The NCSC is aware that a malicious piece of spyware – known as FluBot – is affecting Android phones and devices across the UK.
The spyware is installed when a victim receives a text message, asking them to install a tracking app due to a ‘missed package delivery’.
Scammers and cyber criminals regularly exploit well-known, trusted brands for their own personal gain and the FluBot campaign is a prime example of this.
Android users are urged to familiarise themselves with our guidance and be vigilant to any suspicious-looking text messages, which should be forwarded to 7726.
Pulse Connect Secure RCE Vulnerability
Earlier this week, FireEye published a blog saying that APT actors are actively exploiting vulnerabilities in Pulse Connect VPN appliances.
It follows a security update from Pulse Secure, which says it recently discovered that a limited number of customers have experienced evidence of exploit behaviour on their Pulse Connect Secure (PCS) appliances.
The NCSC is aware of an unauthenticated remote code execution vulnerability affecting Pulse Connect Secure (PCS) version 9.0R3 and higher (CVE-2021-22893).
We have published advice for UK organisations using PCS VPN appliances.
University IT systems still offline due to cyber attack
Media have reported that the University of Portsmouth’s IT systems continue to be offline following a cyber attack.
The university posted on its website that it ‘continues to be impacted by a cyber incident and IT systems will remain offline whilst they work with experts to investigate the issue and securely restore their IT systems’.
The education sector can be an appealing target for cyber criminals and we encourage all network defenders to familiarise themselves with the NCSC’s mitigating malware and ransomware guidance, and to plan and rehearse scenarios in the event that defences are breached.
Separately, the NCSC recently published an alert in direct response to attacks on the education sector by cyber criminals.