Critical Security Update

TP-Link, Google, Minesweeper, Windows BitLocker

Risk 1: Medium

Issue: TP-Link, a manufacturer of networking equipment, has announced a flaw in their routers allowing remote actors to execute active code without authentication.

Without a patch, this would give remote unknown users access to your network.

Resolution: A patch for all impacted systems is available. Please update the firmware of your router. This can be done by logging in to the router as an administrator - the Update feature should be on the first screen after logging in.

Risk 2: HIGH - TARGETED

Issue: A malicious group out of Europe has been targeting finance organizations within the United States, Europe, and Australia using a phishing attack through a cloned version of Minesweeper - the decades-old game that was included with most versions of Microsoft Windows. This phishing attack provides the attackers full access to the network, not just the singular machine of the victim.

Resolution: If you have recently played or downloaded a version of Minesweeper, it is critical that you investigate your machine to ensure you did not fall victim to this new phishing attack.

Risk 3: Medium

Issue: A new ransomware called ShrinkLocker is attacking machines using Windows BitLocker by Microsoft. This is the software that millions of users use to encrypt and secure their files on Windows-based machines. If infected, the victim is locked out of their machine and asked to pay a ransom to regain access.

Resolution: This is typically infected through phishing attacks so users should be ever diligent in their web surfing and e-mail usage. It is important to ensure your security suite is up to date.

Risk 4: High

Issue: Google released an emergency fix for its Chrome web browser. This was tagged as an emergency update which typically means both remote access and data leak is possible. (This is not an accidental duplicate from the last time - another vulnerability was located.)

Resolution: Please update all versions of Google Chrome on all platforms.

Announced Data Breaches

• Sav-RX

• Cencora

• UK’s Information Commissioner Office

Subscribe for E-Mail Alerts

Subscribe to Guardian Tier

Subscribe to NATP Guardian Tier

Share