The threat update from Accelerate provides a consolidated monthly summary of recent business threats that you need to be vigilant for. We are continuously monitoring the emerging threats, vulnerabilities and breaches from key industry security organisations, such as NCSE and Fortilabs. In this month’s threat summary:
A critical flaw in Cisco’s On-Prem Smart Software Licencing Manager has been discovered, allowing remote attackers to access a sensitive part of the system with a high-privileged account. The vulnerability allows the use of a default static password even if the platform is not directly connected to the internet.
The vulnerability only affects systems if the HA feature is enabled, with Cisco issuing a patch this week.
Read MoreThe Kwampirs malware is a backdoor trojan used to gain remote access to compromised computers. The trojan collects basic information about the compromised system to determine a high-value target, copying the trojan across open network shares to infect additional systems.
Software supply chain companies are believed to be targeted in order to gain access to the victim’s strategic partners and/or customers, including entities supporting Industrial Control Systems (ICS) for global energy generation, transmission, and distribution. This same malware has also been deployed to attack companies in the healthcare and financial sectors.
Read MoreA malicious email campaign targets business users by actively distributing malware through infected word documents, masquerading as an official message from public health centres claiming to provide details on preventative measures against Coronavirus.
Infected computers then go on to deliver malicious spam messages to other targets and to drop other strains of malware onto the infected device.
Read MoreA high-severity flaw in the Dell SupportAssist software, which comes preinstalled on most new Dell devices running Windows, could be putting your business at risk by allowing an attacker to execute software with administrator privileges.
Dell has confirmed, “A locally authenticated low privileged user could exploit this vulnerability, resulting in the privileged execution software on the device.
Read MoreFollowing reports of Amazon Ring sharing personally identifiable information with third-party analytics firms without disclosing to its customers, it said it would pause its data-sharing and increase its privacy protection by implementing two factor authentication.
Whilst previously offered as an option to customers, the second layer of authentication will now be mandatory for all users.
Read MoreA popular GDPR compliance plugin on WordPress, GDPR Cookie Consent, has a critical vulnerability which could enable threat actors to modify content or inject malicious JavaScript code. The plugin is installed and active across 700k WordPress sites, as such it is a prime target for attackers.
WordPress released a statement, urging all users to update the GDPR plugin immediately.
Read MoreHave a question? Ask our technical specialists