Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Police are warning crooks are using cleaners to compromise businesses

Cybercriminals are planting so-called “sleepers” in cleaning companies so that they can physically access IT infrastructure and hack them. The alert was launched by a senior police officer, cyber criminals are planting so-called “sleepers” in cleaning companies so that they can gau physical access IT infrastructure and hack them. The police are urging organizations to […]

cyber risk Cybersecurity

Cybercriminals are planting so-called “sleepers” in cleaning companies so that they can physically access IT infrastructure and hack them.

The alert was launched by a senior police officer, cyber criminals are planting so-called “sleepers” in cleaning companies so that they can gau physical access IT infrastructure and hack them. The police are urging organizations to bolster their physical security processes. Cleaners could allow attackers to bypass physical measures and once inside the target organizations they could hack internal systems and move laterally.

“Exploitation of staff is a key area” “Organised crime groups are planting ‘sleepers’ in cleaning companies that a procurement team may look at bidding for. There’s no way of auditing their vetting. They’ll also using people in painting and decorating firms; anyone who has out-of-hours access to a building is fair game.” Shelton Newsham, who manages the Yorkshire and Humber Regional Cyber Crime Team, told an audience at the SINET security event. “Even the old ‘drop a USB stick’ is back.”

The only way to prevent this kind of physical intrusions that exploit human factor and social engineering is to implement a cultural change.

Experts stressed the importance of security awareness and the importance of regular training for internal personnel.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – physical access, cleaners)

[adrotate banner=”5″]

[adrotate banner=”13″]