Cynch Security

18/12/2024

That glorious moment where you get to switch on your email out of office message is almost here. Here are a few tips to stop cyber criminals turning your well meaning message against you.

The good old ‘out of office’ message is there to let your customers and partners know what’s up and assure them you’ll be back to business as soon as you return. Sadly, these automatic messages might flag to spammers and cyber criminals you’re away, so take care not to share the wrong thin...

17/12/2024

Our CTO discussed all things Cyber Fitness with Mornington Peninsula Shire recently as part of their Business Wrap Up podcast series.

https://buff.ly/3ZVXXlR

Give it a listen and share with your SMB network!

Get expert advice on affordable cybersecurity measures to protect your business from costly digital threats.

19/11/2024

Tired of worrying about cyberattacks? Learn how to protect your business with Cynch.

Read more: https://cynch.com.au/blog/5-common-cybersecurity-mistakes-small-businesses-make

We’ve seen a big uptick in demand for our cyber fitness boot camps in recent months. It’s clear that Australian small businesses are increasingly aware that cyber risk is increasing and they’re not doing enough to keep up. Here are 5 common cybersecurity mistakes small business attending our b...

04/10/2024

Trying something a bit different this week with our update. Here's a Google NotebookLM using our top picks from the 200+ items we reviewed over the past week. 💪

🤯 We're pretty blown away with the results and would love to hear your thoughts on if it's worth repeating.

Links to the articles themselves in the comments in case you prefer reading over listening.

19/09/2024

A hectic week with over 200 news alerts. Here's a summary of what you might have missed: Apple and Google issued updates and we saw a ramp up in scams with iPhone 16 hype and innovative deepfake attacks. Stay informed and secure out there!

🚨 Upgrade Adobe Acrobat Reader to fix a critical flaw. https://buff.ly/3XqcSlI

🚨 Apple's macOS Sequoia 15 patch addresses multiple security issues allowing unauthorised access to sensitive user data, system files, and privileges. https://buff.ly/3zp2BhG

🚨 iOS 18 and iPadOS 18 security updates address vulnerabilities allowing unauthorised access, denial-of-service, and other risks. https://buff.ly/3XAq1sJ

🚨 Chrome 129 is now stable and includes security fixes and other improvements. https://buff.ly/3B8ZuuS

⚠️ Cybercriminals exploit iPhone 16 hype with fake pre-orders, technical support scams, and phishing sites. https://buff.ly/3zkexBj

⚠️ Over half of Australian law firms see cyber security as their top challenge, with 21% targeted by cybercriminals, and phishing attacks affecting 81%. https://buff.ly/3XzObDC

⚠️ A surge in AI-driven cybercrime in Australia & New Zealand. https://buff.ly/3BcmKIx

⚠️ Web DDoS attacks soared in 2024. Finance was hit hardest. https://buff.ly/3XpPVPG

⚠️ Malware locks browsers in kiosk mode to steal Google credentials by frustrating users into entering their info. https://buff.ly/3B2xzg5

⚠️ The OAIC reported a 65% increase in government data breaches in H1 2024 with 63 incidents; most breaches were from impersonation or social engineering. https://buff.ly/4gq9y2R

💪 Passkeys are now easier to use for Chrome users with sync support on Google Password Manager. https://buff.ly/3ZuJPQy

💪 HackerOne launches Essential VDP, a free entry-level Vulnerability Disclosure Programme. https://buff.ly/3Zw8p3Q

AI-driven cybercrime surges in Australia and NZ, warns Trend Micro; thousands of attacks detected, leveraging AI to breach security defences.

