Close

NCSC Weekly Threat Report 21st May 2021


The NCSC’s weekly threat report is drawn from recent open source reporting.

The NCSC and KPMG UK have launched their second survey to help improve diversity in the cyber security industry.

The survey will build on the results of last year’s inaugural report, which revealed that the sector does not benefit from the breadth of talent of the UK’s rich and diverse communities, particularly with regards to a lack of inclusivity across gender, sexual orientation, social mobility, and ethnicity.

This year’s survey has been expanded to capture new benchmarks on disability, neurodiversity, location of workplace, employer size, and seniority.

All cyber security professionals are encouraged to take part. The survey can be accessed here and will take around 10 minutes to complete.

It will close later in the summer with a detailed analysis and recommendations published in September. The survey is anonymous and can be completed by anyone who works or has worked in the cyber security industry.

Leaky AWS S3 bucket ‘leaves job hunters’ data exposed’

Researchers have said the personal data of tens of thousands of job seekers were exposed due to a misconfigured cloud account, according to media reports.

A team at Website Planet said they located an AWS S3 bucket left unprotected by FastTrack Reflect Recruitment, now known as TeamBMS.

The bucket contained 21,000 files including CVs which featured information such as names, email addresses, phone numbers, home addresses, and social network URLs.

Website Planet have said the bucket is now secured.

Large stores of data are a tempting target for attackers. The NCSC has published advice on how to adequately protect such information and details on how to configure storage buckets to protect data.

Any organisation and its customers affected by data breaches should also be aware of the phishing threat following these incidents.

Prison sentence for COVID-19 vaccine SMS scammer

A criminal who sent fake text messages purporting to be from the NHS, banks, and other commercial organisations has been jailed for more than four years.

According to the Crown Prosecution Service (CPS), people were sent links via SMS to imitation websites designed to trick them into entering financial information that could then be used to commit fraud.

Bogus websites were set up based on the GOV.UK domain, which claimed the information was needed to “verify” individuals and their entitlement to receive a vaccine.

The NCSC has published advice on how to deal with suspicious phone calls, messages and emails.

If you have received a suspicious text message you should forward this to 7726. The free-of-charge ‘7726’ service enables your provider to investigate and take action if malicious content is found.

NCSC © Crown Copyright 2021

Leave a Reply

0 Comments
scroll to top