Cyber News and Threats – 28th April 2017
Here are some of the latest updates on cyber threats and news that we’ve picked up in the last couple of weeks, including the NCSC weekly update for 28th April. All updates are open source and links given:
- Increase in Homographic Phishing Attacks – Homographic attacks have been widely known about for many years, and rely on the fact there are visual similarities between many different Unicode characters to spoof well-known web addresses using similar-looking Punycode domains. For example, by registering the Unicode domain “www.xn--googl-z8a.com” an attacker would be in control of a web address, which will render in browsers as “www.googlė.com”, almost indistinguishable from the real thing.
- Vulnerabilities – An altogether quieter week than we have seen for a while on the vulnerabilities front. There were a number of updates from Cisco for IOS, ASA, Prime Infrastructure and Prime Network Registrar to fix cross-site scripting attacks, denial of service or target restart vulnerabilities. IBM updated WebSphere and Security Guardium this week to fix escalation of privilege bugs and also updated Domino to fix a remote code execution bug.
For the full text of the NCSC weekly Threat Report please go to: https://www.ncsc.gov.uk/report/weekly-threat-report-28th-april-2017
And in other news online:
Scots firms warned of dangers of cyber attacks – Scottish firms are sleep walking into “potentially business ending” cyber attack disaster, an online security expert has warned. http://www.scotsman.com/news/scots-firms-warned-of-dangers-of-cyber-attacks-1-4424572
Cyber-thieves want your healthcare data – Every eighth person in England has had their healthcare data breached. This is the conclusion of a new report just released by Accenture. Based on a poll of 1,000 people it said that more than half of all he people who experienced a data breach (56 per cent), were in fact, victims of medical identity theft. http://www.itproportal.com/news/cyber-thieves-want-your-healthcare-data/
Majority of cyber harrassment victims don’t report the crime to police – Researchers from the National Centre for Cyberstalking Research based at the University and Bedfordshire Police are collaborating on a two year project to transform how cyberharassment is investigated and how cases which are reported to the Police are appropriately dealt with. http://www.itv.com/news/anglia/update/2017-04-24/majority-of-cyber-harrassment-victims-dont-report-the-crime-to-cops/
Asian Interpol operation finds nearly 270 compromised websites – Investigators from seven Southeast Asian nations collaborated on a joint Interpol operation that identified approximately 8800 command-and-control servers in eight countries and nearly 270 compromised websites, including government portals that may have contained personal data on citizens. https://www.scmagazineuk.com/asian-interpol-operation-finds-nearly-270-compromised-websites/article/652536/
FCA says firms ignoring cyber security basics – Financial services firms are often not getting the basics right on cyber security, leaving them vulnerable to attacks. This is the claim made by the Financial Conduct Authority’s chief operating officer Nausicaa Delfas. https://www.ftadviser.com/regulation/2017/04/25/fca-says-firms-ignoring-cyber-security-basics/