Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 10 February 2023
Black Arrow Cyber Threat Briefing 10 February 2023:
-Companies Banned from Paying Hackers After Attacks on Royal Mail and Guardian
-Fraud Set to Be Upgraded as a Threat to National Security
-98% of Attacks are Not Reported by Employees to their Employers
-UK Second Most Targeted Nation Behind America for Ransomware
-Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks
-An Email Attack Can End Up Costing You Over $1 Million
-Cyber Crime Shows No Signs of Slowing Down
-Surge of Swatting Attacks Targets Corporate Executive and Board Members
-Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom
-Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn
-Crypto Investors Lost Nearly $4 Billion to Hackers in 2022
-PayPal and Twitter Abused in Turkey Relief Donation Scams
-Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian
British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.
UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.
Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.
The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.
Fraud Set to Be Upgraded as a Threat to National Security
Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.
It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.
It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.
https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/
98% of Attacks are Not Reported by Employees to their Employers
Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.
UK Second Most Targeted Nation Behind America for Ransomware
Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.
Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks
This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.
An Email Attack Can End Up Costing You Over $1 Million
According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.
https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/
Cyber Crime Shows No Signs of Slowing Down
Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.
https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down
Surge of Swatting Attacks Targets Corporate Executive and Board Members
Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.
Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom
Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.
https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead
Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn
A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.
https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks
Crypto Investors Lost Nearly $4 Billion to Hackers in 2022
Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.
PayPal and Twitter Abused in Turkey Relief Donation Scams
Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.
Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers
For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.
Threats
Ransomware, Extortion and Destructive Attacks
UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online
US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek
UK second most targeted nation behind America for Ransomware - IT Security Guru
Hackers who breached ION say ransom paid; company declines comment | Reuters
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (bleepingcomputer.com)
Royal Ransomware adds support for encrypting Linux, VMware ESXi systems-security affairs
Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualisation Risks (darkreading.com)
Lessons Learned on Ransomware Prevention from the Rackspace Attack (bleepingcomputer.com)
ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek
Ransomware Revolution: 4 Types of Cyber Risks in 2023 (trendmicro.com)
Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget
Linux version of Royal Ransomware targets VMware ESXi servers (bleepingcomputer.com)
Nevada Ransomware has released upgraded locker - Help Net Security
Italy, France and Singapore Warn of a Spike in ESXI Ransomware-security affairs
Massive ransomware attack targets VMware ESXi servers worldwide | CSO Online
LockBit ransomware gang claims Royal Mail cyber ttack (bleepingcomputer.com)
Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)
New Linux variant of Clop Ransomware uses a flawed encryption-security affairs
After Hive takedown, could the LockBit ransomware crew be the next to fall? | CyberScoop
Russia-Linked Ransomware Gang Claims Responsibility for Royal Mail Attack (gizmodo.com)
Largest Canadian bookstore Indigo shuts down site after cyber ttack (bleepingcomputer.com)
Hackers hit Vesuvius, UK engineering company shuts down affected systems • Graham Cluley
MKS Instruments falls victim to ransomware attack | CSO Online
North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | CyberScoop
Phishing & Email Based Attacks
Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)
