Recite Me

Criminals take advantage of coronavirus vaccine roll-out

Threat:

There have been a high volume of reports relating to a phishing email on Monday 25 January. The email, which attempts to trick people into handing over their bank details, was reported more than 1,000 times in 24 hours.

The scam email appears to come from the NHS and asks the recipient to click on a link to accept or decline an invitation to receive the coronavirus vaccine. If they accept, they are asked to input personal information and bank card details.

The NHS will never:

  • ask you for your bank account or card details.
  • ask you for your PIN or banking password.
  • arrive unannounced at your home to give the vaccine.
  • ask you to prove your identity by sending copies of personal documents such as your passport, driving licence, bills or pay slips.

What you can do:

If you are suspicious about an email you have received, forward it to report@phishing.gov.uk.

Suspicious text messages can be forwarded to the number 7726 (free of charge)

Apple - Emergency Fixes for Under-Attack iOS Zero-Day

Threat:

On Tuesday, Apple dropped emergency security patches for its flagship iOS and iPad OS platforms alongside a warning that hackers may already be exploiting three different security vulnerabilities. The patches -- contained in iOS 14.4 and iPadOS 14.4 -- are being pushed to mobile users by the automatic updating mechanism.

What you can do:

For all your IT equipment (tablets, smartphones, laptops and PCs), make sure that the software and firmware is always kept up to date with the latest versions from software developers, hardware suppliers and vendors. Enable automatic updating where possible. 

More cyber security advice and guidance can be found at www.ncsc.gov.uk

VIPGames.com Data Breach

Threat:

VIPGames.com (a platform providing free versions of classic board and card games) has exposed the personal details of 66,000 users. In total, more than 23 million records were left exposed on a misconfigured Elasticsearch server. Exposed information includes usernames, emails, device details, IP addresses, hashed passwords, social media IDs (including Facebook, Twitter, and Google), in-game transaction details, bets, and banned players.

What you can do:

If you suspect your credentials have been leaked, you should change your password as soon as possible. If you have used the same password on any other accounts, you should change it there too.

Services such as www.haveibeenpwned.com can tell you if your information has ever been made public in a major data breach.

More advice and guidance can be found at www.ncsc.gov.uk

Mozilla security updates - January 2021

Threat:

CISA has advised organisations to patch the latest vulnerability fixed in Mozilla Firefox. Successful exploitation could result in a use-after-free attack.

Products affected: Mozilla Firefox,Mozilla Firefox ESR and Mozilla Firefox for Android

What you can do: 

For all your IT equipment (tablets, smartphones, laptops and PCs), make sure that the software and firmware is always kept up to date with the latest versions from software developers, hardware suppliers and vendors. Enable automatic updating where possible.

More cyber security advice and guidance can be found at www.ncsc.gov.uk