Search
Close this search box.

Become Cyber Safe – 17th August 2023

Table of Contents

[fusion_builder_container type=”flex” hundred_percent=”no” equal_height_columns=”no” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” border_style=”solid” margin_top=”1px” flex_align_items=”center” flex_justify_content=”flex-start”][fusion_builder_row][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ background_position=”left top” border_style=”solid” border_position=”all” spacing=”yes” background_repeat=”no-repeat” margin_top=”0px” margin_bottom=”0px” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”true” hover_type=”none” first=”true” background_blend_mode=”overlay” min_height=”” link=””][fusion_text]

Welcome to the latest edition of the Cyber Safe Threat Updates, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:


PBI data breach impacted more than 1.2m customers of Wilton Reassurance Life Company

Wilton Reassurance Life Company, a Connecticut-based insurance provider, disclosed a significant data breach affecting over 1.2 million customers. The breach exposed the sensitive personal information of these individuals.

Wilton Reassurance Life Company reported the breach to the Office of the Maine Attorney General and shared a notification from Pension Benefit Information (PBI), a company known for its obituary databases and population management solutions, which experienced a breach due to a zero-day vulnerability in Progress Software’s MOVEit file transfer application.

Was there an investigation?

PBI conducted an internal investigation with external cybersecurity experts and confirmed that a threat actor exploited the zero-day vulnerability to access one of their MOVEit Transfer servers between May 29 and May 30, 2023. During this time, certain data was exfiltrated from the server.

Initially, PBI reported around 371,359 individuals impacted, but later, they disclosed to the U.S. Department of Health and Human Services that at least 1,209,825 individuals were affected. Wilton Reassurance Life Company, among other companies conducting business with PBI Research Services, discovered the breach on June 7.

What data was compromised?

The compromised data included customer names and Social Security Numbers. Wilton Reassurance Life Company offers impacted individuals a year of complimentary credit monitoring and identity theft protection services through Kroll.

Source: https://bit.ly/45cAxsE

Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws

Millions of programmable logic controllers (PLCs) employed in industrial settings around the world face potential risks due to 15 vulnerabilities found within the CODESYS V3 software development kit.

Does Microsoft acknowledge the risk?

These vulnerabilities expose these PLCs to remote code execution (RCE) and denial of service (DoS) attacks. The CODESYS V3 SDK is widely used by over 500 device manufacturers for programming more than 1,000 PLC models, allowing customised automation sequences. The vulnerabilities were identified by Microsoft researchers, who disclosed them to CODESYS in September 2022.

Although security updates were released in April 2023, the slow update cycle of these devices prompted Microsoft to issue a detailed advisory to raise awareness about the risks. The vulnerabilities affect multiple components of the SDK, leading to potential buffer overflow attacks.

What you need to do

Despite requiring authentication to exploit, a related flaw can bypass this requirement. Microsoft’s analysis demonstrated that in 12 out of 15 cases, remote code execution on the PLCs was achieved. To mitigate risks, administrators are urged to update to CODESYS V3 v3.5.19.0 and disconnect critical industrial devices, including PLCs, from the internet.

Source: https://bit.ly/3smfN2T

Parking app scams: Drivers are being tricked into signing up for expensive subscriptions

The menace of parking app scams has been highlighted by Which? a prominent consumer protection entity. Illicit advertisers are deceiving customers by manipulating promotions for parking apps and exploiting QR codes to trap unsuspecting individuals within hard-to-cancel subscription schemes.

Cyber criminals do not discriminate

What this story highlights is that cyber criminals will stop at no lengths to try and capture the data of unsuspecting individuals.

This recent cyber threats update reveals a disconcerting incident involving a website named Alltainment. An individual told Which? about a distressing experience, which saw their attempt to register for a parking app result in an involuntary subscription to a £39.99 monthly payment under the false pretence of an entertainment package. This incident exposes how deceitful these scams can be, with Trustpilot reviews showing how many people have been caught out by the fraud.