12/09/2024

Time for the Friday the 13th special edition of our threat wrap up. 👻 Drawing from over 180 security items this week, here are some things you may have missed 😬

🚨 Microsoft's September patches include updates for 79 flaws, fixing four already under attack. https://buff.ly/3z2GU7b

🚨 Chrome updated to 128.0.6613.137 for Windows, Mac, Linux; includes 5 security fixes contributed by external researchers. Update rolling out over coming days/weeks. https://buff.ly/3AZzcLF

🚨 Upgrade Adobe Acrobat Reader to fix a critical flaw. https://buff.ly/3XqcSlI

🦁 Google's September Android security update fixes 34 vulnerabilities, including at least one seen in use in the wild. https://buff.ly/4ea05dV

🚨 Veeam fixed 18 high and critical flaws in Backup & Replication, Service Provider Console, and ONE. https://buff.ly/4e2Ensm

🚨 A critical flaw in LiteSpeed Cache allowed account takeovers on nearly 6M WordPress sites. https://buff.ly/4e9nUCI

💔 New sextortion scam targets spouses with alleged cheating proof, using data from sites like The Knot. Emails come from various domains and distress recipients, but they're scams—don't click the links! https://buff.ly/4gfbY4e

🚘 Avis discovered a data breach affecting 299,006 individuals, with stolen info including names, emails, credit card details, and driver's license numbers. https://buff.ly/4cU8qBn

⚠️ Highline Public Schools shut down after cyberattack, disrupting the first day of kindergarten. https://buff.ly/3XAmpYC

⚠️ Cybercriminals exploit iPhone 16 hype with fake pre-orders, technical support scams, and phishing sites, as revealed by Kaspersky researchers. Stay vigilant to avoid losing money and personal info! https://buff.ly/3zkexBj

💪 ACS and ISACA extend MoU to boost global IT skills, enhance member benefits, and promote digital trust through joint training, advocacy, events, and research initiatives. https://buff.ly/3XJ4yPz

The Australian Computer Society and ISACA have renewed their MoU to tackle the global IT skills shortage and enhance benefits for their combined 227,000 global members.

22/08/2024

Missed some crucial cyber security updates this week? After reviewing over a 180 alerts, we’ve summarised the key insights. Don't ignore updates to WordPress plugins, Chrome and new attacks targeting businesses of all sizes.

🚨 Critical flaws found in WordPress LiteSpeed Cache, GiveWP, InPost, and JS Help Desk plugins discovered and patched. https://buff.ly/3MbmLP0

🚨 Google patches critical Chrome. Update to version 128.0.6613.84 or later asap. https://buff.ly/4duRQcp

⚠️ A newly found GitHub Actions flaw, leaks tokens and can allow malicious actors to hijack repositories and access cloud environments. https://buff.ly/4fMZ7WQ

⚠️ Medibank's security uplift post-2022 breach, costing $86.2M, expects to reach $126M by mid-2025. Litigation costs loom, but customer acquisition has rebounded. Net profit rises to $570.4M. https://buff.ly/3XdNtwM

💪 Microsoft urges Microsoft 365 admins to enable MFA by Oct 15. Admins can defer until April 2025 but at higher risk. https://buff.ly/46P9mFL

💪 Google testing a new Chrome feature to redact sensitive info during screen sharing on Android! https://buff.ly/46P0UX2

💪 QNAP's new Security Center updates add ransomware protection and support for self-encrypting drives, enhancing overall NAS device security. https://buff.ly/3YUzJrT

Critical vulnerability in WordPress GiveWP plugin threatens 100,000+ websites. Urgent update required to protect against remote code ex*****on attacks

15/08/2024

Over 200 news alerts in the past week including critical Microsoft patches, alarming security flaws, and gym locker attackers. Here are the concerns you might have missed.

