Skip to main content

Cyber alerts

We issue cyber security alert notifications to health and care organisations, ranging from weekly threat bulletins to immediate high-severity alerts.

News article

December 2017

CC-1886

Janus Android Vulnerability

Published: Friday 29 December 2017, Last updated: Monday 17 February 2020

Janus is an Android vulnerability that allows an attacker to modify an application undetected. This is achieved by adding a malicious Dalvik executable (DEX) file to an Android Package Kit (APK) file.

  • Severity: Low
  • Type: Vulnerability
CC-1885

Malware Trio Attacking SQL Servers

Published: Friday 29 December 2017, Last updated: Monday 17 February 2020

A new trio of malware with remote access capabilities has been observed.

  • Severity: Medium
  • Type: Malware
CC-1884

Mozilla Releases Security Update for Thunderbird

Published: Wednesday 27 December 2017, Last updated: Monday 17 February 2020

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Severity: Low
  • Type: Vulnerability
CC-1881

Ineffective configuration on Lexmark printers

Published: Wednesday 27 December 2017, Last updated: Monday 17 February 2020

Over 1000 mis-configured Lexmark printers have been discovered operating open to the public internet.

  • Severity: Low
  • Type: Vulnerability
CC-1880

WPAD Exploits

Published: Friday 22 December 2017, Last updated: Monday 17 February 2020

A recent set of vulnerabilities related to Web Proxy Auto Discovery Protocol (WPAD) and Proxy Auto-Config (PAC) have been discovered.

  • Severity: Medium
  • Type: Vulnerability
CC-1877

ROBOT Attack

Published: Thursday 21 December 2017, Last updated: Monday 17 February 2020

A nineteen-year-old vulnerability has been re-discovered in the RSA implementation from different vendors which will allow Man-in-the-Middle attacks on encrypted messages.

  • Severity: Medium
  • Type: Attack methodology
CC-1874

Google Releases Security Update for Chrome

Published: Thursday 21 December 2017, Last updated: Monday 17 February 2020

Google has released Chrome version 63.0.3239.108 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

  • Severity: Low
  • Type: Vulnerability
CC-1871

Loapi Mobile Trojan

Published: Wednesday 20 December 2017, Last updated: Monday 17 February 2020

Loapi is modular malware that has numerous malicious capabilities. The modular architecture of the malware allows it to perform different malicious actions.

  • Severity: Low
  • Type: Malware
CC-1872

GnatSpy Mobile Malware

Published: Wednesday 20 December 2017, Last updated: Monday 17 February 2020

GnatSpy is a family of malware which includes threats such as VAMP and FrozenCell. This family of mobile malware targets images, text messages, contacts and call history on infected devices.

  • Severity: Low
  • Type: Malware
CC-1866

New Attack Vector using Microsoft Access

Published: Tuesday 19 December 2017, Last updated: Monday 17 February 2020

A new attack vector that utilises Microsoft Access macros feature has been discovered. An executable file is created through Microsoft Access,

  • Severity: Low
  • Type: Attack methodology