RightCue

Welcome to the November 2024 edition of the RightCue Newsletter! As cyber threats grow more advanced, managing third-party risks is more important than ever. In this edition, we’ll explore key challenges and share simple strategies to strengthen your cyber security and protect against vulnerabilities. #Cybersecurity #CyberNews #CyberSecurityAwareness #CyberEssentials

Android malware found on Amazon Appstore disguised as health app   A malicious Android spyware application named "BMI CalculationVsn" was recently discovered on the Amazon Appstore. Disguised as a health tool, this app was stealing data from infected devices.   The spyware could access sensitive information, posing a significant security risk to users. Amazon has since removed the app from its store, but users who downloaded it are advised to uninstall it immediately and check their devices for any unusual activity.   https://lnkd.in/ed6JeixM Jenny Leah

Microsoft 365 users hit by random product deactivation errors   Microsoft 365 users have recently encountered unexpected "Product Deactivated" errors, impacting their access to Office apps. Microsoft is actively investigating this issue, which has caused significant disruptions for many users. The company has acknowledged the problem and is working on a resolution to restore full functionality as soon as possible.   In the meantime, affected users are advised to follow the troubleshooting steps provided in Microsoft's support documentation.   Stay tuned for updates as Microsoft addresses this critical issue to ensure seamless productivity for all its users.   https://lnkd.in/ejpF9K-J Jenny Leah 

Today, the team at RightCue celebrated the festive season with our internal Christmas lunch and Secret Santa gift exchange! 🎅🎁 Today will be our last day in the office all together for the year, but we will still be working until midday on 24th December. Wishing you all a Merry Christmas and a Happy New Year! 🌟 #RightCue #ChristmasCelebration #SecretSanta #HolidaySeason

HubSpot phishing targets 20,000 Microsoft Azure accounts A recent report reveals a new phishing campaign that targets Microsoft Azure accounts by exploiting HubSpot. This sophisticated attack is aimed at automotive, chemical, and industrial manufacturing companies in Germany and the UK.   The attackers use HubSpot to send phishing emails that appear legitimate, tricking recipients into providing their Microsoft Azure credentials. This method leverages the trust placed in HubSpot's platform, making it a particularly effective and dangerous tactic.   Cybersecurity experts are urging organisations to be vigilant and implement robust security measures. It's crucial to educate employees about the risks of phishing and to verify the authenticity of any unexpected emails or login requests.   Stay alert and protect your digital assets! 🛡️Cyber incident exercising – prepare your organisation with RightCue's help https://lnkd.in/e3Z2hgk8   https://lnkd.in/gMuTVeNq Jenny Leah   #CyberSecurity #Phishing #MicrosoftAzure #HubSpot #StaySafeOnline  

New Phishing Scam Exploits Google Calendar to Steal Your Credentials!   A recent report by BleepingComputer highlights a sophisticated phishing scam that exploits Google Calendar invites and Google Drawings to steal user credentials. This method cleverly bypasses traditional spam filters, making it a significant threat to cybersecurity.   The attackers send fake Google Calendar invites containing malicious links. When users click on these links, they are directed to phishing pages designed to harvest their login information. This tactic leverages the trust users place in Google services, increasing the likelihood of successful attacks.   Cybersecurity experts from Check Point have been monitoring this campaign and emphasise the importance of vigilance and robust security measures. Users are advised to scrutinise unexpected calendar invites and verify the authenticity of any links before clicking.   Stay informed and protect your digital life! 🛡️Are you protected from common internet-based threats? A Cyber Essentials certification could help you remain compliant - https://lnkd.in/eCrjWbqm   https://lnkd.in/epEUcVfG Jenny Leah   #CyberSecurity #Phishing #GoogleCalendar #StaySafeOnline  

New fake Ledger data breach emails try to steal crypto wallets   A new phishing campaign is targeting Ledger hardware wallet users by sending fake data breach emails. These emails, which appear to be from Ledger, urge recipients to verify their recovery phrases to protect their assets. However, entering this information on the provided link allows scammers to steal the recovery phrases and gain full control over the associated cryptocurrency wallets.   This scam highlights the importance of vigilance and verifying the authenticity of any communication requesting sensitive information. Ledger has reiterated that it will never ask for recovery phrases via email or any other form of communication.   Stay safe and always double-check the source of such requests!   https://lnkd.in/eYMd9eQ9 Jenny Leah 

Over 25,000 SonicWall VPN Firewalls exposed to critical flaws A recent report has revealed that over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical security flaws. Alarmingly, around 20,000 of these devices are running outdated firmware versions that are no longer supported by the vendor.   These vulnerabilities could potentially allow unauthorised access and exploitation by malicious actors. This situation highlights the urgent need for organisations to ensure their security infrastructure is up-to-date and properly maintained.   SonicWall has issued patches for these vulnerabilities, and it is crucial for affected users to apply these updates immediately to mitigate potential risks.   https://lnkd.in/eeDJs7Pb Jenny Leah

Ireland fines Meta $264 million over 2018 Facebook data breach The Irish Data Protection Commission (DPC) has fined Meta €251 million ($264 million) for violations of the General Data Protection Regulation (GDPR) related to a 2018 data breach. This breach impacted 29 million Facebook accounts globally, exposing personal information such as names, email addresses, and phone numbers. The breach was caused by vulnerabilities in Facebook's "View As" feature, which allowed unauthorised access to user tokens.   This significant fine underscores the importance of robust data protection measures and compliance with GDPR standards. Meta has announced its intention to appeal the decision, emphasising the steps it took to address the breach promptly and enhance security measures across its platforms. RightCue are on hand to give you support with GDPR requirements - https://lnkd.in/e6KUSWDt   https://lnkd.in/eQbtr8Rn Jenny Leah

Rhode Island confirms data breach after Brain Cipher ransomware attack Rhode Island has confirmed a significant data breach following a ransomware attack by the Brain Cipher group. The attack targeted the state's RIBridges system, managed by Deloitte, which handles Medicaid and other human services benefit programs. The breach, discovered on December 5, 2024, potentially exposed the personal information of hundreds of thousands of residents.   The compromised data includes Social Security numbers, bank account details, and other sensitive information. In response, the state has taken the system offline and is working with federal agencies to investigate and mitigate the impact. Affected individuals are being notified and offered support services.   This incident underscores the critical need for robust cybersecurity measures to protect sensitive data in government systems. Stay informed and vigilant about cybersecurity threats to safeguard your personal information. 🛡️Contact RightCue to discuss how our Virtual CISO service can help strengthen your information security - https://lnkd.in/gzNdT4u9   https://lnkd.in/e8wXxmBP Jenny Leah   #CyberSecurity #DataBreach #GovernmentSecurity #RhodeIsland #Ransomware