Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 05 January 2024
Black Arrow Cyber Threat Intelligence Briefing 05 January 2024:
-A “Ridiculously Weak“ Password Causes Disaster for Spain’s Number 2 Mobile Carrier
-Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns
-23andMe Tells Victim It’s Their Fault Their Data Was Breached
-Financial Sector Faces More Cyber Attacks Than Other Sectors
-An Innocent-Looking Instagram Trend Could Be a Gift to Hackers
-Cyber Criminals Shared Millions of Stolen Records During Holiday Break
-Law Firm that Handles Data Breaches was Itself Hit by Data Breach
-Nigerian Hacker Arrested for Stealing Millions from Charities
-Cyber Criminals Implemented Artificial Intelligence for Invoice Fraud
-Shadow IT Threatens Corporate Cyber Security, Study Reveals
-Escalating Cyber Threats: Bots, Fraud Farms, and Cryptojacking Surge
-Putin has Declared a Cyber War on Britain
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
A “Ridiculously Weak“ Password Causes Disaster for Spain’s Number 2 Mobile Carrier
Spain’s second largest mobile operator, Orange España, suffered a major outage after an unknown party obtained a “ridiculously weak” password and used it to access an account for managing the network that delivers the company’s internet traffic. The attacker had posted the account they had compromised, and researchers found that the associated system had been infected with a Raccoon type infostealer back in September of 2023. The compromised account was Orange’s RIPE administrator account, with the password “ripeadmin”. The incident led to a 50% drop in connections for a 4 hour period, and underscores the critical importance of robust cyber security measures, including strong passwords, and serves as a stark reminder that even seemingly minor oversights can lead to significant disruptions.
Source: [Ars Technica]
Russia Kyivstar Hack Should Alarm the West, Ukraine Security Chief Warns
If Ukraine's core telephone network can be taken out, organisations in the West could easily be next, Ukraine's SBU chief says. December's cyber attack on Ukrainian telecommunications operator Kyivstar by Russian-backed threat actor ‘Sandworm’ dealt a catastrophic blow to the telecoms provider, according to Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cyber security department. It is believed that although the attack took place in December 2023, the threat actors likely had access to Kyivstar systems since May 2023.
Source: [Dark Reading]
23andMe Tells Victims It’s Their Fault Their Data Was Breached
A cyber incident at DNA data firm 23andMe started with credential stuffing 14,000 user accounts. Credential stuffing is the process by which a malicious actor uses previously harvested usernames and passwords from earlier unrelated breaches to break into other sites and services. Many of the 14,000 accounts had opted-in for a feature whereby information is shared with relatives, which meant that once compromised, attackers had access to 6.9 million users: nearly half of the user base.
Facing over 30 lawsuits from victims, 23andMe is now blaming victims, according to letters seen by victims. 23andMe stated “users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe”. This has caused divide in the cyber world; on one side, recycling and failing to update passwords is poor cyber hygiene and on the other hand, there are technical controls that could have better prevented this type of well known and common attack.
Source: [TechCrunch] [The Register]
Financial Sector Faces More Cyber Attacks Than Other Sectors
A recent study found that more than three-quarters (77%) of financial organisations detected an attack on their infrastructures in 2023, compared with around two-thirds (68%) of other sectors. In particular, the study found that financial workers were at a higher than average risk of phishing compared to other workers. Despite their target attractiveness, only three-quarters (73%) of the financial sector respondents said that they have a cyber security policy in place or will do so within the next year. A separate report from Kaspersky stated that the financial sector is poised to experience an influx of artificial intelligence based attacks 2024, adding to the fire.
Sources: [SC Media] [TechRadar ]
An Innocent-Looking Instagram Trend Could Be a Gift to Hackers
A recent trend that has picked up traction at the end of December on social media apps such as Instagram and TikTok, encourages their followers to “get to know them better”. This trend gets people to answer a popular template, freely giving away personal information such as their height, date of birth, and various details that they feel strongly about including favourite food and phobias. While these questions may seem harmless, these sorts of personal details are used by companies for security questions, for example when a person wants to reset their password. Hackers can use this information to easily social engineer victims or impersonate them to get access to their accounts.
