FragAttacks: how they can devastate your WiFi devices

A new set of fragmentation vulnerabilities have been discovered which have the capacity to affect all WiFi enabled devices dating back to 1997.

There have been 12 identified separate vulnerabilities discovered by New York University Abu Dhabi researcher Mathy Vanhoef, named FragAttacks (fragmentation and aggression attacks) which have a dangerous data exfiltration potential to gather information about the owner of a WiFi enabled device and export it to a within-range attacker or to run malicious code to compromise the device; bypassing WEP and WPA security protocols.

Vanhoef announced that more than 75 tested Wi-Fi devices are affected by at least one of the FragAttacks vulnerabilities, but a majority of the devices are impacted by multiple CVEs. These tested devices included Huawei, Google, Samsung and Apple for mobile devices; computers from Dell, Apple and MSI; Xiaomi and Canon IoT devices; Asus, Linksys and D-Link routers; and Aruba, Lancom and Cisco access points.

Furthermore, the identified CVEs had the capacity to erroneously reassemble fragments encrypted under different keys, process fragmented as full frames and not clear fragments from memory when (re)connecting to a network. These vulnerabilities are named ‘FragAttacks’ due to the issues on how the WiFi network dissipates and then reorders data for easier transmission before reassembly at the receiving endpoint device.

Despite the existence of these unearthed vulnerabilities, WiFi Alliance released a statement saying that “There is no evidence of these vulnerabilities being used against WiFi users maliciously” and suggests protection methods to users through downloading “routine device updates that enable the detection of suspect transmissions or improve adherence to security implementations”

The video below demonstrates how the 12 discovered vulnerabilities can be used as a stepping stone to launch advanced malware attacks:


Security updates released for Adobe Reader zero-day vulnerability to arbitrary code execution

Adobe is warning customers of a critical zero-day bug that is active in the wild affecting its Adobe Acrobat PDF reader software.

The bug, tracked as CVE-2021-28550, affects eight versions of Adobe software (full list below) and exploits vulnerabilities in the software including arbitrary code execution, memory leaks and exposure of private information.

10 critical and four important vulnerabilities were addressed in Adobe Reader and Acrobat in addition to five critical flaws in Adobe Illustrator that were resolved by Tuesday’s security patch release. The technical specific details of the bug were not available to Adobe software users until after the 43 patch fixes were downloaded which meant that before manual user installation, the zero-day bug allowed for hackers to execute virtually any command on targeted systems.

Users can download these new security fixes by initiating the auto update feature of Acrobat and Reader by going to Help –> Check for Updates and installing via the Adobe Download Centre. This will remove the user intervention necessity to manually install security updates and allows Adobe products to update automatically upon detection of patch releases.

List of affected Adobe software versions:

– Acrobat DC, 2021.001.20150  and earlier versions - Windows

– Acrobat Reader DC, 2021.001.20150  and earlier versions – Windows

– Acrobat DC, 2021.001.20149  and earlier versions - macOS

– Acrobat Reader DC, 2021.001.20149  and earlier versions – macOS

– Acrobat 2020, 2020.001.30020 and earlier versions – Windows & macOS

– Acrobat Reader 2020, 2020.001.30020 and earlier versions – Windows & macOS

– Acrobat 2017, 2017.011.30194  and earlier versions – Windows & macOS

– Acrobat Reader 2017, 2017.011.30194  and earlier versions – Windows & macOS


7.5 Million at risk from out-of-date ISP routers

Consumer watchdog Which? have investigated 13 legacy router models supplied by leading UK internet service providers (ISPs) including EE, Sky, TalkTalk, Virgin Media and Vodafone – a report discovered that around 7.5 million internet users are at risk from out-of-date hardware.

Out of the 13 router models investigated, 9 presented pressing security flaws that are unlikely to be in compliance with upcoming UK government legislation around tackling the security of connected devices.

The new legislation is in response to government figures showing that 49% of UK residents have purchased at least one smart device since the start of the COVID-19 Pandemic. Due to this huge increased national scope of vulnerability to potential cyber-attacks, the proposed legislation will ban easy to guess default passwords across all, enforces policies to make it easier to report software bugs that can be exploited by hackers on legacy or modern hardware.

