Cyber Concerns - Week 6 2022

WordPress updates forced onto websites

A nasty security hole in a WordPress plugin has been discovered that could allow someone to do pretty much whatever they want with your website.

If your site is using the plugin UpdraftPlus to manage site backups, you should urgently check that the latest version has been installed.

The issue was so serious and commonly installed, WordPress forced the update to be installed on millions of sites. Give your Wordpress setup a quick once over and make sure everything is running on the latest and greatest version when you get a few spare moments.

Aviation and Defence suppliers on notice

#BREAKING "It's likely its infiltrated into various critical services, so you may see other disruptions... or steal information" @cynchsec on the Ukrainian cyberattacks that likely affected Ukraine’s military, energy, and other key systems #Russia #RussiaUkraine #BreakingNews pic.twitter.com/88WhvZAj0m
— ticker NEWS (@tickerNEWSco) February 16, 2022

With tensions in Ukraine high, it’s not surprising to hear those supporting critical services such as aviation and defence are still being targeted in cyber attacks.

If your business participates in these supply chains theres an increased likelihood that you’re on the radar of sophisticated attackers.

Kick these threats around internally this week and check your risk registers to see if they need to be updated.

Parenting fail takes out whole town

In lighter news this week, French authorities tracked down a rouge signal jammer installed by a frustrated parent after the local neighbourhood suffered mobile network outages between midnight and 3am over a number of days.

The jammer had been set up to kick their kids off the Internet each night. An effective approach but disruptive well beyond the family home.

With the parent now facing fines and potentially jail time for using the device, this is a good reminder to consult an expert before blindly following something you’ve read online.