Category Archives: News

Spotting Fake Web Addresses

To most people at quick glance at the above address will look genuine, even if you look in detail you may say its Primark in the US, wrong !

It’s a fake site, what we have here is a well constructed fake web address.  Most people associate the www with the start of a web address and com as part of the address and the company name in the middle.

What we have here really is a site with 2 subdomains setup.  The first www is just a subdomain, the primark is a subdomain and the com-stores.us is the actual domain name.  Typically criminals and others setting up fake sites are using this method more often in order to trick people in to thinking the web address is genuine.

When you visit the site it maybe layed out to give the impression you are on a genuine site for that company.  In reality the site may have infected your computer with a virus or spyware, or maybe they want you to login to the site in order to get your login or bank details.

Note :- The above example web address is known to be fake, please do not visit that site.



Almost Half Of UK Firms Hit By Cyber Breach Or Attack In The Past Year

Nearly seven in ten large companies identified a breach or attack, new Government statistics reveal.

  • Firms holding personal data more likely to be attacked
  • Most common attacks were fraudulent emails, followed by viruses and malware

Businesses large and small are being urged to protect themselves against cyber crime after new Government statistics found nearly half of all UK businesses suffered a cyber breach or attack in the past 12 months.

The Cyber Security Breaches Survey 2017 reveals nearly seven in ten large businesses identified a breach or attack, with the average cost to large businesses of all breaches over the period being £20,000 and in some cases reaching millions. The survey also shows businesses holding electronic personal data on customers were much more likely to suffer cyber breaches than those that do not (51 per cent compared to 37 per cent).

The most common breaches or attacks were via fraudulent emails – for example coaxing staff into revealing passwords or financial information, or opening dangerous attachments – followed by viruses and malware, such as people impersonating the organisation online and ransomware.

Businesses also identified these common breaches as their single most disruptive breach, and the vast majority of them could have been prevented using the Government-backed, industry supported Cyber Essentials scheme, a source of expert guidance showing how to protect against these threats.

These new statistics show businesses across the UK are being targeted by cyber criminals every day and the scale and size of the threat is growing, which risks damaging profits and customer confidence.

The Government has committed to investing £1.9 billion to protect the nation from cyber attacks to help make the UK the safest place to live and do business online.

Business also has a role to play to protect customer data. The government offers free advice, online training and Cyber Essentials and Cyber Aware schemes.

The survey also revealed:

Of the businesses which identified a breach or attack, almost a quarter had a temporary loss of files, a fifth had software or systems corrupted, one in ten lost access to third party systems they rely on, and one in ten had their website taken down or slowed.

Firms are increasingly concerned about data protection, with the need to protect customer data cited as the top reason for investing by half of all firms who spend money on cyber security measures.

Following a number of high profile cyber attacks, businesses are taking the threat seriously, with three quarters of all firms saying cyber security is a high priority for senior managers and directors; nine in ten businesses regularly update their software and malware protection; and two thirds of businesses invest money in cyber security measures.

Small businesses can also be hit particularly hard by attacks, with nearly one in five taking a day or more to recover from their most disruptive breach.

Areas where industry could do more to protect itself include around guidance on acceptably strong passwords (only seven in ten firms currently do this), formal policies on managing cyber security risk (only one third of firms), cyber security training (only one in five firms), and planning for an attack with a cyber security incident management plan (only one in ten firms).

All businesses which hold personal data will have to make sure they are compliant with the new General Data Protection Regulation (GDPR) legislation from May 2018. This will strengthen the right to data protection, which is a fundamental right, and allow individuals to have trust when they give their personal data.

The Cyber Breaches Survey is part of the Government’s five-year National Cyber Security Strategy to transform this country’s cyber security and to protect the UK online. As part of the strategy, the Government recently opened the new National Cyber Security Centre (NCSC), a part of GCHQ.

One of the key objectives of the NCSC is to increase the UK’s cyberspace resilience by working with and providing expert advice tailored to organisations and businesses in every sector of the UK economy and society.




Ciaran Martin, CEO of the National Cyber Security Centre, said:

UK businesses must treat cyber security as a top priority if they want to take advantage of the opportunities offered by the UK’s vibrant digital economy.

The majority of successful cyber attacks are not that sophisticated but can cause serious commercial damage. By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities.

Cyber Essentials, technical advice on CiSP and regularly updated guidance on the NCSC website offers companies, big and small, simple steps that can significantly reduce the risk of a successful attack.

