Urgent updates and actions following Exchange server vulnerabilities. This alert is an updated version of the NCSC alert and contains additional information on installing updates and detection. Microsoft made public that sophisticated actors had attacked a number of Exchange servers. In response to this they released multiple security updates for affected servers.
The vulnerabilities affect Microsoft Exchange Server. The affected versions are:
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
Install the latest updates immediately
This should be the first priority for all UK organisations using affected versions of Microsoft Exchange Server. Security updates can be found on the Microsoft website. If organisations are unsure about how to update or uncertain whether updates have installed successfully, please refer to the Microsoft support documents.
If organisations cannot install the updates, or apply any of the mitigations, the NCSC recommends isolating the Exchange server from the internet by blocking untrusted connections to the Exchange server port 443.
The NCSC strongly advises all organisations using affected versions of Microsoft Exchange Servers to proactively search systems for evidence of compromise, in line with Microsoft guidance linked below.
If you need further advice about how to protect yourself from cyberattacks and vulnerabilities, get in touch with a member of our team today!
A Study has found that millions of people in Britain are using their pet’s names as their password, weakening their security and making their accounts easy pray for cybercriminals.
According to The National Cyber Security Centre (NCSC) 15% of the population used pets’ names, 14% use a family member’s name, and 13% pick a notable date.
NCSC communications director Nicola Hudson warned: “We may be a nation of animal lovers, but using your pet’s name as a password could make you an easy target for callous cyber-criminals.”
Using your pet’s name as your password reduces the strength of your protection against cybercriminals, especially if you have posted about your pets online on any of your social medias. You can find out more about how your digital footprint can affect your cybersecurity here!
This complacency of password strength is exacerbated by the practice of using the same password across multiple social medias. If a single one of your passwords ends up on one of the databases that cybercriminals use, then your security can be compromised across all of your accounts.
Further advice given by the NCSC includes the following:
- Use a strong and separate password for your email. If a hacker gets into your email, they could reset your other account passwords and access information you have saved about yourself or your business. Your email password should be strong and different to all your other passwords.
- Create strong passwords using three random words – when you use different passwords for your important accounts, it can be hard to remember them all.
- Do not use words that can be guessed (like your pet’s name). You can include numbers and symbols if you need to. For example, “RedPantsTree4!”
If you are concerned about your cybersecurity, you can get in touch with a member of our professional security team for a FREE cybersecurity consultation today!
When cybercriminal obtain information from breaches, they may utilise these details for scams to try and steal personal data, which could lead to a serious compromise in security resulting in financial damage.
The National Cyber Security Centre (NCSC) warns the public of the threat to their personal data following cyber attacks or breaches after 46%* of UK businesses reported incidents in the last year.
You may experience suspicious scams in the form of emails or texts that are the product of sophisticated phishing scams. Data stolen such as email addresses and phone details may give cybercriminals enough data to be able to build a very convincing phishing scam, posing as your bank or mobile provider.
An example is if people receive a message that includes a password they have used in the past, the recommendation is to change the password immediately to one that uses 3 random words.
You can spot these kind of scams by the following traits:
- official-sounding messages about ‘resetting passwords’, ‘receiving compensation’, ‘scanning devices’ or ‘missed deliveries’
- emails full of ‘tech speak’, designed to sound more convincing
- being urged to act immediately or within a limited timeframe
If you receive a message or phone call about a security breach that doesn’t feel right, here’s what to do:
- if you’ve received a suspicious email, forward it to the National Cyber Security Centre’s Suspicious Email Reporting Service at firstname.lastname@example.org
- if you’ve received a suspicious text message, forward it to 7726 (a free service)
- if you’ve received nuisance, suspicious or unwanted calls, hang up and contact your phone provider
- if you have been a victim of a sextortion scam, then report it to your local police force by calling 101
If you have any concerns about your cybersecurity, or if you would like to book a FREE consultation to avoid cybersecurity leaks and attacks, you can request via this form here and a member of our expert team will get back to you!
Are you staying safe whilst gaming online? The gaming lifestyle festival DreamHack has shown the extent of cyber attacks on the gaming industry, which has suffered 152 million web application attacks and as many as 10 billion credential stuffing attacks in the past two years. Whatever your preferred console of choice, thanks to the lockdown and Covid restrictions put in place, online gaming has served as a major form of entertainment and social interaction for many people across the world. With many new accounts being created, cyber criminals were quick to take advantage of this. We chatted to some gamers to get first hand some of their top tips on how to stay safe whilst gaming online!
