google-site-verification: googlee9447d3b266da5de.html

NCSC (National Cyber Security Centre) - Weekly Threat Report @ncsc #cybersecurity


Weekly Threat Report - 14th December 2018

The problem with lapsing certificates

A report from the US congress this week has revealed that the network breach suffered by Equifax in 2017 was not found due to an expired software certificate.

The certificate was linked to software which monitors networks for suspicious traffic, so the expiration meant that hackers were able to avoid being spotted.

O2 had a similar issue last week when a network blackout affected the entire UK.

Digital certificates are bits of code that ensure the encryption of communication between devices and websites.

As you would expect, the NCSC advise that organisations should keep on top of their certificates and ensure they do not lapse.

If you ever find yourself a customer affected by a breach such as this then you should be alert to the phishing threat following data breaches.

Confidential data loss in Denmark

Confidential data of 20,000 residents in Gladsaxe, Denmark has been lost following the theft of a computer from the town’s city hall between November 30th and December 3rd.

The data had been saved locally and included information such as registration numbers, age and addresses. Details of social welfare payments and housing were also reported as being affected.

Local authorities had informed those affected by Monday 3rd blaming the issue on human error following a spreadsheet being saved locally on the computer as a temporary measure.

Ensuring personal data is secure should be at the top of any priority list, and the NCSC has guidance aimed at protecting bulk data.

Organisations shouldn’t look to pass blame onto employees following this kind of incident. The likelihood is that the employee was acting in good faith to ensure a business need was met. The NCSC encourages adding extra layers of resilience to support employees and use incidents such as this as a learning opportunity. It’s well worth reading a blog post written here on the NCSC website back in November 2016.

Stay secure; keep on top of the latest security updates

WordPress has issued a security patch which fixes several vulnerabilities including one that led to Google indexing some user passwords.

Detailed information for version 5.0.1 can be read on the WordPress news pages, but crucially a fix has been implemented following an issue in which activation screens for new users were being indexed by Google.

An attacker could’ve found these pages and used them to collect email addresses, and in rare cases, default-generated passwords.

Users of WordPress, and any similar software, should always download the latest security updates to ensure maximum protection from vulnerabilities such as this.

National Cyber Security Centre Threat Reports

ASKET Cyber Security Resources


ASKET Social Media
  • Grey LinkedIn Icon
  • Grey Twitter Icon
  • Grey Facebook Icon

SOCIAL MEDIA

ASKET Contact

CONTACT

UK Tel: +44 7827 012195

UAE Tel: +971 5283 33164

Email: broker@asket.co.uk

ASKET Address

ADDRESS

ASKET Ltd​

86-90 Paul Street​

London​

EC2A 4NE

Company NO: 08763474