Kate Bevan, Which?’s Computing Editor, commented that “proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.” Which? are simultaneously pushing for increased transparency from ISPs about how customers automatically or manually update their routers and how they should actively upgrade existing customers who are identified as being in the ‘at risk’ category.

Of those 7.5 million affected, 6 million users currently possess ISP hardware that has not been updated since 2018 and a few instances even as far back as 2016 – meaning that these vulnerable devices have not received security updates for defence against the latest threats posed by cybercrime.

A cluster of three main problems with ISP legacy hardware were identified by Which? ranging from weak default passwords that allow cybercriminals unlimited access to a router from anywhere, a lack of firmware updates and a local network vulnerability issue with EE Brightbox 2 giving potential hackers full control of the router to install malware or malicious spyware.

In response, Virgin Media have openly rejected Which?’s report conclusions; saying that 9 out of 10 customers are using their latest router models and are benefiting from regular router security updates. This sentiment was mirrored by BT Group (owners of EE), TalkTalk and Vodafone who announced that the HHG2500 device included in the Which? report has not been supplied since August 2019.

Devices with weak default passwords: TalkTalk HG635, TalkTalk HG523a, TalkTalk HG533, Virgin Media Super Hub 2, Vodafone HHG2500, Sky SR101 and Sky SR102.

Routers affected by lack of updates: Virgin Media Super Hub, Virgin Media Super Hub 2, Sky SR101, Sky SR102, TalkTalk HG523a, TalkTalk HG533 and TalkTalk HG635.

Routers that passed the Which? security tests: BT Home Hub 3B, BT Home Hub 4A, BT Home Hub 5B and Plusnet Hub Zero 2704N


macOS Gatekeeper Vulnerability Discovered

Apple has released important security updates under macOS 11.3, in response to a serious gatekeeper vulnerability discovered by security researcher Cedric Owens.

The weakness, found in Apple’s ‘Gatekeeper’ tool which normally blocks unrecognised apps from being installed by default, allows a dangerous file to be rigged so as to not trigger the operating system’s inbuilt safeguards.

Writing in a Medium Post entitled ‘Gatekeeper Bypass: 2021 Edition’, Owens demonstrates a terrifying method by which an attacker can ‘very easily craft a macOS payload that is not checked by Gatekeeper.’

Once launched, no warning prompts prevent the user from installing just about any dangerous application, which can also communicate with external servers without even triggering App Transport Security (ATS).

The simplicity of the hack, which leverages the fact that scripts placed in Contents / macOS / directory are not checked, has been described by Objective-See as ‘massively bad’ and ‘a doozy’ of a blog post.

GateKeeper itself was originally introduced in 2012 as part of an effort to stop the spread of malware in Mac OS X ‘Lion’ v10.7.5, and was followed by enforced application notarisation in 2020 under macOS 10.15 ‘Catalina’, as Apple required software developers to have apps officially cleared for authorised use.

In response to the discovery, Apple have released macOS Big Sur 11.3 update with ‘improved state management’ that prevents the ‘bypass’ of Gatekeeper checks, and are urging macOS users to install the upgrade.

 

For Cybersecurity expertise and support, please contact our team today.


NHS COVID-19 update blocked for breaching privacy rules

The NHS COVID-19 app, run by the Department for Health and Social Care (DHSC), has had its latest update blocked due to a breach in the privacy terms outlined by Apple and Google.

NHS Coronavirus app, available on Apple and Android devices, was designed to include a new feature that would allow users (upon showing a positive COVID test result) to upload a list of all locations and establishments they have visited using a phone scan QR code.

The Exposure Notification System built into the app’s software would then alert other users who had entered the same venue to monitor their symptoms or to immediately be tested. This update relies on location tracking for its function – a tracking type heavily reliant on Bluetooth monitoring of surrounding devices with the app installed – outlawed by Apple and Google privacy agreements.

This is the latest in a calamitous string of COVID app mishaps by the UK Government who had only recently scrapped plans for their own rival system to the Apple and Android contact tracing system.