Akami noted showed that 55% of people who identified as frequent gamers had had an account compromised at some point whilst gaming. Steve Ragan, Akamai security researcher and report author said that “Criminals are launching relentless waves of attacks against games and players alike in order to compromise accounts, steal and profit from personal information and in-game assets and gain competitive advantages. Besides credential stuffing attacks using stolen credentials, most relevant scams inlude phishing attacks against gamers which tend to rely on fake websites related to a game or platform to trick players into handing over their login details.”
We interviewed Xbox Gamer Alfie, 12, who said that to make his Xbox account more secure, he made sure to set up two-factor authentication, using both a number PIN and a password to get into his account. He continued to tell us that Xbox would not accept a password under 8 characters and would notify users if a password was weak upon creating an account. Alfie also made us aware that in order to combat phishing scams, Xbox made it so that any links that were sent via game chat would not be clickable. He tells us that he enables invite-only feature which means that he can only play and chat with people who he has knowingly selected, avoiding outside strangers being able to interact with the party. Alfie acknowledged that enabling a VPN (virtual private network) is also a great way to keep data protected when gaming online, and was aware of the cybersecurity risks of leaving an account open leaving with Paypal and bank card details exposed to hackers, although his own personal experience with hackers was that they would delete data in mindless trolling attempts. This case study shows that consoles such as Xbox have taken basic measures to help guide its users to be aware of their safety when gaming online, and younger users actually seem pretty switched on to the possible vulnerabilities hackers may attack. You can read more on how to make your children aware of cybersecurity during homeschooling here.
We spoke to another gamer of a slightly different demographic. Demi is 25 years old, and said that they use a proxy when playing games, and only ever plays with friends because they find playing with strangers “terrifying”. They also mentioned that they never use webcams or shares their location. This is great advice to also protect users from grooming or other sinister motives.
Gamer Demi, 24, gave us some good tips on how to create a safe username when setting up your account. “Do not make a username that contains your actual name, any hints to where you live, or your birthday.” This touches on an important topic, as hints of your personal data can give away clues to your security questions if you bank online etc.
Further tips for gaming safely online includes:
-Thinking about what you’re sharing online.
-Thinking about who you’re playing with. You can report and mute anyone who’s abusive, threatening or who tries to bully you. people might not always be honest about who they are, so be careful of scams, and don’t accept gifts or offers that seem too good to be true. Be nice to the people you’re playing with, even if they’re not as good at the game.
-Checking your privacy settings. Changing your privacy settings can affect who can see if you’re online, who you can play with and whether people can see what games you’re playing.
-Watch out for loot boxes and in-app purchases. Check whether something will cost real world money before you buy anything. Don’t buy items from websites outside of the game itself
-Remember Mods and downloads aren’t always safe. Downloading cheats or mods from websites other than the official game website can be dangerous. Mods can contain viruses that will damage your computer or mobile, and give hackers access to your personal data. Whenever you can, always use your mobile’s app store or download mods from official websites.
If you need further support get in touch with our expert team today!
With a huge move to home schooling following the policies introduced during the third national lockdown, many parents find themselves with the task of homeschooling their children. Often they are using the family computer and laptop equipment they have at home. This can pose a number of challenges, not least because of the workload, but also due to the cybersecurity risks present. So what steps can you take to help ensure that children are staying safe whilst they are online?
It can be difficult enough for adults to spot cyber vulnerabilities and hacking attempts, but for young children who often have limited experience with technology, it can be even more difficult. This is why it is important to make your kids aware of the dangers facing the world, particularly when they are spending more time accessing multiple platforms through your home computer. Here are a few tips to help your children stay safe whilst they are working from home through school closures.
- Have an open and honest conversation with your children about why it is important to stay safe online. The earlier you have these conversations the better. Encourage them to come to you if anything doesn’t feel right, or if they have any questions. The “stranger danger” conversation is always important, but even more so when dangerous people could be hidden behind a computer screen.
- Resources such as games and videos can be used to teach children about the importance of staying safe online.
- Set clear boundaries so that time spent on the computer is scheduled. This will help avoid the accidental or mindless surfing of potentially dangerous websites.
- Remind your children never to give out any personal information such as their address or telephone numbers, especially if they are using online bulletin boards or chatrooms. Remind your children what their digital footprint is.
