Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Internet safety for children is incredibly important but can sometimes be difficult to do without compromising your relationship with your child. The internet is a very dangerous place and, without supervision, may expose your kids to potential predators and online abuse. There are some apps dedicated to child-safety and are capable of monitoring YouTube searches, blocking certain applications, blocking phone numbers and setting screen-time limits. The Daily Mail has compiled a list of various ways you can help keep your children safe, and we encourage all parents to not be complacent when it comes to the importance of online safety.
By dailymail.co.uk
This week, WH Smith announced that they recently suffered a cyberattack, that resulted in the attackers accessing sensitive company and employee data. While the personal information of current and former employees was leaked, The British retailer confirmed that no customer data had been compromised in the attack. WH Smith’s operations have not been affected by this incident, but they are currently working on implementing ‘special measures’ to protect against future attacks.
By bleepingcomputer.com
With Multi-Factor Authentication becoming increasingly popular, many cybercriminals are directing their focus towards bypassing the seemingly impregnable security measure. Microsoft advertise that MFA can prevent 99% of all account hacks, making it seemingly impossible for attackers to compromise protected accounts. We have seen some bypasses for MFA in the past, specifically related to one-time passwords sent via SMS, but attackers are yet to reliably breach accounts protected through authenticator apps. These cybercriminals appear to be doubling down on developing new attack methods to bypass multi-factor authentication, such as MFA Fatgiue.
By darkreading.com
LastPass have come out with more information about the attack that occurred in December 22 2022. They have said that they have completed an exhaustive investigation and have not seen any threat-actor activity since October 26, 2022. LastPass has said “During the course of our investigation, we have learned a great deal more about what happened and are sharing new findings today. Over the same period, we invested a significant amount of time and effort hardening our security while improving overall security operations.” This latest update contains recommendations for both public and business consumers of the service, which if you are a current customer we recommend you read and take action ASAP.
By blog.lastpass.com
TikTok answers three big cyber-security fears about the app. China have accused the US of exaggerating national security fears about TikTok to suppress the Chinese company. The US government have been given the order to wipe all staff devices of the Chinese app within 30 days. This is because of the concern over cyber-security and data privacy. They narrowly escaped seeing their smash-hit app banned in the US back in 2020. While some researchers claim that TikTok harvests an excessive amount of data, others feel this is no different than any other social media platform.
By bbc.co.uk
US Marshals Service have been hit by a ransomware attack and have leaked sensitive information from the law enforcement agency. Drew Wade, the spokesperson for Marshals Service, described as having impacted a system that “contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.” The real concerning aspect is that information on its witness protection program may have also been exposed.
By theregister.com
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #226 – 3rd March 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
