Cyber Alerts 2020

June

Apple Pays $100K Bounty for Critical ‘Sign in With Apple’ Flaw

Security Advisory

Published: 01/06/2020 | Last Updated: 01/06/2020

Apple has fixed a critical flaw in its Sign in with Apple feature, which could have been abused by attackers to takeover victims’ third-party applications.

Read More

May

Steganography Anchors Pinpoint Attacks on Industrial Targets

Security Advisory

Published: 29/05/2020 | Last Updated: 29/05/2020

Ongoing spear-phishing attacks aim at stolen Windows credentials for ICS suppliers worldwide.

A targeted series of attacks on suppliers of equipment and software for industrial enterprises is playing out globally, researchers said, hinging on phishing and a steganography tactic to hide malware on public, legitimate image resources.

EasyJet admits nine million customers hacked

Security Advisory
Published: 19/05/2020 | Last Updated: 19/05/2020

EasyJet has admitted that a "highly sophisticated cyber-attack" has affected nine million customers.

Read More

Hackers are impersonating Zoom, Microsoft Teams, and Google Meet for phishing scams

Security Advisory

Published: 12/05/2020 | Last Updated: 12/05/2020

Hackers have registered domains posing as Zoom, Microsoft Teams, and Google Meet-related URLs

Thunderbolt flaw allows access to a PC’s data in minutes

Security Advisory

Published: 11/05/2020 | Last Updated: 11/05/2020

Vulnerabilities discovered in the Thunderbolt connection standard could allow hackers to access the contents of a locked laptop’s hard drive within minutes

 

Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams

Security Advisory

Published: 07/05/2020 | Last Updated: 07/05/2020

Threat actors are buying and selling taxpayer data on hacker forums as well as using phishing and other campaigns to steal various U.S. government pay-outs.

Coronavirus | Cyber-spies hunt Covid-19 research, US and UK warn

Security Advisory

Published: 05/05/2020 | Last Updated: 05/05/2020

The UK and US have issued a joint warning cyber-spies are targeting the health sector.

Oracle | Unpatched Versions of WebLogic App Server Under Active Attack

Security Advisory

Published: 04/05/2020 | Last Updated: 04/05/2020

CVE-2020-2883 was patched in Oracle’s April 2020 Critical Patch Update – but proof of concept exploit code was published shortly after.

April

Coronavirus | Viral WhatsApp messages 'drop 70%'

Security Advisory

Published: 27/04/2020 | Last Updated: 27/04/2020

WhatsApp says it has seen a drop of 70% in "highly forwarded" messages - the kind that may spread misinformation about the coronavirus.

Microsoft | Single Malicious GIF Opened Microsoft Teams to Nasty Attack

Security Advisory

Published: 27/04/2020 | Last Updated: 27/04/2020

Now patched flaw allowed attacker to take over an organization’s entire roster of Microsoft Teams accounts.

Coronavirus | Cyber criminals threaten to hold hospitals to ransom.

Security Advisory

Published: 05/04/2020 | Last Updated: 05/04/2020

Interpol warns that ransomware attacks could lead directly to deaths as healthcare resources are stretched by the crisis.

March

Type 1 Font Parsing Remote Code Execution Vulnerability

Security Advisory

Published: 23/03/2020 | Last Updated: 23/03/2020

Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library and is providing the following guidance to help reduce customer risk until the security update is released.

Home working | preparing your organisation and staff

Security Advisory

Published: 17/03/2020 | Last Updated: 02/04/2020

How to make sure your organisation is prepared for an increase in home working, and advice on spotting coronavirus (COVID-19) scam emails.