- Make sure you remember to regularly update the software on your computer to patch up any security bugs or online threats.
- Monitor online activity, and you can also explore various parental controls on the device your child is using.
- You can take this online quiz with your child to test how safe your child is online.
- Keep any files that may relate to the grown up’s work documents safe by creating a new user on the computer. Here is a useful guide to creating a child’s account to your computer.
Remember, honesty is always the best policy. Keep conversation about cybersecurity open and truthful, and harbour an atmosphere where children can ask questions and can come to you if anything is wrong.
If you have any further questions about cybersecurity, get in touch with the Kerbury team today!
With the flurry of excitement that precedes christmas, it’s easy to get swept up in the online-shopping frenzy. Everybody wants to ensure that they buy the perfect gifts for their loved ones, and in the rush may forget about their cybersecurity. Hackers and cyber criminals are well aware of this fact, and will try to exploit as many online shoppers as possible, and what you don’t want is to fall victim to fraud, especially at this time of year! In 2019, the FBI’s Internet Crime Complaint Center got an average of 1,300 online theft complaints a day with a total of $3.5 billion in losses to individuals and businesses! To combat this, at Kerbury we have created a list of things to be aware of to help you shop safely online this Christmas!
- Don’t Browse On Public Wifi
It’s tempting to hook up to your local cafe’s wifi and browse online stores whilst drinking your coffee, but be aware that this has its risks, such as being vulnerable to hackers stealing your payment details!
2. Only Pay Where You See The Padock In The URL
This usually means the payment platform is secure, however it isn’t always a guarantee so be vigilant. The URL should also begin with “https” not simply “http”.
3. Don’t believe the unbelievable!
Many websites that offer tantalisingly low prices or bargains are out to steal your personal information or steal your money. If they are offering a car for a fiver, then that might be a red flag!
4. Keep Those Receipts!
After your purchase, note down your tracking number, payment number, and receipts, to ensure that if anything did go wrong that you can resolve the issue quickly.
5. Update your browser and software
Unpatched software is a frequent cause of malware infections. Online shoppers are most at risk due to the sensitive information involved in purchasing items. Make sure you at least have an updated browser when you order things online, which will help secure your cookies and cache, while preventing cyber criminals being able to steal your personal information.
6. Having A Strong Password Is Always Key!
Having a strong, varied password can help keep cybercriminals at bay. Ensure you have a combination of uppercase, lowercase, special characters and numbers. You can read our article on how to make a strong password here.
7. Be Aware Of Email Phishing.
No matter how exciting that deal may seem when it lands in your inbox, don’t be fooled into clicking links from users you do not know. Here’s a great Kerbury article on how to spot phishing scams.
Remember, if you ever need support, contact our friendly and professional team today, and Merry Christmas from everyone here at Kerbury!
As the UK faces a second lockdown, we here at Kerbury want to ensure you that whilst things may feel uncertain, you can trust your security to our professional team.
A return to a working from home environment poses a number of risks to your cybersecurity. Not only do the devices that employees are working at need to be secure, but so does the internet connection, and a number of other variations. The management of data that would usually be handled within business infrastructure is now being dealt with in a home setting.
By adopting workarounds employees could be putting their organisation at risk from cyberattacks, especially as hackers increasingly turn their attention to remote workers. “People will cut corners on security best practices when working remotely and find workarounds if security policies disrupt their productivity in these new working conditions,” said Tim Salder, CEO of Tessian
Cyber criminals are switching tactics and exploiting COVID-19-related fears among the population. As a result, working from home is becoming a gateway to new forms of data theft. 26% of survey respondents report they are currently tempted to keep copies of valuable company data in case “the worst comes to the worst” (the company becomes insolvent or they lose their job).
There has also been a huge spike in phishing emails from criminals looking to exploit employees working from home without the support of IT workers behind them. Appropriate training and education of what a phishing scam is and how to avoid them can help aid in the battle against this kind of cybercrime.
Some things to remember, from our article on how to ensure cybersecurity while working from home during COVID19 pandemic:
- Ensure your Wi-Fi connection is secure. While most Wi-Fi is correctly secured, some older installations might not be, which means people in the near vicinity can snoop your traffic.
- Ensure anti-virus is in place and fully updated.
- Check all security software is up to date: Privacy tools, add-ons for browsers and other patches need to be checked regularly.
- Have a back-up strategy and remember to do it: All important files should be backed up regularly. In the worst case scenario, staff could fall foul of ransomware for instance. Then all is lost without a backup.