Total development of the UK based rival tracking app cost £12 million over a 3 month period, but was eventually rejected due to battery life issues, privacy concerns over Bluetooth’s potentially invasive interaction with, and data collection from, other apps installed on the device such as Facebook and Twitter. As a consequence, the Apple and Android app was adopted even with the concerns over restrictions of location data.

As the UK returns to a quasi-normal state with Phase 2 of lockdown lifting measures being rolled out today, this news comes as a blow for the Department of Health who have released a statement reassuring the public that the update blockage does not affect the overall functionality of the NHS COVID-19 app and that there are “discussions ongoing with our partners to provide beneficial updates to the app which protect the public”

Instead of the updated version, the previous form of the app will still be obtainable in both the Google Play and iOS App Stores.


Facebook & Linkedin breaches hit 500 million users

Facebook and LinkedIn have both suffered massive data breaches, exposing the details of more than 533 million and 500 million user accounts respectively, it has been revealed.

Extensive leaked data from Facebook was reportedly found online by security researcher Alon Gal – including the personal information of 11 million UK users such as phone numbers, locations, birth dates and many email addresses.

It’s believed that the ‘hack’ may relate to a bug in Facebook’s friend-adding ‘Contact Importer’ tool which was fixed in September 2019. Previous breaches in 2017 fell before the introduction of GDPR, which Facebook argues absolved it of responsibility to notify users.

Questions still hover over the LinkedIn breach in particular, with the company claiming much of their data appears to have been aggregated from other sources, or (like Facebook) were perhaps not technically ‘hacked’ at all – but scraped in bulk from publicly visible parts of the popular professional website.

The huge cache of Linkedin data was thought to be on sale, after security researches found a 2 million user ‘sample’ advertised online.

A Facebook spokesperson told Reuters the social media platform will not inform users if their accounts were part of the breach, and Linkedin are yet to issue a statement on this point – although given that LinkedIn has around 740 million accounts in total, a clear majority of its users are likely affected.

Users of both platforms can check if their email addresses (and now phone numbers) were likely breached via either platform over at: https://haveibeenpwned.com/ – and are advised to update passwords as a precaution.

 

For IT Support and cybersecurity expertise, please contact our team today.


32,000 Microsoft Exchange servers still at risk from Hafnium cyber breaches

Microsoft has announced that up to 92% of all stand-alone Exchange servers have been patched, following a mass data breach by Chinese state-sponsored Hafnium cybercrime group.

A mass attack on zero-day Exchange servers through four security vulnerabilities was identified and exploited by Hafnium in early March. Those with at risk servers, according to Microsoft VP Tom Burt, are recognised as 400,000 on-premise Exchange servers belonging to multiple government and corporate data centres including defence contractors, schools and other entities globally.

Consequently, the ProxyLogon security fixes released on 2nd March have mitigated this number significantly with 92% of Exchange servers now protected under the new patches. Nevertheless, Microsoft states that around 32,000 servers remained unpatched and vulnerable to Hafnium cybercrime including theft of confidential sensitive data together with installation of ransomware and ‘corrupted web shells’, such as China Chopper, allowing unrestricted external access to the unpatched Exchange servers.

These security fixes are in conjunction with Microsoft’s Exchange on-premises mitigation tool (EOMT) which installs defender scripts and dependency downloads whilst automatically running the Safety Scanner; troubleshooting any identified problems on the Exchange servers.

However, the patches do not protect servers that have already been compromised from further exploitation, therefore Microsoft has advised that organisations administrators scan their stand-alone networks for potentially installed malicious software and scripts in addition to the scans of EOMT.

The attacks themselves have raised questions over the security maintenance of in-house email servers and adds weight to the growing adoption of cloud-based internet email.


Urgent Patches issued for Microsoft Exchange Server

Microsoft have urged the system admins of on-premise Exchange email servers to upgrade in response to new breaches from state-sponsored hackers.

The Chinese group, known as ‘HAFNIUM’, are believed to have exploited previously undiscovered zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016 and 2019 via compromised US-based servers. Microsoft Exchange Online or related services (such as Microsoft 365) are not affected.

All four breaches were announced on Wednesday under the Microsoft Security Response Centre (MSRC) and graded ‘Critical’ – requiring urgent patching.