How does the fraud happen?

This fraudulent scheme appears to happen in two different ways. First, individuals seeking legitimate parking apps such as JustPark, Parkonomy, PayByPhone, and Ringgo find themselves unwittingly subscribed to the services of Alltainment. Second, manipulating QR codes encountered in daily life diverts users towards the subscription mentioned above service. These tactics underscore the multifaceted complexion of modern cyber scams.

The investigation meticulously traces the operations of Alltainment, the company which is supposedly responsible for the scam. To be caught out by the scam, all you have to do is search for the authentic JustPark app via Google. The top search result, misleadingly affiliated with JustPark, redirects users to uk.apkpac[dot]com (do not visit) —a website which hosts clickable advertisements for Alltainment. The site then effectively coerces them into inadvertent subscriptions.

Be vigilant when entering payment details

JustPark, the well-renowned and legitimate parking app provider, has stated that it is aware of the scam and has reported it. However, it still urges individuals to be vigilant when signing up for parking subscriptions and entering bank details. Always check the website address; if you have any concerns, it is better not to take the risk. Check the domain on the website but also check the email address.

Source: https://bit.ly/3OXJal8

Contact Neuways to help your business become Cyber Safe

If you need any assistance with cyber security assistance, then please contact Neuways and we will help you where we can. Just get in touch with our team today.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Phishing Awareness Training
How To React To The Rise In Quality of Phishing Attacks
Be Cybersafe, stay informed, stay vigilant, and let Neuways help you build a strong and secure defence...
Read More
IT Support issues can be resolved by working with companies like Neuways
IT Support issue caused Cornwall Hospital Disruption - Not Cyber Attack
IT Support issues - It's all about backup protocols. These Issues caused disruption in Cornwall. but...
Read More
Neuways explain how to help move IT offices seamlessly.
How to seamlessly move offices without your IT being affected
Moving offices as a business does not have to be complicated. Make life easier for your team by enlisting...
Read More
Choose Neuways for your IT Support, Cyber Security and Business Central needs.
Become Cybersafe: Listen to our Cybersafe Digest Podcast
As leaders of businesses and companies, the weight of safeguarding your company’s assets, reputation,...
Read More
Use a password manager tool like the ones recommended from Neuways
Best thing about using a Password Manager tool
When using a password manager tool, you can store all your login details in one accessible place. It's...
Read More
Cyber Security Representation
The Critical Need for Businesses to Strengthen Cyber Security in the Age of AI
Businesses must take note of the dangers of AI and Cyber Security. In our latest blog we explain the...
Read More
IT Support in Derby from Neuways
What Questions should you be asking your IT Support Provider?
Choosing the right managed IT service provider (MSP) is crucial for your business’s success, and...
Read More
Microsoft Dynamics 365 Business Central Main Product Mockup Showcase ERP
Why Business Central enhances and streamlines solutions
See how Microsoft Dynamics 365 Business Central enhances business solutions and streamlines the processes...
Read More

Frequently Asked Questions

As a leading IT and technology provider, we offer three core services, all of which have additional add-ons. We offer Managed IT Support, Business Central implementation and consultation, as well as Managed Cyber Security. Call us on 01283 753333 if you are interested in any of our services.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311

Email: hello@neuways.com

Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. 

Exclaimer Pro is a dynamic email signature that helps clients to switch and change around email signatures so that clients are able to advertise different offers and brands to a variety of email recipients. Administrators can also manage user emails internally, meaning the user does not have to touch their own email signature.

We offer Managed Security Training to help employees spot email phishing attacks, spear phishing attacks and vishing attacks. We also help train clients on how to use the various pieces of software we provide to clients, like Exclaimer Pro, Business Central and Cybersafe software.

We are a Managed IT Support provider based in Derby, East Midlands. However, we cover so many areas including the whole of the UK, Europe, and America. We are always willing to travel and send our expert technicians to ensure you have the best experience. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.
Name