IIS Zero Day Vulnerability Will Never Be Patched

Affected Platforms

Microsoft Internet Information Services 6.0

Description

A vulnerability found in Microsoft’s Internet Information Services (IIS) web server technology has been publicly detailed along with proof of concept exploit code. It is understood to have been under attack since July 2016. The flaw itself is found on IIS version 6.0. It reached end of life in July 2015 meaning it will likely not be patched which will leave all remaining servers that are yet to upgrade with the potential of a complete system compromise.

The vulnerability is a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service for IIS 6. The flaw itself is found within the WebDAV service, an extension to the [http] protocol designed to simplify sharing and content authoring.

An attack launched against a vulnerable server can cause a denial of service event but it could also result in a full remote code execution exploit.. With many IIS deployments running on a full Windows server installation often hosting other services for internal services, a break of this nature is capable of allowing a threat actor to gain a serious foothold in the network.

Remediation

  • Either upgrade IIS or disable WebDAV as soon as possible (see below how to disable WebDAV in IIS6)
  • Conduct scans of your own address space either internally or with the use of a third party to discover any previously forgotten deployments that may be left vulnerable.
  • Where vulnerable deployment have been available from the internet, access logs and other log data source should be analysed for unusual activity that may indicate a previous compromise.




How To Disable WebDAV In Microsoft IIS6

  • Click the Windows “Start” button, select “Administrative Tools,” and then click “Internet Information Services (IIS) Manager.”
  • Select the “Web Service Extensions” folder on the left side of the IIS Manager window.
  • Select the “Extended” tab near the bottom of the window.
  • Select the “WebDAV” item below the “Web Service Extension” heading on the right side of the window.
  • Click the adjacent “Prohibit” button.

Cisco Wireless Security Updates

Cisco has issued the following security alert for a range of Wireless products :-

Affected Platforms

Aironet 1830 Series and 1850 Series Access Points
Wireless LAN Controller 802.11 WME
Wireless LAN Controller IPv6
Wireless LAN Controller Management GUI

Description

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

Remediation

Cisco encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates :-

Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability cisco-sa-20170405-ame (Full details here)

Wireless LAN Controller 802.11 WME Denial-of-Service Vulnerability cisco-sa-20170405-wlc (Full details here)

Wireless LAN Controller IPv6 UDP Denial-of-Service Vulnerability cisco-sa-20170405-wlc2 (Full details here)

Wireless LAN Controller Management GUI Denial-of-Service Vulnerability cisco-sa-20170405-wlc3 (Full details here)




The Scammers Who Warn You Of Scammers

We had to share this one with you.  Alongside the daily intake of spam we spotted this one.  All the rest wanted our money, but this guy is warning us that there is scammers about ! But he does want $240, have a read.

Attn:

I am Mardiani Nasution, I am an Indonasia Citizen living in the USA ,62 years Old. I reside in New Jersey. My residential address is 35 romney road Bound brook NJ ,USA 08805 United States, I am one of those that took part in the Compensation in Nigeria many years ago and they refused to pay me, I had paid over $28,000 while in the United States of America, trying to get my payment all to no avail.

So I decided to travel down to Nigeria with all my compensation documents, and I was directed to meet Mr Phillip Uba, who is the heads member of COMPENSATION AWARD COMMITTEE with the UNITED NATIONS, and I contacted him and he explained everything to me. He said whoever has been contacting us through emails are fake and I saw your name (in the Central Computer among the list of unpaid beneficiaries, contractors,Internet Dating Scam, lottery winners, inheritance next of kin, that was originated from West Africa, United Kingdom, Asia and US .Please i will want to advice you to stop all further communication with any parties ,bank or group of people claiming to be in charges of your fund,

He took me to the paying bank for my Compensation payment of $5,400,000.00 and he showed me the full list of EMAIL ADDRESS of those that are yet to receive their payments were I saw your EMAIL ADDRESS as one of the beneficiaries. This is why I decided to email you to stop dealing with wrong people, they are not with your fund, they are only making money out of you. I will advise you to contact Mr Phillip Uba

UNITED NATIONS COMPENSATION
Name: Mr Phillip Uba
Email: solutiongiver091@outlook.com
TEL:+234 9075009131
You really have to stop dealing with those people that are contacting you telling you that your fund is with them, it is not in anyway with them, they are only taking advantage of you and they will dry you up until you have nothing. The only money I paid after I met Mr Phillip Uba was just $240 for the paper work which you have to pay once you contact him and he’ll work it out for you, take note of that. Once again stop contacting those people, I will advise you to contact Mr Phillip so that he can help you to transfer your Fund into your account, instead of dealing with those liars that will be turning you around asking for different kind of money to complete your transaction.