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 create a ‘perfect storm’ under which the attacker makes an untrusted connection to the targeted Exchange Server on port 443, and connects appearing to be someone with authorised access to add a web shell that grants a backdoor for future access.

HAFNIUM has previously been accused of industrial espionage and attempts to breach the technology of important private, public and national security organisations, including defence contractors.

As of 4th March, the Department of Homeland Security has also issued an emergency directive to all US federal agencies to urgently patch any on-premises Exchange servers by midday on 5th March.

 

For Cybersecurity advice and expertise, please contact our team today.


Cyber Aware Launch new Action Plan tool for Small Businesses

The UK National Cyber Security Centre have launched a new online Cyber Aware ‘Cyber Security Self-Assessment Tool’ to help small businesses.

Free to use, and aimed at organisations with fewer than ten staff, the short online questionnaire generates a handy to-do list of actionable cybersecurity recommendations and points to check, with guidance for each – depending on the answers submitted.

Questions are branching depending on the circumstances of each small business, but covers topics including backups, passwords, technology lifecycle management and more. Small business owners are also directed to useful plain-English resources to address each point highlighted.

Cyber Aware is a campaign launched by the UK National Cyber Security Centre (the public-facing arm of GCHQ) designed to provide simple guidance for individuals and small businesses to use technology more safely.

You can learn more about Cyber Aware, the NCSC, and get your own Action Plan here.

 

For IT Support and cybersecurity expertise: please contact our team today.


Microsoft cautions against SMS 2FA

Microsoft have announced they will direct users away from SMS 2FA (‘text-based’ two-factor authentication) for security reasons.

Instead, the company will promote multi-factor authentication methods they consider to be more secure – including biometrics and secure authentication apps such as Microsoft Authenticator – for logging into Microsoft services such as Microsoft 365 and Azure.

SMS-based two-factor authentication, where the user typically receives a passcode text message to their smartphone that acts as a secondary confirmation of who they are, has been a staple of online banking and many other secure online services needing two-factor authentication (2FA) for over a decade.

However many now believes even SMS can be intercepted, and would rather sign users onto authenticator apps or issue secure keys with encoded passcode generation.

Official Microsoft statistics state that users who enable Multi-Factor Authentication (MFA) on their accounts to verify identity block 99.9% of all automated account breaches. Using SMS-based two-factor authentication should not ‘stop’ doing so (despite the flaws of SMS, any 2FA is better than none) but users should consider swapping to other methods.

We’ve talked before about the often-predicted ‘death of passwords’ – and possible scenarios for their phasing out, but in recent years a number of big tech firms, including Apple, Google and Microsoft have all suggested their long-term plans that seek to replace passwords with biometric or other forms of login.

However this modification to Microsoft’s advice will see more of a driving force behind MFA as specifically biometric, authenticator app or secure-key based, rather than relying on mobile networks for one-time passcodes.

 

For cybersecurity expertise and support, please contact out IT team today.


Lineal Becomes Keeper Partner

Lineal Software Solutions has become a managed servicer provider for Keeper Password Management.

We tested a number of different Password Management providers, including 1Password and LastPass, but were particularly impressed with Keeper.

Password management is increasingly recognised as a key pillar of cybersecurity: the UK National Cyber Security Centre admits it is ‘virtually impossible’ for users to use unique passwords for all their accounts without software assistance.

Password managers help users remember all their passwords – but can be a much more powerful tool for dramatically limiting the damage in the event of a single account being compromised.

Criminals increasingly use credential-stuffing attacks where automated tools use previously-breached account details to gain access to the user’s other accounts.

A good password manager ensures you can use a strong, randomly generated and distinct password across each of your accounts to prevent any single breach putting other data at risk.

Keeper can also notify users when breached passwords are identified online, integrate with single sign on tools such as Active Directory, and enforce multi-factor authentication – all important considerations for organisations needing to maintain cybersecurity standards across large teams.

For added convenience, Keeper is available via the web, Windows/MacOS desktop clients, browser extension and Android/iOS mobile app.

 

For Cybersecurity advice and expertise, please contact our team today.

 


Windows XP Source Code Leaks Online

The original source code to Microsoft Windows XP and Windows Server 2003 has leaked online – nearly two decades after their original release.

