google-site-verification: googlee9447d3b266da5de.html
top of page
Search

NCSC (National Cyber Security Centre) - Weekly Threat Report


Weekly Threat Report - 23rd October 2020

US warns of Chinese actors exploiting public vulnerabilities

The advisory details 25 vulnerabilities being exploited or targeted whilst offering mitigation advice. Many of the vulnerabilities allow attackers to gain access to a victim’s network by exploiting products directly connected to the internet. Once inside the network, these actors can then exploit further from within. The NSA has also produced an infographic breaking the 25 vulnerabilities down by threat. The advisory stresses the importance of patching and following mitigation advice for these public vulnerabiities.

Anne Neuberger, NSA cybersecurity director, commented: “We hear loud and clear that it can be hard to prioritize patching and mitigation efforts,

“We hope that by highlighting the vulnerabilities that China is actively using to compromise systems, cybersecurity professionals will gain actionable information to prioritize efforts and secure their systems.”


Marks & Spencer CEO spoofed

Cyber criminals are using fraudulent advertising to entice shoppers to claim a free gift voucher as part of a fake prize draw, by impersonating the M&S CEO, Steve Rowe. Unwitting victims who click on the ad are redirected to an M&S branded portal and invited to enter personal information such as an email address, mobile telephone number and bank details.

Our recent post details the use of malicious URLs linking to fake celebrity-endorsed investment schemes.

If you need to report a fraud or a cyber crime attack, please refer to the Action Fraud website. You can also report a potential phishing message to the NCSC using the Suspicious Email Reporting Service (SERS).

Further information on how to prevent your organisation becoming a victim of spoofing is available in our email security and anti-spoofing guidance.





 
 
 

Comments

bottom of page