero-day’ vulnerabilities, leaked this summer by the hacking group known as Shadow Brokers.

The vulnerability [CVE-2016-6415] was found in the IKEv1 (Internet Key Exchange version 1) packet processing code and affects…

Link: Weekly Threat Report 23rd September 2016
Source: NCSC Reports

Cloud security – FedEx data leak from AW

Adoption of cloud computing (the process of providing applications, processing power and storage through remote servers over the internet) is increasing amongst medium and large organisations. However, as cloud is adopted, the securing of services in the cloud as well as the security claims of the cloud provider become mission critical priorities for both private and public-sector enterprises.

Media reports that scanned documents containing the…

Link: Weekly Threat Report 23rd February 2018
Source: NCSC Reports

Executive summary

HTTP/2 is a faster and more technically advanced version of the current HTTP 1.1 and is being widely adopted following its approval in February 2015. It is already supported by major browsers – Chrome, Firefox, IE11, Edge, Safari, and Opera – and is thought to be used by about one in ten websites.

Four vulnerabilities rated as severe have been discovered in this new version, but fixes have already been made available through a coordinated approach between the…

Link: HTTP/2
Source: NCSC Alerts

300% increase in attacks on Microsoft cloud services

Microsoft has revealed that the frequency of attacks against users of its cloud services, including Microsoft Azure and Office 365, has increased by 300% over the last year.

“A large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services,” said Microsoft in its ‘Security and Intelligence’…

Link: Weekly Threat Report 1st September 2017
Source: NCSC Reports

International cyber incident affecting the NHS

On Friday a set of global cyber attacks took place against thousands of organisations, including the NHS, and individuals in dozens of countries.

The NCSC statement on the incident can be read here and guidance on how to defend your organisation against ransomware can be found here.
 

US restaurant chain payment process system compromised

A US restaurant chain, Chipotle Mexican Grill, recently announced that unauthorised activity…

Link: Weekly Threat Report 12th May 2017
Source: NCSC Reports

Password security

In November 2016, a study of user passwords exposed by a Yahoo data breach revealed that “123456” was the most common password, followed closely by “password” at number two. A more recent report on the most commonly used passwords revealed that “123456” was still number one, followed by the ‘more complex’ “123456789”.

These reports highlight ongoing problems associated with conventional password policies, which tend to promote the use of complicated passwords that are…

Link: Weekly Threat Report 20th January 2017
Source: NCSC Reports

Our second Annual Report covering the period April 2015 – March 2016 is now live.

The report covers an overview of the incidents we have dealt with this year with a breakdown by type and sector, as well as analysis of malware in the UK, a look at our predictions from last year and a new set for the coming year and a piece on the importance of automated sharing.

CiSP members can also access the Amber Annexe posted on the platform which contains more technical information including…

Link: CERT-UK Annual Report 2015/16
Source: NCSC Reports

Ransomware infects Colorado Department of Transportation IT system

International media reports suggest that ransomware infected computers at the Colorado Department of Transportation (CDOT) on 21 February, encrypting files and requesting payment in Bitcoin to restore them. CDOT is responsible for managing and maintaining roads as well as monitoring traffic in the US state of Colorado, but no critical operational IT systems are believed to have been affected.

The organisation has taken 2,000…

Link: Weekly Threat Report 2nd March 2018
Source: NCSC Reports

Executive summary

Multiple critical vulnerabilities have been reported in a number of different security products from Symantec, affecting both enterprise and consumer products.

These vulnerabilities include a ‘100% reliable remote exploit’ and a ‘wormable’ flaw that requires no user interaction by the victim for an attacker to exploit.

The vulnerabilities have been fixed by Symantec and performing a manual ‘LiveUpdate’ will update the software to the…

Link: Symantec Norton Anti-virus and Endpoint Protection – multiple high severity vulnerabilities
Source: NCSC Alerts