Official support for Windows XP ended back in 2014, and the final security patch was a one-off release in 2017 released in response to the WannaCry ransomware attack that temporarily crippled large parts of the NHS.

Among the interesting things we learned were that Microsoft originally included a hidden theme that made Windows XP look like Apple’s rival macOS operating system, and that the 4chan poster who released the dump had either added or helped spread anti-vax and population control conspiracy-theory material about Microsoft founder Bill Gates.

According to NetMarketShare, Windows XP still accounts for at least 1% of all PCs that generate web traffic worldwide (around 25 million PCs) although may actually include many air-gapped factory PCs and similar in practice.

The 43gb data dump has been available to Government agencies and similar for a while, although it’s unusual that the public at large have the opportunity to discover zero-day exploits for an entire operating system. Microsoft urges that users should not still be using XP, and the outdated platform is insecure even for the oldest legacy services.

 

For IT expertise and guidance, contact our IT team today.


DNS Vulnerability: Your IT Team to the Rescue

July 14th: as Microsoft flag a ‘Critical’ Level-10 DNS vulnerability on Domain Name System (DNS) servers worldwide, Lineal engineers rush to patch the infrastructure of dozens of organisations overnight.

The Microsoft Security Response Center recently released details of CVE-2020-135, a ‘Critical Remote Code Execution’ weakness deemed ‘wormable’ (potentially spreading between devices automatically) affecting all Windows Server versions.

A grade of 10.0 is the highest possible severity level that can be assigned under the Common Vulnerability Scoring System Calculator. For comparison the WannaCry attack, which temporarily crippled the NHS in 2017, had a CVSS rating of 8.5.

Lineal staff use remote monitoring software to administer large numbers of client servers and devices, monitor hardware health and deploy patches more rapidly – and were quickly on the case overnight to patch the vulnerability as a special emergency.

dns vulnerability conversation

Within 8 hours we’d patched a large number of DNS servers – applying both an initial fix and further scheduled updates.

DNS is a naming technology which translates the identities of computers, servers and other networked devices into the IP addresses used for connecting on private and public IT networks.

dns how stuff works diagram

For this reason, DNS servers often have massive reach, and must be carefully protected to mitigate the risk of compromising an organisation’s technology on a huge scale – even across the globe.

Israeli IT security firm Checkpoint Software Technologies, who discovered the 17-year old hidden bug and reported it to Microsoft, argue ‘this is not just another vulnerability’ and risks handing an attacker ‘complete control of your IT’ if IT admins fail to address the issue urgently.

 

For IT expertise and support, please contact our team today.


New macOS ransomware warning

Cybersecurity experts are warning against a prevalent new strain of macOS ransomware for Apple devices dubbed ‘EvilQuest’ – packaged alongside pirated versions of popular apps.

Like most ransomware, EvilQuest encrypts all the Apple user’s files and demands a $50 ransom for decryption within 72 hours.

While many Mac users believe malware for Apple devices does not exist – this is simply untrue. The newest strain comes after similar infections spreading between Mac users in recent years, including KeRanger and Patcher.

EvilQuest is also a more sophisticated effort than most attempts by cybercriminals: the app is correctly code signed, with a very convincing installer, and even overpowers the Mac versions of common antivirus softwares such as Norton, Kaspersky, Avast, McAffee and Bullguard.

The trojanised software known to be used to deliver EvilQuest to unsuspecting victims are torrent download versions of popular Apple macOS apps, examples of which include Little Snitch, Ableton Live and Mixed in Key 8 – a popular DJ software.

Among the important steps Mac users should take to reduce the risk of macOS ransomware are:

  • Keep a regular, organised regime of backups, offline and air-gapped from the device itself.
  • Only download Apps from reputable sources.
  • Consider whether utilities like Malwarebytes and RansomWhere are needed as extra precautions.

 

For IT Support and cybersecurity expertise, please contact our team today.


Dropbox Trial New Password Manager

Cloud storage giant Dropbox is beta-testing a new password manager app – ‘Dropbox Passwords’ – by invitation only.

Password managers allow the user to generate and store encrypted, complex passwords for many user accounts inside a single piece of locked software and autofill them into websites and applications – making it easier to use diverse, complex passwords across all of your IT.