Thank You

Maradiani

This e-mail had the subject “GOOD NEWS BENEFICIARY” and it was from site_reg@aol.com

Register My Appliance Day

Staffordshire Fire and Rescue Service is urging residents to make their homes safer by taking part in Register My Appliance Day this Thursday (January 19).  The call comes as latest statistics show that Staffordshire  Fire and Rescue Service received 119 calls attributed to faulty appliances  or equipment in 2016. Appliance manufacturers are reminding their customers that they can instantly improve their home safety by taking a few minutes to register the white goods that they rely on every day, have never registered, and completely forget they own.

“Remembering to register household appliances is a vital part of keeping one’s home and family safe. These products are the workhorses of the home, often running daily and for many years, but it is all too easy to forget about them. Getting into the habit of spending a few minutes on www.registermyappliance.org.uk guarantees the household will receive any relevant safety messages from the manufacturer and they should respond immediately. This simple admin task should become second nature to anyone who is serious about home safety.”

Community Safety Lead James Russell

As part of the Fire Kills campaign, Staffordshire Fire and Rescue Service is backing this sensible and simple precaution, to ensure that householders can be contacted swiftly if a safety repair is ever needed.

Those who register their January sale bargains or the thousands of older models already running in their homes, will be entered into a free draw for a range of prizes from many of the 60 leading brands on www.registermyappliance.org.uk(opens in a new window).
The latest YouGov survey for the Association of Manufacturers of Domestic Appliances (AMDEA) has found that less than half (43 per cent) of British adults usually register their large domestic appliances with the manufacturer.  Of those that don’t always register, 39 per cent said this was because they forgot and 29 per cent didn’t think it was necessary.  Potentially they all risk missing out on product safety warnings.

According to recent official estimates, UK homes are currently using around 93 million (92.7m.) wet and dry large appliances. They are kept for ten or many more years yet, unlike cars, the vast majority are untraceable and have never had a health check.

The YouGov survey also revealed that 70 per cent of GB adults with a fridge or  fridge freezer over ten years old  have never had a professional review or check to verify if they are safely connected or running correctly.

The Service urges the public to register any recent purchases and not to forget about their older appliances:

Community Safety Lead James Russell said: “Remembering to register household appliances is a vital part of keeping one’s home and family safe. These products are the workhorses of the home, often running daily and for many years, but it is all too easy to forget about them. Getting into the habit of spending a few minutes on www.registermyappliance.org.uk(opens in a new window)  guarantees the household will receive any relevant safety messages from the manufacturer and they should respond immediately. This simple admin task should become second nature to anyone who is serious about home safety.
“It only takes a few minutes to register an appliance at it could save so much time and money in the long run if one their items does have a safety concern.”

On Register My Appliance Day manufacturers are sending reminders to over 4 million consumers. With supporters including RoSPA, Trading Standards, Citizens Advice, Electrical Safety First and the National Landlords Association using both regional press and social media to promote registration on www.registermyappliance.org.uk(opens in a new window)




Story via – Staffordshire Fire and Rescue Service

£60 Million Tax Reform To Boost UK’s Digital Revolution

The UK’s digital revolution is set to benefit from a multi-million pound boost, under plans announced by Communities Secretary Sajid Javid.

A new Local Government Finance Bill published today (13 January 2017) will make it easier for companies to connect more homes and businesses across England to gold standard full fibre broadband and help get the UK ready for 5G by cutting the cost of laying the cables.

Currently telecoms networks pay business rates on the fibre infrastructure needed to deliver high quality broadband and mobile connectivity to their customers. The Bill introduced in Parliament will give these companies a tax break for up to 5 years on the new infrastructure they lay for full fibre broadband – a saving of £60 million, which can be reinvested in this work.

This new tax relief will not apply to existing infrastructure, giving companies an added incentive to move further and faster to get people connected to the best possible services as they become available.