🚨 Microsoft's August 2024 Patch Tuesday addresses 89 flaws, including six actively exploited and eight critical vulnerabilities fixed. Don't wait, patch now! https://buff.ly/3SPpz89

⚠️ 99% of Global 2000 companies have been linked to breached vendors. https://buff.ly/4d5CGdz

⚠️ Cybersecurity researchers reveal new phishing using Google Drawings and WhatsApp links to mimic Amazon. https://buff.ly/4dxs4E6

⚠️ Clicking 'OK' allows 237 partners to use cookies and access your data for personalised ads and more. https://buff.ly/3WDLQqB

⚠️ Microsoft announces Windows 11 21H2 and 22H2 editions will reach end of servicing on October. https://buff.ly/3WJVQ1J

⚠️ Evolution Mining hit by ransomware, IT systems impacted but mining operations continue. https://t.co/IIkHEGfhCz

⚠️ Cloudflare's survey reveals 41% of Aussie businesses faced data breaches in the last year, with 50% paying ransomware demands despite pledges. AI's impact, budget allocations, and complex threats are major concerns. https://buff.ly/4dr4lWq

⚠️ Australia sees a spike in returns fraud, with 60% of retailers hit in the past year. Quality disputes and 'wardrobing' top the list of abuses. https://buff.ly/3Aodtwt

⚠️ Thousands of electronic lockers in gyms, offices, and schools are hackable using cheap tools. Researchers at Defcon showed how to extract and clone management keys. https://buff.ly/3YLBY0W

Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day.

08/08/2024

Missed this week’s key cybersecurity highlights? After reviewing another 190+ news alerts, here are the updates you need to know!

Google patches a critical bug in Android, Chrome updated, over a million domains at risk of takeover, Microsoft’s global outage due to a DDoS attack, and much more.

🚨 Google's August Android update patches 46 bugs, including some being exploited in the wild. https://buff.ly/46QFIjL

🚨 Chrome browser was updated to 127.0.6533.99 for Windows, Mac, and Linux, fixing 5 security issues. https://buff.ly/46LbtKP

⚠️ Over a million domains, including those from Fortune 100 firms, are vulnerable to takeover due to DNS authentication weaknesses at major hosting providers. https://buff.ly/4dpuLYs

⚠️ Microsoft confirms nine-hour outage of multiple services was triggered by a DDoS attack, affecting 365 and Azure services globally. https://buff.ly/4d5hFQ6

⚠️ ERIAKOS scam employs over 600 fake web shops on Facebook to steal personal data, targeting mobile users with ads for fake discounts from brands like Nike and Amazon. https://buff.ly/3WHFIPk

⚠️ Twilio has forcibly logged users out of the Authy for Desktop app, ending support and rendering the app unusable. Existing users must switch to mobile versions, risking lost 2FA tokens if not synced. https://buff.ly/4c3YKE4

⚠️ Qualys 2024 report reveals a 30% rise in reported CVEs, with 22,254 total. Critical vulnerabilities include CVEAtlassian Confluence, FortiClient, and Check Point Security Gateways. https://buff.ly/4dbyLMn

⚠️ 99% of Global 2000 companies link to breached vendors, urging better supply chain cybersecurity amidst new SEC requirements. https://buff.ly/4d5CGdz

💪 OpenAI's new GPT-4o powers ChatGPT with advanced features, spurring privacy concerns due to extensive data collection. https://buff.ly/3LJTbA7

💪 Bugcrowd unveils Continuous Attack Surface Pe*******on Testing (CASPT) to enhance security and reduce external risks, leveraging their recent acquisition of Informer for enriched EASM and vulnerability data. https://buff.ly/46U4EqB

Twilio has finally killed off its Authy for Desktop application, forcibly logging users out of the desktop application.

01/08/2024

After a massive week, reviewing over 190 security alerts, here are the key updates you may have missed. Must-reads include Apple’s recent patches, insights on Google Cloud and ServiceNow vulnerabilities, and the latest on global cyber threats 💪

🚨 Apple addresses multiple security vulnerabilities in macOS. Specific issues patched include code ex*****on, data access, and denial-of-service risks. https://buff.ly/3YtBso6

🚨 Security patches for iPhone XS and later, and various iPad models were also released. https://buff.ly/4caUKl4

⚠️ Hackers leaked documents from Leidos, affecting data from internal investigations. Leidos says no sensitive customer data was impacted. https://buff.ly/4cSMFTz