Password managers are measure increasingly recommended by respected cybersecurity authorities – including the UK National Cyber Security Centre. Options like 1Password, Lastpass and others are already well established, although Dropbox is likely to have significant reach to business customers considering using a password manager for the first time.

dropbox password manager google play

Unlike bigger rivals such as Microsoft’s Office 365 and Google’s G-suite, Dropbox do not offer workplace document editing apps – leading the company to explore new avenues for branching out beyond file-sharing and cloud-storage.

These plans have included Dropbox Paper (a collaboration and project management tool), integrations to other growing challenger-platforms such as Slack and Zoom, and now password management.

The rise of password managers have prompted some to speculate that the age of passwords (or at least – memorised key-string passwords) may be over – either replaced by biometrics or generated, encrypted, held and recalled by software.

Principally a cloud-storage company that helped establish file-sharing in the minds of those who had never used it before, only time will tell if Dropbox can establish a broader brand for securing a cloud-first IT business world.

Dropbox Passwords can be found by invitation only here: https://play.google.com/store/apps/details?id=com.dropbox.passwords_android

 

For cloud-software and cybersecurity expertise, please contact Lineal today.


Securing the NHS C19 Contact Tracing App

The combined NHS Digital Taskforce, NHSX, recently beta tested the new UK Covid-19 contact tracing app on the Isle of Wight, and have released code to the cyber security community to review.

The app logs interactions with other bluetooth-enabled smartphones each day, and allows the NHS to notify users who have been in contact with self-reporting Covid-19 cases that they should re-enter isolation as a precaution.

A recent blog post by the UK National Cyber Security Centre identified a number of areas for improvement, with the contact tracing app itself expected to be officially released in June 2020.

 

The Pairing Problem

NHS servers ping the app every 8 seconds to confirm active connections, and the app itself records received signal strength indicators (RSSI) via Bluetooth to gauge where users have been in contact with each other. Users then upload their records if they experience symptoms.

Any attacker with access to this upload traffic, (which does not include the user ID but is unencrypted) could begin comparing submissions via start/end times and signal strength readings, and would theoretically be able to pair these users together.

This problem of uniquely identifiable pairs potentially compromises the identity of the individuals using the app, as well as their location history relative to each other.

The NCSC have confirmed that in the release version, even ‘anonymised’ RSSI data will itself be encrypted, to stop any third-parties attempting to ‘re-identify’ either or both of the users.

 

Intercepting the Public Key

In beta testing, the Authority’s Public Key was not transferred to the user’s phone via TLS encryption (like a secured web-page) raising the possibility that although the app could be downloaded successfully, this important piece of information used for submitting data could be compromised.

This would be akin to a kind of ‘man-in-the-middle’ attack, where a user’s encrypted uploads could be (even if not unencrypted) sabotaged or withheld during transmission back to NHS systems.

Security researchers have suggested that since this key is not secret, it should be wrapped into the installation of the app itself.

The NCSC have since confirmed that intermediate certificate pinning has been used to reduce the risk of this happening, and that this limitation will be fixed once the Isle of Wight trial ends.

 

Bluetooth Broadcast Values

The app operates via broadcast values with change every 24 hours to prevent a device being tracked by Bluetooth over longer periods of time. This is significantly longer than the industry standard 15 minutes.

However, more controversially, a predictable ‘KeepAlive’ counter is used to connect old and new broadcast values, raising the potential for an attacker to re-identify the user beyond the 24-hour limit.

The NCSC defends the longer-term tracing as necessary to establish social interactions more accurately, but has resolved to randomise the counter to stop broadcast values being easily matched or the user re-identified endlessly.

 

Whistleblowing

Under beta testing, the app’s original policy documentation contained the line: “You may not publicly disclose any details of the vulnerability [that you’re reporting] without consent from NHSX.”

This would have run counter to the NCSC’s own vulnerability disclosure policy, which suggests that members of the technology community should be encouraged to highlight system weaknesses (particularly during public consultation beta-tests) for correction.

This line is to be removed from the public release version.

 

For cybersecurity support & IT expertise, please contact our team today.


easyJet Hit by Cyber Attack

Popular short-haul airline easyJet has been hit by a cyber attack, affecting around nine million customers.

