Security Breach Update
22 August 2019

ACSC Warns Australian Small Businesses about BlueKeep Vulnerability ACSC Warns Australian Small Businesses about BlueKeep Vulnerability

According to a warning by the Australian Cyber Security Centre, thousands of Australian SMBs are at risk of being compromised by the BlueKeep vulnerability that can wreak havoc on outdated Windows operating systems. See full article here.

The warning comes on the heels of a disclosure by a security researcher who revealed a publicly available Remote Desktop Protocol that can scan for unpatched systems.

The ACSC estimates that 50,000 Australian devices are vulnerable to this malady, which is easily defensible using a patch provided in a software update.

Unfortunately, for companies that don’t take advantage of the update, their systems can be easily infiltrated by bad actors who steal and destroy company data.

Software updates are critical for ensuring that your business is protected in an ever-evolving threat landscape. Moreover, cybersecurity specialists (Like us!) can provide a comprehensive view of your cybersecurity readiness posture, ensuring that all vulnerabilities are accounted for.

Recent Breaches

Australia – Tribal Group PLC – Software and service provider for educational institutions.

Exploit: Unauthorized database access

Risk to Small Business: Severe:  A data breach at the company’s subsidiaries, Tribal Campus, sent their stock price plummeting nearly 5%. The company reacted quickly to restrict the data breach and to repair the vulnerability, but they face an uphill battle to recover their stock price and to restore their tarnished reputation.

Risk to Exploited Individuals: Severe:  Those attending schools that rely on Tribal’s software and services could be impacted by the breach. The company is notifying individuals whose data was accessed, which could include their names and other personally identifiable information. This data can quickly spread on the Dark Web, and those affected should attain the credit and identity monitoring services necessary to ensure their information’s security and integrity.

Customers Impacted: 9,300

United States – National Baseball Hall of Fame – American History Museum for Major League Baseball

Exploit: Malicious code script

Risk to Small Business: Severe:  The notorious hacking group MageCart infiltrated the National Baseball Hall of Fame, compromising the personal information of customers shopping on their e-commerce store. Hackers had access to shopper information for seven months, beginning in November 2018. The hackers injected a malicious script into the checkout page that forwarded user information to the hacking group. Now, the museum will incur the inevitable repair costs that always accompany a data breach, and the reputational damage to their online store will likely cost them revenue and loyal customers moving forward.

Risk to Exploited Individuals: Severe: MageCart scams steal customer data at checkout, and online shoppers between November 15, 2018 and May 14, 2019 could have their information stolen by the hacking group. This data involves customers’ names, addresses, and payment information, including CVV codes. Customers who made purchases at the online store during this time frame are encouraged to contact their credit card company and monitor accounts for fraudulent or suspicious activity.

Customers Impacted:  Unknown

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
22/08/2019

Follow us on LinkedIn:

Related Articles:
Proof that ransomware attacks are targeting Small Medium Businesses
Ransomware Targeting Attacks on Network Attached Storage (NAS) Devices

Written by