The move is part of a £1 billion package of measures by the government, announced at Autumn Statement 2016, to help communities get digitally connected. The package also includes:

  • a £400 million Digital Infrastructure Investment Fund, at least matched by private finance, to invest in new fibre networks over the next 4 years
  • £740million funding to encourage the market development of full fibre networks in both urban and rural areas
  • a coordinated programme of integrated fibre and 5G trials, to keep the UK at the forefront of the digital revolution

Communities Secretary Sajid Javid said:

We need to have the best possible digital technology and broadband connections if we’re to create an economy that works for all.

The Local Government Finance Bill will offer a £60 million boost to deliver ever-faster broadband connections, making UK PLC an ever-stronger competitor on the global stage.




Supporting local economic growth – in communities and online

The government is determined to create an economy that works for everyone, by giving councils and communities the powers they need to boost local economic growth.

The Local Government Finance Bill includes a range of measures to cut business rates for small businesses and local amenities and help local communities to thrive.

They include:

  • bringing rural rate reliefs into line with those in urban areas – currently, eligible small businesses in rural areas benefit from a 50% discount on their business rates. The Bill will double this, bringing it into line with rate reliefs in urban areas
  • rate reliefs on public toilets – councils are currently required to charge themselves business rates on the public toilets they are responsible for, and cannot grant themselves any rate reliefs. This Bill will change that, and allow councils to provide rate relief to all public toilets, making it cheaper for councils to keep them open in their areas.

This is on top of the biggest ever cut in business rates announced at the Budget – worth £6.7 billion over the next 5 years – which means 600,000 small businesses will never have to pay business rates again.

The Bill also lays the groundwork for historic reform to business rates so that, by 2020, local government will keep 100% of the business rates it collects.

From April 2017, this new approach will be piloted in London, Manchester and Liverpool, as well as the devolution deal areas of the West of England, Cornwall and the West Midlands.

This is a change local government has campaigned for, for years – and will put councils firmly at the heart of efforts to drive local economic growth, encouraging them to further support local firms and jobs and, in turn, ensure their communities see the benefits of increased local economic growth.

Whatsapp Hackers Can Now Steal Your Internet Banking Details

WhatsApp users should be made aware of a new scam that attempts to steal your bank account login details. Hackers are now targeting unsuspecting users with a mobile virus that is distributed via legitimate-looking Word document sent inside the application.

These documents are capable of seizing sensitive information from the users’ phone, such as online banking credentials and other personal data.  The documents that circulate via the messages are typically in Excel format, although Word and PDF files have been reported as well. The documents are able to access personal data on the phone, including banking credentials and PIN codes.

At the moment it is not known what else this virus does on a phone or tablet, or whether WhatsApp is taking any action to prevent the scam.

The best way to protect your phone or tablet is to avoid clicking on dubious links, no matter how, or who you receive them from, and limit app use to applications downloaded from official app stores.



Our Connected Future – Are We There Yet ?

NIC Chair, Lord Adonis, writes about the commission’s latest report and the UK’s connected future.

One call after another they came. Complaints from all over the UK about mobile phone reception so poor that even basic conversation is impossible.  (Wednesday 14 December) I spent my morning on regional radio besieged by news of digital deserts from across the country.

No surprise. The UK, whose inventors claim the telephone and the world wide web, is now well behind the curve. 4G is currently available in the UK just half the time we need it. We are 54th in the world, behind Romania and Albania, Panama and Peru.

This cannot go on. If our industrial strategy is to mean anything, it must address our connected future. Mobile connectivity is now a necessity and should be treated as such with a high level of service generally available. And the UK must be a world leader, not follower, in 5G – the ultra-fast, ultra-reliable, ultra-high-capacity mobile communications technology which will succeed 4G in the 2020s.

The market has driven great advances since the advent of the mobile phone. In just 30 years, mobile devices have transformed from an extravagant luxury to an essential part of work and life. There are now more mobile devices than people: 93% of adults in the UK have them, and multi-function smartphones – using 4G connectivity – have overtaken laptops as the device of choice.

But 4G service remains patchy and unreliable because infrastructure investment has been too little and too slow. Many trunk roads and railways remain digital deserts; and not just remote areas, but many city centres, are plagued by ‘not-spots’ and intermittent coverage.

Government and Ofcom, the industry regulator, must ensure that good 4G mobile coverage – for talk, text and data – becomes the norm. It is time for a general service obligation based on a measure of the service consumers really receive where they need it. This should be agreed in 2017 and delivered as quickly as possible thereafter. In very remote locations it may not always be possible to achieve, but reliable coverage should extend across cities, towns and villages across Britain and the mass transport networks.




