Cyber Threat Report - 5 May 2021
Updated: May 26
Welcome to the new weekly threat report. The weekly threat report will be replacing the newsletter to provide more concise and relevant updates to the cyber threats we face as both businesses and individuals.
Keeping a close eye on cyber threats and knowing the current methods attackers are using allows us to better identify threats and trends so that we can protect ourselves against them. The goal of the weekly threat report is to do just that - I'll bring you updates on newly discovered threats, brief you on any incidents that have happened since the last report, and keep you informed of any trends to watch out for.
Number of phishing emails from hacked accounts increasing
Speaking of trends, over the past week or two we have seen an increase in the number of phishing emails received from compromised client email accounts. This method is often more successful because the recipient is familiar with the 'sender' and may be expecting an email from them, plus they are difficult for mail security filters to identify as spam because they came from a genuine address that would usually pass any security checks; it doesn't know the account has been compromised.
It's not just hacked client accounts being used to email business either, it could be friends or family members accounts that have been compromised. The nature of this method means we have to be very cautious, even when we know the sender.
May 2021 Android update fixes 42 security flaws
Another trend we have seen is the increase of smartphone malware, which makes sense when we use these devices for pretty much everything these days. The amount of personal data on our phones makes them a juicy target for cybercriminals who will sell that data or use it for other malicious purposes.
That's why developers have to keep on top of vulnerabilities and patch them accordingly, and why we have to keep our phones and apps updated with those patches.
Android has just released such an update that fixes 42 vulnerabilities, 4 of which have been classified as critical, but what does that mean exactly?
Some of these vulnerabilities mean a hacker could execute code on your phone remotely and give themselves access to your entire device, so make sure you install the update.
Millions of Dell devices are vulnerable and have been for years
Staying on the topic of vulnerabilities, some critical flaws have been found in Dells firmware update driver, which appears to have been present for nearly 12 years.
The nature of the flaws means that an attacker could gain access from the very base level of the computer and completely take over the system.
It's unclear if the vulnerabilities have been exploited in the wild as there's currently no evidence of it, but rest assured the Dell has announced they will be releasing a patch on 10th May.
That's all for this week, make sure you check out next weeks 'Patch Tuesday' report.