- Make sure you are using a secure connection to your work environment.
- Check if you have encryption tools installed.
Hardware as a service is also a service offered at Kerbury.
Similar to renting hardware, it shares some of the same benefits. You are essentially borrowing the hardware to use short or long term, returning equipment at an arranged point. What sets it apart from a rental is that you are paying for a service to support the hardware. Think of it as paying for the utility. Read more about the benefits here.
As ever, contact the Kerbury team if you have any concerns about the cybersecurity of your work from home set-up!
Whilst Social Media is a wonderful way to stay in touch with friends and family all around the world, it is important to be aware of how much of your private data is collected whenever each social media platform is used. It is also vital to bare in mind to maintain a level of security and privacy to monitor public access to your private information.
What is a digital footprint?
Your digital footprint is the traces of information that you post about yourself online, including but not limited to photographs, locations, statuses, text messages and whereabouts, as well as other personal information that could be used to identify you. Criminals can use this publicly available information to steal your identity or use it to make phishing messages more convincing.
Every day, whether you intend to or not, you are leaving behind a trail of data that pieces together a picture of who you are online, what you are doing, where you are going, and why you are doing all these things. This picture is likely more easily accessible than you may think, and if landed in the wrong hands, could be disruptive and even dangerous.
What do I need to be aware of?
- Think about what you’re posting, and who has access to it. Have you configured the privacy options so that it’s only accessible to the people you want to see it?
- Consider what your followers and friends need to know, and what detail is unnecessary (but could be useful for criminals).
- Have an idea about what your friends, colleagues or other contacts say about you online.
What can I do?
Be aware of the content of what you post online. Could this reflect badly on you, could it be used to hack your accounts, or could it damage your relationships? You can also set your social media accounts to private or otherwise adjust your settings to limit who has access to what you post.
As ever, if you are concerned about the privacy of your information, you can book a FREE safety consultation with the Kerbury professionals here.
This is a form of malicious software that attempts to encrypt your data and then extort a
ransom to release an unlock code. Most ransomware is delivered via malicious emails. They will attempt to blackmail you to receive a financial pay off.
Phishing attempts often come in the form of emails or texts posing as an organisation you trust, such as your bank or Paypal. They attempt to convince you to hand over your login details. Once they have acquired this they will take whatever they please. Check out our blog on how to spot phishing attempts.
Traditionally hackers have attempted to gain access to bank account information or credit card databases. However, intellectual property is another source of value. The use of social engineering, tricking staff into revealing user names and passwords, remains a threat. Protect yourself using network firewalls, data access security, and user awareness and training. You can find out more about our training courses here.
A data leak
The widespread use of tablets and mobile phones means that there can often be accidental and unintentional leakage of data. They can also be easy targets for data thieves, especially if they have no password and portable USBs are often utilised. Educating your team can go a long way to help secure your cybersecurity.
If you need further support with the management of your cybersecurity, don’t hesitate to give the Kerbury team a call. We can help you secure your business’ vulnerabilities, train your workforce to minimise risk, and leave you feeling that you’re prepared.
Cybersecurity is of the upmost importance, and we are going to be busting some myths surrounding the topic to try and help you get a little wiser to hackers’ attempts.
1- I have security software, so I can forget about staying alert.
WRONG! YHou have to make sure that you are always up to date with spoftware updates, which may fix bugs and vulnerabilities that were missed before. Do the same for all of your devices, including your laptop and phone!
2- I can forget about being aware of phishing scams because they are always so easy to spot!
Phishing scams prey on human error, relying on your false sense of security to lull you into their traps. Never let your guard down when it comes to phishing, Very realistic seeming scams imitate big recognizable companies into which you may feel safe entering your payment details or personal details,
3- I only use mainstream websites I don’t need to worry about my cybersecurity.
You sure do Social media apps sell your data to make money, and that increase in cookies means your steps are being traced, making it easier to build up a profile about who you are! Security software keeps y ou safe and protects your privacy!
4- I’m not a millionaire, hackers won’t bother with me.
UK small businesses are targeted with 65,000 cyberattacks per day, with one small business hacked every 19 seconds!
5-I would be able to tell if something happened to my computer.
Hacks work like assassins, prioritizing stealth as their main weapon. Trojan horses mean that someone could lurk on you right now! Get it checked out by Kerbury right away!
Please do contact the Kerbury team today if you have any concerns or questions!