Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, malware including Ransomware and DDoS, in order to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

 

Beware of the £400 energy grant scam

Phishing text messages impersonating the Government are being sent out exploiting the energy crisis by enticing victims to sign up for an Energy Bills Support Scheme, which proceeds to ask for details about your energy provider and bank details.

These messages are being sent out trying to convince the recipient that they have been selected and are eligible for a £400 grant from the Government. The link in the message points to a website that looks like the Government’s website with a start now link where they can provide scammers with their information. ‘Which?’ has said to have received reports from many of its customers about these messages, assuring them any energy support payments will be made automatically without the need to apply.

How can you avoid this energy scam? Be cautious of any unexpected text messages; you mustn’t click on any links. Be sure to report any suspicious texts or emails, however, if you think you’ve been a victim of a scam, contact your bank straight away and report it to Action Fraud.

Fix for a critical OpenSSL due 1st November 2022 

1st of November 2022, a critical fix took place between 13:00 UTC and 17:00 UTC, addressing a critical vulnerability for all software with recently released versions starting with a 3. Any versions starting with a 1 are unaffected, and bug fixes for version 1.1.1 are scheduled for the same day but are unrelated to the critical vulnerability fix.

With OpenSSL only marking one other issue CVE-2016-6309 as CRITICAL since its launch in 2014, this update has attracted a lot of attention. So, what makes an issue classed as critical?

OpenSSL stated: “This affects common configurations and which are also likely to be exploitable. Examples include significant disclosure of the contents of server memory (potentially revealing user details), vulnerabilities which can be easily exploited remotely to compromise private server keys or where remote code execution is considered likely in common situations. These issues will be kept private and will trigger a new release of all supported versions. We will attempt to address these as soon as possible.”

OpenSSL software is described as a “full-featured toolkit for general-purpose cryptography and secure communication,” making it widely used as a standalone or embedded into other applications. There are versions used in Linux, macOS, and FreeBSD, and they can be installed on Windows.

“Robust protocols” in place after reports Liz Truss’ phone was hacked by Russian spies

On Sunday, Michael Gove, the Levelling up Secretary, did not deny Liz Truss’ phone had been hacked. The Kremlin hackers are believed to have gained access to sensitive exchanges with foreign officials in Ukraine, along with conversations between herself and Kwasi Kwarteng. 

When asked about the security breach by Sky News, Mr. Gove claims not to know the extent of the violation, if there was one. However, he has assured that the Government has robust protocols in place to protect individuals while also protecting Government and national security. 

Claims were also made that the breach uncovered information about former prime minister Boris Johnson and Cabinet secretary Simon Case, suppressing Liz Truss’ running for the Tory leadership in the summer. 

These claims have raised issues about cyber security and whether the cabinet minister had used her personal mobile phone for Government business, along with questions as to why this story has now been leaked to the press. 

The Labour MP has said that these allegations raise concerns as to whether to Government is taking these national security issues seriously enough. 

If you are concerned about any cyber security issues within your business, contact us today on 01283 753 333 or email hello@neuways.com.