In a statement, easyJet says that a “highly sophisticated cyber-attack” discovered in January 2020 compromised email addresses and travel details of roughly nine million travellers. For 2,208 customers, credit card information was also accessed.

No further detail has yet been publicised as to the nature of the breach, although the company stated that it had “closed off unauthorised access”.

The bad news comes at a difficult time for airlines, as air-travel has declined dramatically in the wake of Covid-19 restrictions. When faced with a similar situation in 2018, British Airways received a large financial penalty of £183m from the Information Commissioner’s Office.

The airline are making contact with all affected customers warning extra vigilance towards ‘unsolicited communications’, due to the heightened risk of phishing attempts from criminals masquerading as easyJet who may have gained access to customers’ personal details.

Under new GDPR guidelines introduced in 2019, it is mandatory that breached organisations report to the UK Information Commissioner’s Office (ICO), who are currently investigating.

 

For cybersecurity and IT Support expertise, please contact Lineal today.


NCSC Whitelist & Blacklist Terms Replaced

The UK National Cyber Security Centre (NCSC) are officially removing the technical terms ‘Whitelist’ and ‘Blacklist’ from their organisation in an effort to be more inclusive.

The terms ‘Whitelist’ and ‘Blacklist’, which refer to lists of permitted and not-permitted things in the cybersecurity world, will be replaced with the more literal and accurate ‘Allow List’ and ‘Deny List’.

Prolific spam email domains for example are often ‘Blacklisted’ by system administrators – a negative association the NCSC feels should not, even inadvertently, imply a connection to skin colour.

The organisation, a more public extension of GCHQ, acknowledged in a statement on their website that whilst “…it’s not the biggest issue in the world…”, the organisation is acting positively in response to requests from the public, is making an effort to be more inclusive, and that using such terms might otherwise have impaired the recruitment of valued “future colleagues.”

‘Blacklisting’ also has an unfortunate connotation with an illegal practice of barring whistle-blowing employees and trade union members from working across certain sectors, which has a history within the construction industry among others.

Google Chrome, Microsoft Edge and others have made similar terminology decisions – deciding that pejorative references to colour should not be used in cybersecurity terminology.

 

For IT Support and cybersecurity expertise, please contact Lineal today.


Number of Covid-19 Scams Explodes

The volume of Covid-19 scams and phishing emails has increased dramatically in recent weeks according to cybersecurity authorities.

Email security software and cybersecurity provider Barracuda Networks has reported a 667% increase in phishing emails throughout the pandemic.

Common scams include pretending to represent Government, law enforcement or medical authorities to obtain information or financial payment, blackmailing users with threat of infection, donation requests for fake organisations, and malware distribution – including one new ransomware even dubbed ‘Coronavirus.’

Barracuda Covid-19 email scams graph

Via Barracuda: Source 

In a joint statement published in April, the UK National Crime Cyber Security Centre and US CISA (Dept. of Homeland Security) notes the sudden rise in Covid-19 scams, and even highlight instances of SMS text-messaging phishing attempts mimicking UK Government text alerts.

In the example cited, a fake compensation payment is offered to entice the user to hand over details via an imitation UK Government website.

covid-19 scam sms phishing example

There has also been a growth in online hackers and trolls targeting Zoom and other video conferencing platforms. Users unfamiliar with this kind of software in particular may prove an easy target for cyber criminals.

Phishing scams are part of a larger trend of online Covid-19 themed fraud. In March, the NCSC removed around 500 fake online shops claiming to be selling fraudulent virus-related items over the internet.

Google currently estimate that Gmail filtering is blocking over 100 million phishing emails each day, and that almost 20% of online email scams now refer to Coronavirus (around 18 million) – likely to be the largest phishing ‘theme’ in history.

 

For cybersecurity expertise and assistance, please contact Lineal today.


Uh Oh, Time to Patch Firefox Again

Mozilla have released an urgent patch to version 74.0 of Firefox, notifying browser users around the world that it’s time to patch Firefox again.

The timing of the new patch, which also affects the ‘Extended Support Release’ (version 68.6) suggests that the latest update fixes a vulnerability which (at worst) may have been live in the browser since July 2019.

