Weekly Threat Report - 14th December 2018
The problem with lapsing certificates
A report from the US congress this week has revealed that the network breach suffered by Equifax in 2017 was not found due to an expired software certificate.
The certificate was linked to software which monitors networks for suspicious traffic, so the expiration meant that hackers were able to avoid being spotted.
O2 had a similar issue last week when a network blackout affected the entire UK.
Digital certificates are bits of code that ensure the encryption of communication between devices and websites.
As you would expect, the NCSC advise that organisations should keep on top of their certificates and ensure they do not lapse.
If you ever find yourself a customer affected by a breach such as this then you should be alert to the phishing threat following data breaches.
Confidential data loss in Denmark
Confidential data of 20,000 residents in Gladsaxe, Denmark has been lost following the theft of a computer from the town’s city hall between November 30th and December 3rd.
The data had been saved locally and included information such as registration numbers, age and addresses. Details of social welfare payments and housing were also reported as being affected.
Local authorities had informed those affected by Monday 3rd blaming the issue on human error following a spreadsheet being saved locally on the computer as a temporary measure.
Ensuring personal data is secure should be at the top of any priority list, and the NCSC has guidance aimed at protecting bulk data.
Organisations shouldn’t look to pass blame onto employees following this kind of incident. The likelihood is that the employee was acting in good faith to ensure a business need was met. The NCSC encourages adding extra layers of resilience to support employees and use incidents such as this as a learning opportunity. It’s well worth reading a blog post written here on the NCSC website back in November 2016.
Stay secure; keep on top of the latest security updates
WordPress has issued a security patch which fixes several vulnerabilities including one that led to Google indexing some user passwords.
Detailed information for version 5.0.1 can be read on the WordPress news pages, but crucially a fix has been implemented following an issue in which activation screens for new users were being indexed by Google.
An attacker could’ve found these pages and used them to collect email addresses, and in rare cases, default-generated passwords.
Users of WordPress, and any similar software, should always download the latest security updates to ensure maximum protection from vulnerabilities such as this.
National Cyber Security Centre Threat Reports