Cyber Security Specialists

We are absolutely delighted to share the wonderful news that Cyber Security Specialists are the Media Sponsor of our 2025 Glitter Ball!! Our Cash for Kids Greater Manchester Glitter Ball is taking place on Friday 11th July at Delta Hotels by Marriott Worsley Park Country Club and we are super busy behind the scenes putting everything in place to make it an amazing evening for our fabulous guests once again! We are so incredibly grateful for sponsors to help us make the event a huge success and in turn raise much needed funds for our charity 💖 Thank you thank you thank you to Ben Pollard , Jennifer Meller and the whole Cyber Security Specialists team for your wonderful ongoing support to Cash for Kids Greater Manchester! We cannot wait to see you on the night 💃✨

WhatsApp for Windows users at risk, ransomware payment ban, Oracle & Smishing - it must be your weekly news roundup! 4 articles into a 2 minute read ⏰ 𝟭. 𝗨𝗞 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗣𝗮𝘆𝗺𝗲𝗻𝘁 𝗕𝗮𝗻 𝗼𝗻 𝘁𝗵𝗲 𝗛𝗼𝗿𝗶𝘇𝗼𝗻   The UK Government is considering banning ransomware payments, especially in sectors like insurance, to break the profitability of criminal gangs. While not yet law, discussions are ongoing with the National Cyber Security Centre and insurers. The move aims to reduce funding to threat actors and prevent repeated attacks on paying organisations. Critics argue that a ban without proper support may harm victims further.   ➡️ Review incident response plans to avoid dependence on ransom payments   ➡️ Ensure backups are secure and regularly tested   ➡️ Report ransomware incidents promptly to authorities   🔗 Source: https://lnkd.in/ejKF3Xz8 𝟮. 𝗢𝗿𝗮𝗰𝗹𝗲 𝗖𝗼𝗻𝗳𝗶𝗿𝗺𝘀 𝗖𝗹𝗼𝘂𝗱 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗕𝗿𝗲𝗮𝗰𝗵   Oracle has acknowledged that its cloud infrastructure was breached through a known vulnerability in the third-party product, libcurl. The compromise involved unauthorised access via stolen credentials from Snowflake, affecting some Oracle customers using the Cloud Infrastructure. 🔗 Source: https://lnkd.in/dR94_GGi 𝟯. 𝗪𝗵𝗮𝘁𝘀𝗔𝗽𝗽 𝗳𝗼𝗿 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗙𝗹𝗮𝘄 𝗖𝗼𝘂𝗹𝗱 𝗘𝘅𝗽𝗼𝘀𝗲 𝗠𝗲𝘀𝘀𝗮𝗴𝗲𝘀   A serious vulnerability in WhatsApp for Windows allowed attackers to remotely execute malicious code via video calls. The flaw (CVE-2024-0483) could give attackers access to files, conversations or allow spying. It affected older versions but has since been patched by Meta.  ➡️ Ensure WhatsApp and other tools are kept up to date   ➡️ Train staff to apply updates promptly   ➡️ Avoid using outdated versions 🔗 Source: https://lnkd.in/dnffzf5Z 𝟰. 𝗦𝗺𝗶𝘀𝗵𝗶𝗻𝗴 𝗦𝘂𝗿𝗴𝗲 𝗟𝗶𝗻𝗸𝗲𝗱 𝘁𝗼 𝗖𝗵𝗶𝗻𝗲𝘀𝗲 𝗖𝘆𝗯𝗲𝗿𝗰𝗿𝗶𝗺𝗲 𝗚𝗿𝗼𝘂𝗽   A Chinese-linked cybercrime group known as Smishing Triad is targeting UK drivers with fake toll payment texts. Victims are tricked into clicking malicious links that lead to credential theft and financial loss. The scam uses regional targeting and cloned websites that appear legitimate, exploiting public trust in transport authorities.   What you can do:   ➡️ Educate staff and users about smishing and phishing threats   ➡️ Implement mobile security and SMS filtering where possible   ➡️ Encourage scepticism of unsolicited payment requests via text   🔗 Source: https://lnkd.in/e-eTFGQN More updates next week!  #CyberSecuritySpecialists #Crest #Resilience #CyberEssentials #CyberSecurityExperts #CyberSafety #CyberSecurity #RansomwarePrevention #SupplyChainSecurity #SecureMessaging #SmishingScams

