Cyber Security and Data Threat Round Up: 13 January 2020
Welcome to the fourth in our series of fortnightly blogs which comprises of information gleaned from the National Cyber Security Centre (NCSC).
These blogs bring together the latest cyber security threat reports. Please feel free to share this information with your own customer base.
In this threat round up blog…..
Travelex New Year’s Eve incident
There has been prominent media coverage this week after foreign exchange company Travelex suffered a ransomware attack on New Year’s Eve.
The company has taken all of its systems offline in a move they said will prevent the spread of the virus further across the network. Travelex have said there had been no evidence customer data had been compromised.
Media reports have said those responsible for the attack have set a ransom to the company, and have threatened to release data obtained through the attack. The Information Commissioner’s Office (ICO) have been in contact with Travelex to advise on “potential personal data issues”.
Security issues in Citrix products reported by researchers
Positive Technologies have reported a security issue that affects Citrix products. The flaw could give attackers an opportunity to search for weaknesses on the internet.
Honeypots run by security researchers have shown potential attackers scanning the internet for potentially vulnerable instances. This may put organisations that are exposing them to the open world at risk of being attacked and compromised.
Citrix have published an advisory, which recommends mitigation for customers to apply and advice on how to upgrade all of their vulnerable appliances to a fixed version of the appliance firmware when released.
As always, the NCSC recommends making use of the latest and most up to date security patches, and following vendor provided mitigation advice. Good security architecture may help to limit exposure, and consider the impact of such products are used to control access to management interfaces.
TikTok fix flaws following vulnerability report
TikTok, a video-sharing platform, has acted upon security flaws which were highlighted by researchers at the security firm, Check Point.
A number of issues were spotted by researchers which included the potential to allow hackers access to change privacy settings, steal personal data and add or delete videos. Before the attack, it would have been theoretically possible for hackers to access private personal information that are required to set up an account on the service, such as mobile phone numbers.
TikTok’s developer ByteDance were informed in November and the social platform has publicly thanked the researchers.
The platform allows users to create short videos and has experienced huge growth over the past few years.
Ready to join the revolution?
If you are in the cyber or cloud space and want to generate more demand for your existing products and services, Boost Technology Group can help. Our award-winning team can help your cyber and cloud organisation improve your chances of winning business through the provision of specialist demand generation marketing, sales education and sales enablement services.
To find out more contact us and book a FREE discovery call.
Call: 0203 740 4074
Email: contactme@boost-performance.co.uk
