Home
Articles
Resources
FAQ
Members
About
Report Incident
My
Contact

News

Icon representing Alert - Microsoft Tech-Support Scammers using WannaCry attack to lure victims
Alert - Microsoft Tech-Support Scammers using WannaCry attack to lure victims

May 24th 2017
Default icon for news items
NCSC: Latest statement on international ransomware cyber attack

May 15th 2017
Icon representing 'Alarming' rise in ransomware
'Alarming' rise in ransomware

May 11th 2017
 

Poll

Would you consider a cyber security certification for your business?


Yes, it's a potential USP, you can't put a price on that
No, it's not worth the time investment
Yes, provided it was cost proportionate to my size of business
No, they're too expensive
Yes, it demonstrates my commitment to the security of the data I hold
 
 
 

Cyber Advisory (Week commencing 12/10/15)

Current cyber related threats and advisory information 
October 12th 2015
Current cyber related threats and advisory information
Stagefright Bug 2.0
  • Stagefright bug is back leaving virtually every Android smart phones vulnerable to an attack.
  • This flaw allows malicious users to hack Android smart phones and take complete control of the device.
  • All operating system versions from Android 1.0 to Lollipop 5.1.1 are affected. 
  • Google scheduled a monthly Android Security update on the 5th October which will patch this newly discovered vulnerability for Nexus smart phones.



Infection:
  • The Stagefright Bug 2.0 has several attack vectors, which include via webpage, man-in-the-middle attack, third party media player and instant messaging applications.
  • The vulnerability is found in the operating system’s media player engine, which can be triggered through receiving a malicious MP3 or MP4 media (audio file).

Prevention:
  • Make sure you patch your devices as soon as the updates are available.
  •  Always run anti-virus software on your mobile devices.  They are not just phones, they are computers.

Until all updates are released, be careful when downloading songs and videos from webpages and emails which could be a threat.

 
Fake Financial Invoice Spam

A fake financial email has been recently discovered sent by someone posing as a UK company “Incident Support Group Ltd”.  It has an attached fake invoice which contains a macro. It automatically downloads a malicious executable file.

Content sample:

From    repairs@isgfleet.co.uk
Date     Mon, 05 Oct 2015 15:47:11 +0700
Subject Your Invoices - Incident Support Group Ltd

Please find attached your invoices from Incident Support Group Ltd. If you wish to
change the email address we have used please email repairs@isgfleet.co.uk with the
correct details.

Infection:
  • Through opening the fake invoice document a malicious macro downloads an executable file.
  • The malware provided in the URL has been noted as the Dridex banking trojan.

Prevention:
  • Thoroughly check emails and suspicious attachments. Word Documents can be malicious too.
  • Make sure your virus scanners are up-to-date and be aware of the emails you receive.