Updated: Oct 19
Weekly Threat Report - 16th October 2020
Call for caution during online shopping events
This week saw the 5th annual Amazon Prime Day sale. Software providers, Bolster, detailed the potential vulnerabilities shoppers face with fraudulent sites spoofing the Amazon brand.
Online scams are becoming harder to detect but it’s important to remain vigilant. If you are unsure about an email’s authenticity then you should forward it to email@example.com which helps us to continue removing malicious URLs and phishing scams.
With Black Friday (27 November) and Cyber Monday (30 November) on the horizon, use the NCSC’s guidance on how to shop securely whilst online. We also suggest taking a few minutes to review the Cyber Aware page. If the worst happens then our advice on how to recover a hacked account may help.
Passenger data compromise confirmed by Carnival
Cruise operator Carnival have confirmed that passenger data was accessed during a ransomware attack on 13 August.
The illegally accessed customer and employee data may have included names, addresses, dates of birth, contact numbers and passport numbers. Carnival’s statement can be read in full here.
Carnival have stated that they have been working as quickly as possible to notify the affected victims.
The NCSC has published guidance outlining how to mitigate against malware and ransomware attacks. There is also guidance for those concerned about the risk of phishing following a data breach such as this.
Microsoft security updates now available
Microsoft has released details of this months ‘Patch Tuesday’ including a Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-16952) and a Windows TCP IP Remote Code Execution Vulnerability (CVE-2020-16898).
It's important to keep firmware and software up-to-date, and to apply the latest security updates as soon as they become available. Our guidance on vulnerability management can help you understand the importance of this, and how to prioritise applying security updates.
Threat actors chaining vulnerabilities
CISA has reported threat actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability CVE-2020-1472 in Windows Netlogon, mentioned in our recent alert in September. The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities during a single intrusion to compromise a network or application.
The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest updates as soon as practicable.
Topics Cyber threat