Employees Fail to Report 98% of Email Cyber Hacks To Security Teams, Study Finds - MSSP Alert
An email attack can end up costing you over $1 million - Help Net Security
What SOCs Need to Know About Water Dybbuk A BEC Actor Using Open-Source Toolkits (trendmicro.com)
How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)
Cyber criminals exploit volatile job market for targeted email attacks - Help Net Security
'Phishing-as-a-service' kits drive uptick in theft: One business owner's story (cnbc.com)
Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)
NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)
BEC – Business Email Compromise
Malware
Hacker develops new 'Screenshotter' malware to find high-value targets (bleepingcomputer.com)
Threat group targets over 1,000 companies with screenshotting and infostealing malware | CSO Online
ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware - SecurityWeek
Android mobile devices from top vendors in China have pre-installed malware-security affairs
Hackers backdoor Windows devices in Sliver and BYOVD attacks (bleepingcomputer.com)
GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry (thehackernews.com)
Novel Banking Trojan 'PixPirate' Targets Brazil - Infosecurity Magazine (infosecurity-magazine.com)
New QakNote attacks push QBot malware via Microsoft OneNote files (bleepingcomputer.com)
Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms (thehackernews.com)
Mobile
Android mobile devices from top vendors in China have pre-installed malware-security affairs
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek
Android phones from Chinese vendors share private data • The Register
'Money Lover' Finance App Exposes User Data (darkreading.com)
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
Android 14 to block malware from abusing sensitive permissions (bleepingcomputer.com)
UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)
Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek
Denial of Service/DoS/DDOS
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
Tor and I2P networks hit by wave of ongoing DDoS attacks (bleepingcomputer.com)
Experts published a list of proxy IPs used by the group Killnet-security affairs
Internet of Things – IoT
Medusa botnet returns as a Mirai-based variant with ransomware sting (bleepingcomputer.com)
Security manufacturer’s smart cameras went dark for two hours (mybroadband.co.za)
Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras - SecurityWeek
NIST Picks IoT Standard for Small Electronics Cyber security (darkreading.com)
Data Breaches/Leaks
Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)
Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica
TruthFinder, Instant Checkmate confirm data breach affecting 20M customers (bleepingcomputer.com)
20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder - SecurityWeek
Over 12% of analysed online stores expose private data, backups (bleepingcomputer.com)
'Money Lover' Finance App Exposes User Data (darkreading.com)
Reddit Suffers Security Breach Exposing Internal Documents and Source Code (thehackernews.com)
Organised Crime & Criminal Actors
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)
Minister: Cyber crimes Now 20% of Spain’s Registered Offenses - SecurityWeek
Finland’s Most-Wanted Hacker Nabbed in France – Krebs on Security
Australian Man Sentenced for Scam Related to Optus Hack - SecurityWeek
Bungling Optus scammer was no criminal mastermind • Graham Cluley
Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto investors lost nearly $4 billion to hackers in 2022 (cnbc.com)
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto – Naked Security (sophos.com)
Avraham Eisenberg in court accused of crypto exchange crash • The Register
Crypto Drainers Are Ready to Ransack Investor Wallets (darkreading.com)
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
FTX Being Advised by Cyber security Firm Sygnia on Hack Inquiry, CEO Ray Says (coindesk.com)
Scammers steal $4 million in crypto during in-person meeting • The Register
Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs (trendmicro.com)
Insider Risk and Insider Threats
Another RAC staffer nabbed for sharing road accident data • The Register
Ex-Ubiquiti worker pleads guilty to data theft, extortion, and smear plot (bitdefender.com)
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Fraud, Scams & Financial Crime
PayPal and Twitter abused in Turkey relief donation scams (bleepingcomputer.com)
Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)
Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica
As V-Day nears: Romance scams cost victims $1.3B last year • The Register
What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)
Father killed himself after falling victim to romance scam | News | The Times
'Brushing' scams send people free items, but could be a warning sign about a data breach - ABC News