⚠️ Tenable disclosed a vulnerability in Google Cloud's Cloud Functions, allowing unauthorised access and data manipulation. Google updated defaults, but existing instances remain at risk. https://buff.ly/3zZ74I0

⚠️ SonicWall's 2024 Mid-Year Threat Report reveals a surge in global cyberattacks, with SMBs most at risk. https://buff.ly/3WO7zO6

⚠️ Cohesity study reveals many Aussie firms overestimate cyber resilience, with 60% hit by ransomware recently and 81% willing to pay ransoms. Only 5% can recover data within a day, stressing need for better strategies. https://buff.ly/3YtasVN

⚠️ CrowdStrike sued for allegedly hiding inadequate software testing causing a global outage; shares plummeted 32%, wiping out $25bn in market value. Delta Air Lines to seek damages. https://buff.ly/3YsbroY

⚠️ Over a million domains are vulnerable to takeover due to DNS authentication weaknesses at major hosting providers. https://buff.ly/4dpuLYs

💪 Privacy concerns have been raised around OpenAI's new GPT-4o due to extensive data collection. https://buff.ly/3LJTbA7

💪 Tony Burke is Australia's new cyber security minister, while Clare O'Neil moves to housing. ASIO shifts to the Attorney-General's department. MP Andrew Charlton gets a special cyber security advisory role. https://buff.ly/4frqDJ8

Creates special advisory role on "digital resilience".

25/07/2024

It has been a challenging week in the IT and cybersecurity field, with a lot of news about Crowdstrike and over 190 alerts to deal with. Stay updated on Google Chrome, IT disruptions, data breaches, email scams, and security solutions.



🚨 Google released an update for their Chrome that fixes a couple more serious security issues. While we've all learnt an important lesson about updating things too quickly, don't leave things unresolved for too long. https://buff.ly/3YjcfN8

⚠️ CrowdStrike's Falcon sensor caused global IT outages for Windows, hitting ANZ hardest. Fix deployed. Mac and Linux unaffected. https://buff.ly/3WgnW4p

⚠️ MediSecure's April ransomware attack compromised the personal and health data of 12.9M Australians. The stolen 6.5TB of data was restored, but the company struggles to identify affected individuals. https://buff.ly/3zMuLDl

⚠️ Minister Clare O'Neil urges caution as phishing scams take advantage of CrowdStrike IT outage. Scammers pose as CrowdStrike and Microsoft, requesting bank details and payments. Stay alert! https://buff.ly/3y1MOVz

⚠️ Daolpu malware disguised as a Microsoft recovery manual installs via phishing emails, stealing browser data from Chrome, Edge and Firefox. https://buff.ly/3ylb1WK

⚠️ Hackers leaked documents from Leidos Holdings via a breach in the Diligent system, affecting data from internal investigations. Leidos says no sensitive customer data was impacted. https://buff.ly/4cSMFTz

💪 Australian police seized 29 SIM boxes and thousands of SIM cards in raids to combat smishing attacks, with millions of fraudulent messages sent and six arrests made in NSW and Victoria. https://buff.ly/4bWrbUw

💪 Google has scrapped plans to phase out third-party cookies in Chrome, opting for a user-choice prompt, reflecting Privacy Sandbox's complex journey and industry challenges. https://buff.ly/3YgcKY6

💪 Secure Code Warrior launches SCW Trust Agent to evaluate developer security skills for each code commit, enhancing the security of Git-based repositories like GitHub, GitLab, and Bitbucket. 🎯 https://buff.ly/4cUvuRl

Causes Windows machines to display blue screen of death.

19/07/2024

It appears that widely used software from Crowdstrike is causing major issues in businesses across the globe at the moment. It's likely this will take some time to resolve fully.

It's best to assume that most services you use are going to be rebooted in some manner in the coming hours. Take care with any critical work if you're still operating and consider waiting until things settle down.