The latest in cyber threats, trends and advice
VULNERABILITY- SONICWALL URGENT UPDATE REQUIRED!
SonicWall is warning customers to patch its enterprise secure VPN hardware to thwart an “imminent ransomware campaign using stolen credentials” that’s exploiting security holes in current and legacy models.
Click 'Learn More' to review the SonicWall security notice.
NCSC- EXERCISE IN A BOX
Exercise in a Box is an online tool from the NCSC which helps organisations test and practise their response to a cyber attack. It is completely free and you don’t have to be an expert to use it.
Click 'Learn More' for more information
VULNERABILITY ALERT- DELL COMPUTERS
On 24th June 2021 Dell published a knowledge base article to address vulnerabilities affecting the following product:
Dell Client Platform- Multiple Versions and Models.
HTTPS Boot Feature
For an explanation of these features and mitigation advice click 'Learn More'
TRAINING FOR SMALL ORGANISATIONS AND CHARITIES!
Most small organisations do not have an IT department, or technical staff responsible for cyber security. And with so much cyber security advice out there, it can be difficult for small organisations to know where to start.
This is where the NCSC's new training for small organisations and charities can help. It guides you through all the actions you need to take to reduce the likelihood of you becoming a victim of the most common cyber attacks.
Click 'Learn More' to visit the NCSC website.
POLICE CYBER ALARM ALERT!
Police CyberAlarm (PCA) scheme offers reports and advice on protecting your organisation from Internet-based threats, whilst these normally come in the form of a monthly report, on occasion the Police CyberAlarm Team reach out to members regarding something more specific or urgent to them.
Following a recent announcement, by SonicWall, of a potential zero day exploit on SonicWall Firewalls, measuring a 5.3 on the CVSS3 vulnerability scale and SonicWall support have issued a patch to combat this.
This particular vulnerability was thought to have been patched in October last year however the patch did not solve the vulnerability entirely. Sonic Wall have summarised this vulnerability as:
“A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted unauthenticated HTTP request. This can potentially lead to an internal sensitive data disclosure vulnerability.”
Click 'Learn more' for further details of the vulnerability and how to upgrade.
APPLE PACTHES iOS 12 AFTER ZERO DAY FOUND
Apple patches iOS 12 after hackers exploit WebKit Engine flaws.
The emergency patch addresses two bugs abused to launch remote code execution attacks. Click on 'Learn More' to read the released article. Also look at our fun posters here helping to remind your staff to keep their devices up to date with patches.
RANSOMWARE ATTACK WARNING FOR UK SCHOOLS
The NCSC is responding to further ransomware attacks on the education sector by cyber criminals. They have previously highlighted an increase in ransomware attacks on the UK education sector during August/September 2020 and now we are seeing further attacks this year. The NCSC have provided some guidance for your organisation on their website and we have written two articles to help you reduce the risk and effects of an attack.
SNAPCHAT SAFETY TIPS
We have seen a recent rise in Snapchat accounts being compromised to extract explicit images. These images are then being used for either Blackmail or financial gain. Nottingham Protect Officers Dean & Kirsty have pulled together some top tips to keep you and your social media accounts safe.
The NCSC are delighted to announce the launch of a new online game to help primary schools, clubs and other youth groups teach children about cyber security from an early age. CyberSprinters is a free interactive game, developed by National Cyber Security Centre (NCSC)- a part of GCHQ, aimed at 7 to 11 years old.