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - SecurityWeek
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
Banks leave doors open for scammers with flaws in online security | This is Money
Trio Arrested in COVID PPE Fraud Probe - Infosecurity Magazine (infosecurity-magazine.com)
Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs
Impersonation Attacks
What CISOs Can Do About Brand Impersonation Scam Sites (darkreading.com)
HTML smuggling campaigns impersonate well-known brands to deliver malware | CSO Online
AML/CFT/Sanctions
How Cyber criminals Are Operationalising Money Laundering and What to Do About It (darkreading.com)
UK/US cyber crime crackdown sees 7 ransomware criminals sanctioned | CSO Online
US, UK Slap Sanctions on Trickbot Cyber crime Gang - SecurityWeek
Insurance
Tackling the New Cyber Insurance Requirements: Can Your Organisation Comply? (thehackernews.com)
How to Optimise Your Cyber Insurance Coverage (darkreading.com)
Dark Web
BlackSprut: Darknet Drug Market Advertises On Billboards In Moscow (informationsecuritybuzz.com)
Dark Web Market Revenues Sink 50% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Supply Chain and Third Parties
Have we learnt nothing from SolarWinds supply chain attacks? • The Register
Vulnerability Provided Access to Toyota Supplier Management Network - SecurityWeek
Software Supply Chain
Cloud/SaaS
Cloud Apps Still Demand Way More Privileges Than They Use (darkreading.com)
Amazon S3 to apply security best practices for all new buckets - Help Net Security
Why Some Cloud Services Vulnerabilities Are So Hard to Fix (darkreading.com)
Malicious Google ads sneak AWS phishing sites into search results (bleepingcomputer.com)
7 Critical Cloud Threats Facing the Enterprise in 2023 (darkreading.com)
Hybrid/Remote Working
Working from home is fuelling fraud epidemic, warn managers (telegraph.co.uk)
Predictions For Securing Today's Hybrid Workforce (darkreading.com)
Identity and Access Management
Encryption
It Isn't Time to Worry About Quantum Computing Just Yet (darkreading.com)
UK Proposes Making the Sale and Possession of Encrypted Phones Illegal (vice.com)
API
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis? (darkreading.com)
Twitter restricted in Turkey after the earthquake amid disinformation fear-security affairs
Malvertising
Training, Education and Awareness
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Infosec Launches New Office Comedy Themed Security Awareness Training Series (darkreading.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)
While governments pass privacy laws, companies struggle to change - Help Net Security
Prioritising Cyber security Regulation Harmonisation (darkreading.com)
Governance, Risk and Compliance
Quarter of CFOs Have Suffered $1m+ Breaches - Infosecurity Magazine (infosecurity-magazine.com)
Swiss authorities open criminal probe into bank data breaches | Financial Times (ft.com)
Trends that impact on organisations' 2023 security priorities - Help Net Security
With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)
Optimising Cyber security Investments in a Constrained Spending Environment (darkreading.com)
Surge of swatting attacks targets corporate executives and board members | CSO Online
Lessons From the Cold War: How Quality Trumps Quantity in Cyber security (darkreading.com)
Cyber Hygiene: How to get buy-in from employees (trendmicro.com)
Models, Frameworks and Standards
Data Protection
Corporate ‘privacy’ concerns must not derail Europe’s Data Act | Financial Times (ft.com)
While governments pass privacy laws, companies struggle to change - Help Net Security
Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)
Law Enforcement Action and Take Downs
European Police Arrest 42 After Cracking Covert App - SecurityWeek
Eurocops shut down Exclu encrypted messaging app • The Register
Finnish psychotherapy extortion suspect arrested in France – Naked Security (sophos.com)
Privacy, Surveillance and Mass Monitoring
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
Steps To Planning And Implementation Of Data Privacy (informationsecuritybuzz.com)
ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica
Artificial Intelligence
Adversaries Using OpenAI’s ChatGPT Chatbot for Cyber Attacks? Here are Some Clues - MSSP Alert
Phishing Surges Ahead, as ChatGPT & AI Loom (darkreading.com)
IT Leaders Reveal Cyber Fears Around ChatGPT - Infosecurity Magazine (infosecurity-magazine.com)
How Can ChatGPT Make It Easier to Boost Phishing Scams? (analyticsinsight.net)
ChatGPT's potential to aid attackers puts IT pros on high alert - Help Net Security
Hackers are selling a service that bypasses ChatGPT restrictions on malware | Ars Technica
ChatGPT is a data privacy nightmare, and we ought to be concerned | Ars Technica
Jailbreak Trick Breaks ChatGPT Content Safeguards (darkreading.com)
