Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Microsoft SharePoint Remote Code Vulnerability

A recent vulnerability has been discovered for Microsoft SharePoint. CVE-2022-30157 was published on 15/06/2022 with a CVSS 3.1 score of 8.8, meaning it is a high rating in criticality. The vulnerability allows for the remote running of arbitrary code on affected Microsoft SharePoint Servers. The vulnerability exists in the processing of charts. They are tampering with the client-side data, which can trigger a serialisation of untrusted data. An attacker can leverage this to execute code.

If you are using Microsoft SharePoint, it is highly recommended that you ensure all current patches are installed. For further information about CVE-2022-30157, click here.

Five Bad Security habits and how to break them

1. Password Hygiene

Passwords are used to access some of our most important information and data. So why use a weak password?

Ensuring a good password policy is in place that helps your employees create a strong and complex password helps elevate this security flaw. You can also do other things like enable MFA (Multi-factor authentication) and use a trusted password manager. These can help protect your organisations and are easy to implement.

2. Convoluted processes and policies

Policies are used in every aspect of a business, and they are followed religiously in some areas, but why not in IT?

Policies and procedures can be used to improve a company’s workflow whilst setting out guidance for the employee to follow. IT policies are not different. They allow you to implement security frameworks throughout your organisation. It is essential to ensure these policies are utilised and are updated/revised regularly

3. Outdated software and non-secure devices

How do I make sure all my devices are up to date? Especially when I do not own them?

With the increase of home working and the broader introduction of BYOD (Bring your own Devices), security does not always take the front seat when running the business. Employees start to use unsecured WiFi and unpatched devices. So how do you manage this?

The use of policies can determine the requirements for a BYOD. To help mitigate the threat of using unsecured WiFi, you could use a VPN (a virtual private network) and ensure that all devices utilise at least a software-based firewall.

4. Untrained Staff

We have all seen phishing emails being sent to us; phishing emails are some of the most common attacks, along with malware. But how do we help prevent this?

Conduct regular security awareness training to help your employees better understand security and what to do in certain situations – explaining the potential risks if an employee clicks on a phishing email.

5. Complacency

One habit I am sure we all have fallen victim to is being complacent. When it comes to adopting a Cyber Secure environment, this sadly is not an overnight endeavour. It takes adopting all current methods and approaches, incorporating regular reviews and adapting to current trends and threats. Making sure your organisation is secure from Cyber Threats is one of our primary concerns; if you want to learn how to secure your business, feel free to get in touch.

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.