Be Cybersafe with Cybersafe.co.uk - Get a managed cyber security service
Contact Us

Cybersafe Threats – 16th May

Cybersafe Threats 16 May

Each week, Cybersafe.co.uk will be updating you on the latest cyber attacks threatening the private and sensitive data of businesses all over the UK. As technology evolves, so do cyber criminals and their methods of attack. If your company does not have the right cyber security processes in place, it runs a serious risk of cyber attackers infiltrating its network and data. The results could devastate your business if your data falls into the wrong hands. Whether it be paying a ransom which could cost you a fortune, losing all your data and not being able to recover it, a fine due to GDPR breaches, or reputational damage, all of these effects could have a severe impact on how (and if) your business will be able to move forwards. 

16th May 2024 – Below, we update business leaders on what you and your employees need to look out for when assessing cyber threats to their data.

Here are the most prominent cyber threats to businesses which you should be aware of:

Microsoft May Patch Tuesday fixes two actively exploited zero days

Microsoft’s May Patch Tuesday release addressed many vulnerabilities, including actively using two zero-day exploits. Let’s break down the key points:

Critical Vulnerabilities: Among the 60 Windows CVEs patched, two zero-day exploits were the focus. One, CVE-2024-30044, rated at 8.8 CVSS, is a remote code execution (RCE) flaw in SharePoint Server. It allows unauthorised injection of arbitrary code, which can lead to further attacks or lateral movement within the network.

SharePoint Vulnerability: Security experts have underscored the potential peril, pointing out that this vulnerability could enable attackers to manipulate files or gain unauthorised access to sensitive information, posing a serious threat to system security.

Windows DWM Core Library Bug: Another zero-day exploit, CVE-2024-30051, with a 7.8 CVSS rating, affects the Windows Desktop Window Manager (DWM) core library. This flaw has been actively exploited to distribute modified versions of the Qakbot banking Trojan, potentially leading to significant financial losses and data breaches.

Elevation of Privilege: Reports described CVE-2024-30051 as a significant threat due to its potential to grant attackers system privileges with relatively low complexity.

Security Feature Bypass: CVE-2024-30040, with an 8.8 CVSS score, targets Windows MSHTML, allowing attackers to bypass OLE mitigations in Microsoft 365 and Office. This vulnerability is actively exploited, although Microsoft hasn’t disclosed specifics.

Disclosure Concerns: The experts criticised Microsoft’s disclosure of CVE-2024-30040 as unclear, making it challenging for security teams to develop effective detection rules.

Additional Updates: Microsoft also addressed three Windows Remote Access Connection Manager information disclosure vulnerabilities and resolved an unspecified regression introduced by April patches.

Third-Party Updates: Due to critical vulnerabilities, administrators are urged to update all browsers, especially Firefox and Chrome. macOS also received an essential fix on May 13th.

IT Company hid cyber security breach

An IT contractor, Shared Services Connected Ltd (SSCL), concealed a cyber security breach for months, compromising the data of nearly 270,000 Ministry of Defence personnel. Suspected to be orchestrated by a Chinese hacking group, the breach was discovered in February but reported only recently.

Grant Shapps, the defence secretary, confirmed the hack, criticising SSCL’s failure to disclose timely. SSCL was awarded a £500,000 cyber security monitoring contract despite the breach, raising concerns. The government is reviewing SSCL’s contracts amid fears of broader system compromise.

While not directly implicating China, some politicians see Chinese involvement. The Chinese embassy denies involvement, calling the allegations fabricated. This incident adds to existing tensions following UK government sanctions on Chinese individuals and a tech firm in Wuhan for cyber attacks. It is a stark warning to businesses all over the world that even data that is considered to be the most secure is still vulnerable. Robust Cyber Security is very important. Business owners need to consider how to be Cybersafe, and this resource helps your company do exactly that.

MoD hacked as Cyber Attack causes Data Breach

Dell has confirmed a significant data breach affecting nearly 49 million users, divulging compromised information such as names, physical addresses, and details regarding hardware purchases. Fortunately, financial data, email addresses, and phone numbers were not compromised in the breach. The breach came to light after a threat actor known as Menelik claimed to possess a Dell database containing information on millions of customers, particularly those who made purchases between 2017 and 2024. Although Dell is reassuring customers that the type of information involved poses no significant risk, they have begun notifying affected customers and are actively investigating the incident with law enforcement and a third-party forensics firm.

The alleged database offered by Menelik reportedly contained data on 7 million individual customers, 11 million from “consumer segment companies,” and the remainder from enterprises, partners, schools, or unidentified entities. However, the post advertising the sale of the database has since been deleted, hinting that another threat actor may have already acquired the stolen information.

In response to the breach, Dell is advising customers to remain vigilant against potential phishing attempts or suspicious communications referencing their Dell purchases. This incident underscores the ongoing challenges faced by tech companies in safeguarding customer data and highlights the importance of robust cybersecurity measures. It also follows a similar breach at Hewlett Packard Enterprise in December, suggesting a concerning trend of cybersecurity vulnerabilities within the tech industry that must be addressed through enhanced security protocols and proactive threat detection measures.

Cybersafe

Contact Cybersafe.co.uk to ask for help on how we can help protect your business from cyber criminals. Whether you have sensitive data or confidential information within your business, you are always likely to be a target for cyber criminals. We also have a podcast where you can stay up-to-date with the latest cyber security measures that will help your company fight against these threats.

Share the Post:

Related Posts