Regulator Halts AI Chatbot Over GDPR Concerns - Infosecurity Magazine (infosecurity-magazine.com)
Google's Bard AI bot mistake wipes $100bn off shares - BBC News
$120bn wiped off Google after Bard AI chatbot gives wrong answer (telegraph.co.uk)
Why ChatGPT Isn't a Death Sentence for Cyber Defenders (darkreading.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Pro-Russian hacktivist group Killnet could just be getting started (axios.com)
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
Android mobile devices from top vendors in China have pre-installed malware-security affairs
China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
What is hybrid warfare? Inside the centre dealing with modern threats - BBC News
DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)
Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)
The impact of Russia's Ukraine invasion on digital threats - Help Net Security
Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)
Spies, Hackers, Informants: How China Snoops on the US - SecurityWeek
US teases new China tech sanctions to deflate balloon-makers • The Register
Nation State Actors
Pro-Russian hacktivist group Killnet could just be getting started (axios.com)
With TikTok Bans, the Time for Operational Governance Is Now (darkreading.com)
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
Android mobile devices from top vendors in China have pre-installed malware-security affairs
China sharply rebukes US over decision to shoot down spy balloon | Financial Times (ft.com)
Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op - SecurityWeek
Here's a list of proxy IPs to help block KillNet's DDoS bots • The Register
Android phones from Chinese vendors share private data • The Register
DPRK Using Unpatched Zimbra Devices to Spy on Researchers (darkreading.com)
SNP MP Stewart McDonald's emails hacked by Russian group - BBC News
Australia to remove Chinese surveillance cameras amid security fears - BBC News
Russian hackers using new Graphiron information stealer in Ukraine (bleepingcomputer.com)
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study (gizmodo.com)
UN Experts: North Korean Hackers Stole Record Virtual Assets - SecurityWeek
Mysterious Russian satellites are now breaking apart in low-Earth orbit | Ars Technica
The impact of Russia's Ukraine invasion on digital threats - Help Net Security
Russian Hackers Steal Data In Ukraine With New Graphiron Malware (informationsecuritybuzz.com)
Experts published a list of proxy IPs used by the group Killnet-security affairs
NewsPenguin Goes Phishing for Maritime & Military Secrets (darkreading.com)
US teases new China tech sanctions to deflate balloon-makers • The Register
North Korea ransomware targets hospitals to fund digital spycraft, US agencies warn | Cyber scoop
Vulnerability Management
Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition | CSO Online
Patching & Passwords Lead the Problem Pack for Cyber-Teams (darkreading.com)
Hypervisor patching struggles exacerbate ESXiArgs attacks | TechTarget
How to fix the top 5 cyber security vulnerabilities | TechTarget
20 Powerful Vulnerability Scanning Tools In 2023 (informationsecuritybuzz.com)
Vulnerabilities
High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation - SecurityWeek
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (thehackernews.com)
GoAnywhere MFT Users Warned of Zero-Day Exploit - SecurityWeek
Serious security hole plugged in infosec tool binwalk | The Daily Swig (portswigger.net)
Cisco fixed command injection bug in IOx Application Hosting Environment-security affairs
Vulnerability In F5 BIG-IP May Cause DoS And Code Execution (informationsecuritybuzz.com)
GoAnywhere MFT zero-day flaw actively exploited-security affairs
Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release-security affairs
Critical vulnerability patched in Jira Service Management Server and Data Center | CSO Online
Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT (thehackernews.com)
Exploit released for actively exploited GoAnywhere MFT zero-day (bleepingcomputer.com)
Patch Released for Actively Exploited GoAnywhere MFT Zero-Day - SecurityWeek
Unpatched Security Flaws Disclosed in Multiple Document Management Systems (thehackernews.com)
SonicWall warns web content filtering is broken on Windows 11 22H2 (bleepingcomputer.com)
OpenSSL Fixes Multiple New Security Flaws with Latest Update (thehackernews.com)
Android's February 2023 Updates Patch 40 Vulnerabilities - SecurityWeek
Tools and Controls
Other News
Yes, CISOs should be concerned about the types of data spy balloons can intercept | CSO Online
How to Think Like a Hacker and Stay Ahead of Threats (thehackernews.com)
Surge of swatting a attacks targets corporate executives and board members | CSO Online
Bermuda: Major Internet And Power Outage Strikes (informationsecuritybuzz.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.