We’re almost certain none of you have the time, or the patience, to trawl through the many click bait articles or doom and gloom news postings surrounding IT and Cyber Security, so we’ve done boring bit for you! Below are some quick reviews of the latest and most worrying headlines we think you all need to be aware of:
T-Mobile Data Breach
Last week T-Mobile admitted 40 million customers have had their details exposed thanks to a US data breach. Independent investigators estimate the once giant tech company has approximately 7.8 million current T-Mobile customers, so this breach likely impacts historic customers too. No news has yet surfaced pertaining to former UK customers in this breach. If you’ve ever been a customer, and you have that bad habit of using the same password for everything, now you have a cyber security reason to start changing passwords!
Cybercrime Losses Triple in the First Half of 2021
NFIB (National Fraud Intelligence Bureau) released data advising individuals and organisations have lost three times as much to cyber crime in the first half of this year when comparing to the first half of 2020. The pandemic can largely be accounted for this increase as companies and workers have committed to working from home, including transitioning to digital only systems or cloud hosted solutions, giving hackers 18 months to tweak their attack techniques, hone in on what works and amplify their efficiency for maximum yield on their efforts. Make sure you’ve got two factor authentication enabled everywhere you can, keep on top of password breaches and if in doubt, change it to something more secure to keep on top of your cyber security.
New UPS Delivery Scam
We’ve seen plenty of faux emails from senders spoofing their identity, hoping you’ll click links or open attachments because their sender address is someone familiar, or the email is plastered in branding of a company you trust. But beware, there’s a new scam email doing the rounds and it comes in the form of a UPS tracking email. If you’re on 365 make sure you’ve got a 365 Defender plan deployed and configured to protect your domain(s), and if you’re in doubt, let us know! We can help you double check and deploy it if missing from your cyber security arsenal.
Microsoft Power Apps Misconfigured and Exposed
This might not apply to a majority of our readers as Power Apps aren’t widely used. However, if any aspect of your business incorporates usage of Power Apps, be sure you’ve locked down public access as even Microsoft themselves have been caught leaving “the door wide open” to some of their own in house Power Apps. The security “hole” has been patched and fixed since its discovery, but the misconfiguration has left 38 million records exposed according to the security firm “UpGuard” who were running investigations against public facing Power Apps as part of routine background checks. If Power Apps are common in your workplace and have been for some time, this breach may apply to you, use this tool to analyse and resolve Portal Checker diagnostic results.
FBI Ransomware Group Flash Alert
There’s a new hacker group making waves in the InfoSec scene, “OnePercent”, they’ve been at it since November 2020 and have largely been targeting US companies, but the FBI is now acknowledging their presence and warns that this group are offering “Ransomware as a service”. Meaning individuals or companies lacking technical know-how but intent to cause disruption or commit cyber crime can now do so thanks to the service this hacker group render. The public advisory from the FBI is a first for cyber crime and likely not the last as cyber crime becomes more lucrative to those less inclined to follow the law.
Stolen Samsung TV’s Remotely Disabled
Samsung have announced any devices catalogued as stolen during rioting and theft from their warehouses in South Africa are being remotely disabled. If you’re in the market for a new TV, perhaps best to avoid bootfairs, Facebook marketplace, Gumtree, Ebay or any other second hand sales sites if the offers are for brand new Samsung devices.
$610 Million Stolen Cryptocurrency Returned
Yup you’re reading that right, a hacker has returned all $610 million stolen cryptocurrency following an attack on vulnerable code in Poly Network’s systems. An anonymous note left in one of the returning transactions suggests the hacker was quitting, and their actions were an effort to contribute to the security of the Poly project. Nice to see hackers still have morals and proof that we’ve not seen the end of white hat hackers, all be it unorthodox in this instance. And nice to end this Cyber Security news recap on a happier note!
If anything in the above has you worried, or you need some reassurance that your IT is as secure as it can and should be, please reach out to us!