Ever wondered what you’d do if your organisation was hit by a cyber attack? When systems go down, data is compromised, or suspicious activity is spotted, knowing who to call and what to do next can make all the difference. That’s where our CREST-certified Cyber Security Incident Response (CSIR) service comes in. We’re recognised by CREST, the leading accreditation body for cyber security, for meeting rigorous standards in incident response. This means you're getting proven, expert help when time matters most. Our experienced team works closely with you to identify, contain, and recover from threats. Whether you're facing a live attack or want to improve your readiness, we offer a calm, clear, and cost-effective approach that puts your business needs first. We don’t just fix the problem, we help you understand what happened, why, and how to reduce the risk of it happening again. No jargon, no scare tactics - just trusted advice, tailored to you. Because when it comes to cyber incidents, it’s not just about reacting fast, it’s about recovering smarter. #CyberSecuritySpecialists #Crest #Resilience #CyberEssentials #CyberSecurityExperts #CyberSafety #CyberSecurity #IncidentResponse #CRESTCertified #DataSecurity #BusinessContinuity

Rounding off on a busy week at DTX and Manchester Security Community with Cyber Security Specialists Fantastic to meet with many of our valued clients and partners and also great to catch up with some former colleagues during the event. Particularly enjoyed being part of discussions centred around AI governance and I will say from our end watch this space!

Cyber Security news - 𝘄𝗵𝗮𝘁'𝘀 𝗴𝗼𝗶𝗻𝗴 𝗼𝗻 𝗮𝗻𝗱 𝘄𝗵𝗮𝘁 𝘆𝗼𝘂 𝗰𝗮𝗻 𝗱𝗼. 2 min read 𝟭. 𝗨𝗞 𝗚𝗼𝘃𝗲𝗿𝗻𝗺𝗲𝗻𝘁 𝗣𝗿𝗼𝗽𝗼𝘀𝗲𝘀 £𝟭𝟬𝟬,𝟬𝟬𝟬 𝗗𝗮𝗶𝗹𝘆 𝗙𝗶𝗻𝗲𝘀 𝗳𝗼𝗿 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗡𝗼𝗻-𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 The UK government has unveiled the Cyber Security and Resilience (CSR) Bill, proposing daily fines of £100,000 for organisations failing to address specific cybersecurity threats. 𝑅𝑒𝑐𝑜𝑚𝑚𝑒𝑛𝑑𝑒𝑑 𝐴𝑐𝑡𝑖𝑜𝑛𝑠: - Evaluate Compliance: Assess your organisation's adherence to current and proposed cybersecurity regulations. - Enhance Security Measures: Implement robust cybersecurity practices to mitigate risks and ensure compliance with forthcoming legislation. Source: https://lnkd.in/ekQGQ2ZB 𝟮. 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗶𝗻 𝗡𝗲𝘅𝘁.𝗷𝘀 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸 The National Cyber Security Centre (NCSC) has issued a warning regarding a significant vulnerability (CVE-2025-29927) in the Next.js web development framework. 𝑅𝑒𝑐𝑜𝑚𝑚𝑒𝑛𝑑𝑒𝑑 𝐴𝑐𝑡𝑖𝑜𝑛𝑠: - Update Immediately: Ensure your Next.js installations are updated to the latest version where this vulnerability is patched. Source: https://lnkd.in/ez3zwd6y 𝟯. 𝗔𝗽𝗽𝗹𝗲 𝗥𝗲𝗹𝗲𝗮𝘀𝗲𝘀 𝗣𝗮𝘁𝗰𝗵𝗲𝘀 𝗳𝗼𝗿 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗲𝗱 𝗭𝗲𝗿𝗼-𝗗𝗮𝘆 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 Apple has released patches for three zero-day vulnerabilities that have been actively exploited. These vulnerabilities affect older versions of iOS and macOS devices. 𝑅𝑒𝑐𝑜𝑚𝑚𝑒𝑛𝑑𝑒𝑑 𝐴𝑐𝑡𝑖𝑜𝑛𝑠: - Apply Updates Promptly: Update your devices to the latest available versions to protect against these exploits. - Stay Informed: Regularly check for and apply security updates from Apple to maintain device integrity. Source: https://lnkd.in/gyAG3Qu4 𝟰. 𝗚𝗼𝗼𝗴𝗹𝗲 𝗜𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝗲𝘀 𝗘𝗻𝗱-𝘁𝗼-𝗘𝗻𝗱 𝗘𝗻𝗰𝗿𝘆𝗽𝘁𝗶𝗼𝗻 𝗶𝗻 𝗚𝗺𝗮𝗶𝗹 Google is rolling out end-to-end encryption (E2EE) for Gmail, simplifying the process of sending encrypted emails. This feature allows enterprise users to send encrypted messages to any inbox without the need for custom software or certificate exchanges. Initially available in beta, it will expand to all Gmail and third-party email users later this year. 𝑅𝑒𝑐𝑜𝑚𝑚𝑒𝑛𝑑𝑒𝑑 𝐴𝑐𝑡𝑖𝑜𝑛𝑠: - Explore Encryption Options: If you use Gmail for business communications, consider enabling E2EE to enhance email security. - Educate Staff: Train employees on the importance of email encryption and how to use the new feature effectively. Source: https://lnkd.in/eqQZYRr3 More next week! #CyberSecuritySpecialists #Crest #Resilience #CyberEssentials #CyberSecurityExperts #CyberSafety #CyberSecurity #DataProtection #InfoSec #CyberThreats 