Poor coverage on the rail network is legendary. We all know what it is like to sit on a train wondering when the next precious minute of connectivity will arrive.

Rail passenger journeys have more than doubled in the last two decades to a 1.7 billion a year. Years worth of productive time is lost to British business whilst their employees stare at empty screens. Passengers on the principal lines – including the tube in London – should have reliable 4G wireless connectivity. The same goes for the motorways where poor connectivity is equally stark, impairing the flow of essential travel and traffic information. Network Rail, Highways England and Transport for London should forge and lead partnerships with private investors to achieve general 4G coverage as soon as possible, backed up by a general service obligation set by the government.

These 4G networks should be capable of conversion to 5G when it becomes available. Local authorities also have a critical role in preparing for 5G. They need to work with local business and mobile network providers to enable rapid installation of infrastructure – small masts and cabinets – to support tens of thousands of new transmitter ‘cells’ required to deliver 5G across urban Britain.

Ensuring this general 4G mobile coverage, and preparing for 5G, should be a core part of the government’s new industrial strategy. Today, the government’s interest in digital infrastructure is fragmented across departments and agencies. This is a clear recipe for inaction and lack of focus. A single cabinet minister should have the authority to lead 5G policy and delivery across government, advised by Ofcom.

No-one could have predicted what Amazon would do to publishing with the internet, nor that Uber would revolutionise private hire transport with 4G. The same will be true of the transformative applications which change our lives based on 5G.

But if the services that future mobile networks will enable cannot be known in advance, the network requirements are clear. More data, greater reliability, wider coverage, and the power, fibre and transmitters necessary to make it happen.

South Korea, Japan, Singapore and the US led the world in 4G connectivity. They did so through ambitious and interventionist national industrial strategies, even if Washington’s highly activist Federal Communications Commission rarely used the term. Tom Wheeler, chairman of the FCC, calls 5G a ‘national priority’ and in July published an initial strategy. We are already being left behind.

Andrew Adonis is chairman of the National Infrastructure Commission, whose Connected Future report can be found here




Story via gov.uk

www

New Proposed Measures For Drones In The UK

The government plans to introduce new measures to ensure the successful uptake of drones is matched by strong safeguards to protect the public.

Measures out for consultation today (21 December 2016) include:

  • mandatory registration of new drones
  • tougher penalties for illegal flying near no-fly zones and new signs for no-fly zones at sensitive sites such as airports and prisons
  • making drones electronically identifiable so the owner’s details can be passed to police if they are spotted breaking the law

The consultation will also consider whether there is a need for a new criminal offence for misuse of drones.

The government is determined to make the most of this emerging technology, estimated to be worth around £102 billion by 2025. But ministers are clear it will only be a success if it is done safely, and with the consent of the public.

Aviation Minister Lord Ahmad of Wimbledon said:

Drones have enormous economic potential and are already being used by emergency services, transport and energy providers and conservation groups to improve services, respond to incidents and save lives.

While the vast majority of drone users are law-abiding and have good intentions, some operators are not aware of the rules, or choose to break them, putting public safety, privacy and security at risk. The government is taking a common sense approach to tackling this behaviour, ensuring the safe roll-out of this technology.

Current regulations balance clear rules on safety and strong penalties for misuse, and companies using drones for commercial purposes need permission to ensure they are operated responsibly.




Tim Johnson, Policy Director at the Civil Aviation Authority (CAA) said:

Our priority is the safe operation of drones and we cannot underestimate the importance of understanding how to use drones safely and responsibly. The new CAA Dronecode, which forms part of our wider drone awareness campaign, is designed to help protect the safety of the wider aviation industry. Drones have significant potential to drive benefits across a range of sectors, from farming to emergency response, healthcare to logistics. We encourage anyone with an interest in this area to respond to the government’s consultation.

The CAA’s safety code and dronesafe website, and the recently releasedNATS safety app for drone users Drone assist are important tools in encouraging safe and legal drone use.

Andrew Sage, RPAS Director at air traffic control company NATS said:

NATS fully supports the development of the drone industry and is committed to creating a safe and efficient airspace environment that meets the needs of both manned and unmanned aircraft operators. We’d encourage all users of the UK’s airspace to respond to the consultation; it’s only by understanding all perspectives and working together that we’ll be able to find the solutions that will see successful manned and unmanned aviation industries both safely operating in the UK.

drone_twitter_twitpics_website_dimensions3