Search
Close this search box.

Become Cyber Safe – 14th December

Table of Contents

[fusion_builder_container type=”flex” hundred_percent=”no” equal_height_columns=”no” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” border_style=”solid” margin_top=”1px” flex_align_items=”center” flex_justify_content=”flex-start”][fusion_builder_row][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ background_position=”left top” border_style=”solid” border_position=”all” spacing=”yes” background_repeat=”no-repeat” margin_top=”0px” margin_bottom=”0px” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”true” hover_type=”none” first=”true” background_blend_mode=”overlay” min_height=”” link=””][fusion_text]

Welcome to the latest edition of the Cybersafe Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:


Apple emergency updates fix recent zero-days on older iPhones

Apple has recently released emergency security updates addressing two actively exploited zero-day vulnerabilities discovered in the WebKit browser engine. These flaws, CVE-2023-42916 and CVE-2023-42917, allowed attackers to access sensitive data and execute arbitrary code through specially crafted webpages, exploiting out-of-bounds and memory corruption bugs on unpatched devices. The updates, encompassing iOS 16.7.3, iPadOS 16.7.3, tvOS 17.2, and watchOS 10.2, enhance input validation and implement locking mechanisms.

The affected devices include the iPhone 8 and, later, various iPad models, Apple TV HD and 4K, and Apple Watch Series 4. Google’s Threat Analysis Group (TAG) security researcher, Clément Lecigne, discovered and reported these vulnerabilities, although Apple has not disclosed specific details about their exploitation. Notably, Google TAG researchers have previously identified and disclosed zero days used in state-sponsored surveillance attacks.

The Cyber security and Infrastructure Security Agency (CISA) urged Federal Civilian Executive Branch (FCEB) agencies to patch their devices against these vulnerabilities promptly. Apple has diligently addressed 20 zero-day vulnerabilities this year, emphasising the importance of keeping systems up-to-date to mitigate security risks.

To become Cybersafe as a business, it is vital that you stay up to date with the latest cyber threats that are occurring around the world, as they could reach the UK at any point. All businesses are a potential target, regardless of their size.

Toyota warns customers of data breach exposing personal and financial info

Toyota Financial Services (TFS), a subsidiary of Toyota Motor Corporation, has warned its customers about a recent data breach. The breach occurred when unauthorised access was detected on some of its systems in Europe and Africa. The attackers, identified as the Medusa ransomware group, demanded a payment of $8,000,000 to delete the stolen data and gave Toyota a 10-day deadline to respond.

In response, Toyota took specific systems offline to contain the breach, impacting customer services. Due to not negotiating a ransom payment, all stolen data has been leaked on Medusa’s extortion portal on the dark web. Toyota Kreditbank GmbH in Germany was identified as one of the impacted divisions, with hackers gaining access to customers’ personal data, including full names, residence addresses, contract information, lease-purchase details, and International Bank Account Numbers (IBANs).

This sensitive information poses a risk for various malicious activities such as phishing, social engineering, scams, financial fraud, and identity theft attempts. Toyota is currently conducting an internal investigation, and while the compromised data mentioned is verified, there is a possibility that attackers accessed additional information. The company promises to update affected customers promptly as the investigation progresses. As of now, the exact number of exposed customers has yet to be disclosed by Toyota.

All businesses can be targets of a hacker, and that is why it is vital that businesses work with Neuways to become Cybersafe as a business.

WordPress plugin hacked – could affect over 90,000 websites

A critical vulnerability in the Backup Migration plugin for WordPress, installed on over 90,000 websites, has exposed approximately 50,000 sites to remote code execution (RCE) attacks. Discovered by the Nex Team and reported through a bug bounty program, the flaw (CVE-2023-6553) allows unauthenticated attackers to compromise websites by injecting malicious PHP code via the /includes/backup-heart.php file. The issue arises from the plugin’s attempt to include a file from a user-controlled directory, making it susceptible to exploitation.

Wordfence, a WordPress security firm, promptly reported the vulnerability to BackupBliss, the plugin’s developers, who released a patch (Backup Migration 1.3.8) within hours. Despite the quick fix, nearly 50,000 WordPress sites remain insecure, as reported by WordPress.org download stats a week after the patch release.

This critical security risk underscores the importance for administrators to promptly update to the patched version and safeguard their websites against potential attacks. Additionally, WordPress administrators should be cautious of a phishing campaign targeting them with fake security advisories related to a fictitious vulnerability (CVE-2023-45124). Last week, WordPress also addressed a Property Oriented Programming (POP) chain vulnerability, emphasising the ongoing need for vigilance in maintaining website security.

It is important that businesses follow this advice in order to become Cybersafe as an organisation.

—————————————————————————————————————————–

Contact Neuways to help your business become

Cyber Safe

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Phishing Awareness Training
How To React To The Rise In Quality of Phishing Attacks
Be Cybersafe, stay informed, stay vigilant, and let Neuways help you build a strong and secure defence...
Read More
IT Support issues can be resolved by working with companies like Neuways
IT Support issue caused Cornwall Hospital Disruption - Not Cyber Attack
IT Support issues - It's all about backup protocols. These Issues caused disruption in Cornwall. but...
Read More
Neuways explain how to help move IT offices seamlessly.
How to seamlessly move offices without your IT being affected
Moving offices as a business does not have to be complicated. Make life easier for your team by enlisting...
Read More
Choose Neuways for your IT Support, Cyber Security and Business Central needs.
Become Cybersafe: Listen to our Cybersafe Digest Podcast
As leaders of businesses and companies, the weight of safeguarding your company’s assets, reputation,...
Read More
Use a password manager tool like the ones recommended from Neuways
Best thing about using a Password Manager tool
When using a password manager tool, you can store all your login details in one accessible place. It's...
Read More
Cyber Security Representation
The Critical Need for Businesses to Strengthen Cyber Security in the Age of AI
Businesses must take note of the dangers of AI and Cyber Security. In our latest blog we explain the...
Read More
IT Support in Derby from Neuways
What Questions should you be asking your IT Support Provider?
Choosing the right managed IT service provider (MSP) is crucial for your business’s success, and...
Read More
Microsoft Dynamics 365 Business Central Main Product Mockup Showcase ERP
Why Business Central enhances and streamlines solutions
See how Microsoft Dynamics 365 Business Central enhances business solutions and streamlines the processes...
Read More

Frequently Asked Questions

As a leading IT and technology provider, we offer three core services, all of which have additional add-ons. We offer Managed IT Support, Business Central implementation and consultation, as well as Managed Cyber Security. Call us on 01283 753333 if you are interested in any of our services.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311

Email: hello@neuways.com

Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. 

Exclaimer Pro is a dynamic email signature that helps clients to switch and change around email signatures so that clients are able to advertise different offers and brands to a variety of email recipients. Administrators can also manage user emails internally, meaning the user does not have to touch their own email signature.

We offer Managed Security Training to help employees spot email phishing attacks, spear phishing attacks and vishing attacks. We also help train clients on how to use the various pieces of software we provide to clients, like Exclaimer Pro, Business Central and Cybersafe software.

We are a Managed IT Support provider based in Derby, East Midlands. However, we cover so many areas including the whole of the UK, Europe, and America. We are always willing to travel and send our expert technicians to ensure you have the best experience. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.
Name