Cancer affects so many of us, our team knows this all too well. Some of us have faced it personally, while others have watched loved ones battle through. That’s why we’re stepping away from our screens and lacing up our hiking boots to take on Snowdon, to raise funds for Macmillan Cancer Support. Please visit our Just Giving page and donate if you can - every donation, big or small, will push us up that mountain! More importantly, it’ll help Macmillan be there for even more people who need them. Thank you! 💚 Cyber Security Specialists Team https://lnkd.in/eqJPkgj3

Stay up to date! Your weekly 2 minute read 🔒 𝟭. 𝗖𝗵𝗶𝗻𝗲𝘀𝗲 𝗛𝗮𝗰𝗸𝗲𝗿𝘀 𝗕𝗿𝗲𝗮𝗰𝗵 𝗔𝘀𝗶𝗮𝗻 𝗧𝗲𝗹𝗲𝗰𝗼𝗺 𝗳𝗼𝗿 𝟰+ 𝗬𝗲𝗮𝗿𝘀  A Chinese state-sponsored group, Weaver Ant, infiltrated an Asian telecom provider, maintaining access for over four years using stealthy malware and tunneling techniques. Their tactics enabled cyber espionage, targeting sensitive data and high-privilege accounts.   🔗 Source: https://lnkd.in/gfn_FmUd  𝟮. 𝗨𝗞’𝘀 𝗡𝗖𝗦𝗖 𝗨𝗻𝘃𝗲𝗶𝗹𝘀 𝗤𝘂𝗮𝗻𝘁𝘂𝗺-𝗥𝗲𝘀𝗶𝘀𝘁𝗮𝗻𝘁 𝗘𝗻𝗰𝗿𝘆𝗽𝘁𝗶𝗼𝗻 𝗥𝗼𝗮𝗱𝗺𝗮𝗽   The NCSC has outlined a phased transition to post-quantum cryptography (PQC) by 2035 to protect sensitive data from future quantum threats. Organisations are urged to start planning now to avoid rushed implementations and security gaps.   🔗 Source: https://lnkd.in/eA9R48nF  𝟯. 𝗚𝗿𝗼𝘄𝗶𝗻𝗴 𝗡𝗮𝘁𝗶𝗼𝗻-𝗦𝘁𝗮𝘁𝗲 𝗧𝗵𝗿𝗲𝗮𝘁𝘀 𝘁𝗼 𝗦𝘂𝗽𝗽𝗹𝘆 𝗖𝗵𝗮𝗶𝗻𝘀 Experts warn of escalating attacks on supply chains, with Chinese-backed groups targeting IT providers and telecoms. Companies should prioritise security measures now rather than wait for government mandates.   🔗 Source: https://lnkd.in/dqeTRAGd  𝟰. 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗘𝗻𝗵𝗮𝗻𝗰𝗲𝘀 𝗘𝗱𝗴𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗳𝗼𝗿 𝗔𝗜 & 𝗕𝗬𝗢𝗗 𝗥𝗶𝘀𝗸𝘀   New security controls in Edge for Business strengthen data protection on personal devices and prevent AI-related data leaks. Features include real-time monitoring and blocking of sensitive data submissions to AI apps.   🔗 Source: https://lnkd.in/d7eN-9Py  More updates next week!  #CyberSecuritySpecialists #Crest #Resilience #CyberEssentials #CyberSecurityExperts #CyberSafety #AIThreats #SupplyChainSecurity #QuantumComputing

Securing AI - Expore the latest Top 10 risks, vulnerabilities and mitigations for developing and securing generative AI and large language model applications across the development, deployment and management lifecycle. #owasptop10 #ai #llm #securebydesign #cybersecurity https://lnkd.in/eFT4DunN