Mozilla’s official announcement from 3rd April categorises the impact as ‘Critical’, and states that ‘we are are of targeted attacks in the wild abusing this flaw’.

The precise details of the security flaw have not yet been published, although we know that the issue refers to a ‘use-after-free’ function by which the browser frees up previously occupied memory back to the device – with online cybersecurity blogs speculating that any new contents of the relinquished memory may still have some level of access to the browser.

Community-led Mozilla, whose popular Firefox browser is still the World’s second-most popular desktop browser, suffered other critical security flaws as recently as January – when the US Department of Homeland security took the unusual step of instructing users to urgently update their browsers following the discovery of a vulnerability which granted potential access to the operating system.

Not that Mozzilla are unique in such issues: Google also faced embarrassment in recent months after rolling out an experimental change to Chrome which left millions of users unable to load new tabs.

Patch your browser regularly: Firefox users can update to version 74.0.1 via:

  • To upgrade on PC, open Firefox and click ‘About’ and select ‘Restart and Update Firefox.’
  • To upgrade on Mac, open Firefox and click ‘Options’, ‘Firefox Updates or Options’, ‘Advanced’, ‘Update to update Firefox.’

How secure is your password?

How secure is your password?… One of the biggest reasons for security breaches is weak passwords.  People often choose passwords that are too short.  Regardless of how tedious it seems, make it a point to update your passwords regularly; use upper and lower case letters along with symbols and numbers.

The key measurement of password security is entropy. This, in computer science terms, is a measurement of how unpredictable a password is, based on how long it would take an attacker to work it out by making a guess at each character.  As a standard, longer passwords are by definition more secure and harder to crack.  In the table below you can see how shorter/easier passwords, are quicker to crack.

Password strength

What should a password look like

Strong, secure passwords have a lot in common; they are usually long, unique, random and involve a mixture of lowercase and uppercase letters as well as special characters and numbers.  Trying to create passwords that comprised of all of these aspects, can sometimes be challenging.

Most insecure passwords are the result of our human behaviour. People do a lot of very predictable things and in general find it difficult to be random, especially when they are actively trying to be.  For instance putting special characters only at the beginning or end rather than mixing them up in the middle, or using common phrases and keyboard patterns.  So that we can remember we often try to use memorable pieces of information but we should always, where possible, avoid clues and references to our personal lives.

Where can I go for advice

There are many articles online to help assist with what a strong password looks like.  At a recent event Lineal ran with the South West Police Regional Cyber Crime Unit, which focused on cyber security, password strength was highlighted as a high risk for many businesses and individuals.

To find out more, or if you require any help with ways to help protect your business, please contact the IT support team at Lineal.


Lineal Hosts SW Police Cybersecurity Workshop

Local businesses recently gathered at Barnstaple Library for a special cybersecurity workshop organised by the South West Police Regional Cyber Crime Unit and Lineal Software Solutions Ltd.

Thirty participants from firms across the South West took part in a series of lego-based group exercises highlighting key concepts in cybersecurity, as they sought to protect a fictional utilities company from attack by common real-world cyber crime.

The winning team defended their company by spending their budget on the correct countermeasures at each stage of the exercise, and strategically limiting the damage from any breaches in security.

The South West Regional Organised Crime Unit (SW ROCU) is one of nine regional units across England and Wales that delivers specialist capabilities to target and disrupt serious and organised crime. Designed to raise awareness of coordinated digital threats, the cybersecurity workshop session is part of a new educational initiative being run by the Police right across the region.

Group exercises were followed by a short Q&A including advice for businesses on related topics including network best-practice, password policy, physical security, and the Government’s new Cyber Essentials certification.

Lineal’s Head of Technical Services, Matt Norris, explained: “We were to delighted to be able to organise the Cyber Crime Unit to run this very special workshop for local companies: we see cyber attacks becoming ever more sophisticated, and the SWRCCU takes a really positive and constructive approach to educating business owners about how to protect their organisations and employees.”

“Many businesses struggle to grapple with cybersecurity, but help and expertise is accessible.”

 

You can learn more about the South West Police Regional Cyber Crime Unit’s and their educational work across the South West online here.

For IT support and cybersecurity expertise, please contact Lineal today.