AWS Key Management Service (AWS KMS) has launched key-level filtering for AWS KMS API usage in Amazon CloudWatch metrics, providing enhanced visibility to help customers improve their operational efficiency and aid in security and compliance risk management. #kms #keymanagement #cloud #observability #security #compliance https://lnkd.in/euGzGzPA

Your 2 minute read containing key cyber threats and security developments:  𝟭. 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝟯𝟲𝟱 𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗔𝘁𝘁𝗮𝗰𝗸 𝗕𝘆𝗽𝗮𝘀𝘀𝗲𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗖𝗼𝗻𝘁𝗿𝗼𝗹𝘀  A new phishing campaign exploits Microsoft 365’s own infrastructure, making it harder to detect. Attackers manipulate billing notifications to embed fraudulent messages, bypassing email security checks. Victims are tricked into calling fake support numbers, leading to credential theft and account takeovers.   𝘞𝘩𝘢𝘵 𝘺𝘰𝘶 𝘤𝘢𝘯 𝘥𝘰:   ➡️ Be cautious of unexpected Microsoft emails, even if they appear legitimate.   ➡️ Verify billing alerts directly through your Microsoft account.   ➡️ Implement multi-factor authentication (MFA) to reduce account takeover risks.   🔗 Source: https://lnkd.in/ejPFF6aB  𝟮. 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗦𝘁𝗿𝗮𝘁𝗲𝗴𝗶𝗲𝘀 𝗶𝗻 𝗨𝗞 𝗣𝘂𝗯𝗹𝗶𝗰 𝗦𝗲𝗰𝘁𝗼𝗿   National Highways is proactively addressing cybersecurity challenges by implementing innovative strategies. To secure its complex supply chain, the agency has developed a comprehensive plan aimed at mitigating cyber risks. Recognising the importance of talent in cybersecurity, National Highways is enhancing its recruitment efforts by offering flexible working arrangements, welcoming career changers, and providing part-time roles to attract a diverse pool of candidates. 🔗 Source: https://lnkd.in/e7pfNPTH  𝟯. 𝗠𝗮𝘀𝘀𝗶𝘃𝗲 𝗔𝗱 𝗙𝗿𝗮𝘂𝗱 𝗖𝗮𝗺𝗽𝗮𝗶𝗴𝗻 𝗛𝗶𝘁𝘀 𝟲𝟬𝗠+ 𝗨𝘀𝗲𝗿𝘀  Over 331 malicious apps were found on Google Play, tricking users into phishing scams and full-screen intrusive ads. Fraudsters use versioning tactics to bypass Google’s vetting process, hiding malicious features in app updates.   𝘞𝘩𝘢𝘵 𝘺𝘰𝘶 𝘤𝘢𝘯 𝘥𝘰:   ➡️ Avoid apps with excessive permissions or intrusive ads.   ➡️ Regularly review installed apps and remove suspicious ones.   ➡️ Use mobile security solutions to detect fraudulent applications.   🔗 Source: https://lnkd.in/g2A4bPRa  𝟰. 𝗖𝗵𝗮𝘁𝗚𝗣𝗧 𝗘𝘅𝗽𝗹𝗼𝗶𝘁 𝗨𝘀𝗲𝗱 𝗔𝗴𝗮𝗶𝗻𝘀𝘁 𝗨𝗦 𝗚𝗼𝘃𝗲𝗿𝗻𝗺𝗲𝗻𝘁 𝗢𝗿𝗴𝗮𝗻𝗶𝘀𝗮𝘁𝗶𝗼𝗻𝘀   A vulnerability (CVE-2024-27564) in OpenAI’s ChatGPT has been actively exploited from over 10,000 IPs, with financial institutions among the key targets. Attackers manipulate ChatGPT’s request system to launch unauthorised queries and access sensitive information.   𝘞𝘩𝘢𝘵 𝘺𝘰𝘶 𝘤𝘢𝘯 𝘥𝘰:   ➡️ Review security configurations for AI-driven services.   ➡️ Implement strict input validation to prevent unauthorised requests.   ➡️ Monitor attack patterns and malicious IPs.   🔗 Source: https://lnkd.in/geMV4ewX  #CyberSecuritySpecialists #Crest #Resilience #CyberEssentials #CyberSecurityExperts #CyberSafety #CyberSecurity #PhishingAttack #AdFraud #AIThreats #CyberAwareness