Source: [Business Insider]
Cyber Criminals Shared Millions of Stolen Records During Holiday Break
While many people unwind and enjoy their time off during the festive season, cyber criminals remain active. In fact, they leaked approximately 50 million records containing sensitive personal information during this period. These data breaches were not limited to the West; they had a global impact, affecting individuals in various countries such as Peru, Australia, South Africa, and more. It is important to note that not all the data leaks were recent; some appeared to be remnants of older incidents. For instance, some of the leaked data belonged to customers of the credit company Klarna, which was rumoured to have experienced a breach back in 2022, although it was never publicly confirmed. This ‘Free Leaksmas’ event, as it’s been dubbed, underscores the extensive global reach and serious consequences of these cyber criminal activities.
Sources: [Security Affairs] [Dark Reading]
Law Firm that Handles Data Breaches was Itself Hit by Data Breach
Orrick, Herrington & Sutcliffe, a law firm specialising in managing security incidents for other companies, has disclosed more details of the cyber attack it itself experienced in March 2023. The breach compromised the sensitive health and personal information of over 637,000 individuals. The stolen data was linked to client organisations and included the names of individuals alongside their social security numbers, medical details, and financial information. Despite the firm's expertise in cyber security, the attack highlights the pervasive risk of data breaches, even among those who advise on such matters. Orrick's delayed response and subsequent legal settlements underscore the importance of proactive security measures and swift action in the wake of a breach. This incident serves as a stark reminder to all organisations of the need for robust cyber defences and transparent communication strategies in today's digital landscape. The law firm has recently settled in principle to resolve four class action lawsuits that accused Orrick of failing to inform victims of the breach until months after the incident.
Source: [TechCrunch]
Nigerian Hacker Arrested for Stealing Millions from Charities
A Nigerian national, Olusegun Samson Adejorin, has been arrested for charges relating to business email compromise attacks that caused a charitable organisation in the US to lose more than $7.5 million. Adejorin had purchased a credential harvesting tool to steal login credentials, which were used to send emails to the charity’s financial service provider. The emails requested and authorised a transfer of $7.5 million, which the investment services provider believed it was paying to the charity whereas it was paying into a bank account controlled by the attacker.
Source: [Bleeping Computer]
Cyber Criminals Implemented Artificial Intelligence for Invoice Fraud
A cyber criminal gang known as GXC Team has been seen selling an artificial intelligence tool for creating fraudulent invoices. The tool, known as Business Invoice Swapper, scrutinises compromised emails that are fed to it, looking for emails which mention invoices or include invoice attachments. It then alters the details of the intended recipient to details specified by the perpetrator. This altered invoice then either replaces the compromised one, or is sent to a predetermined set of contacts.
Source: [Security Affairs]
Shadow IT Threatens Corporate Cyber Security, Study Reveals
With remote working becoming more and more prevalent, organisations are finding themselves at risk of cyber threats due to what is known as shadow IT; this is any software, hardware or IT resource used without the IT department’s approval, knowledge or oversight. A study by Kaspersky found of the 77% of companies that had suffered from cyber incidents over the past two years, 11% of these were directly caused by the unauthorised use of shadow IT.
Source: [Security Brief]
Escalating Cyber Threats: Bots, Fraud Farms, and Cryptojacking Surge
In the constantly evolving cyber threat landscape, 2023 has witnessed a notable surge in the use of bots, fraud farms, and cryptojacking. A new report found that 73% of web and app traffic this year has been attributed to malicious bots and fraud farms, indicating a significant shift towards automated cyber attacks. This trend poses a heightened risk to the ecommerce sector, where cyber criminals exploit API connections and third-party dependencies.
Furthermore, the surge in cryptojacking, marked by a 399% increase, reveals a diversifying strategy among cyber criminals, targeting critical infrastructure with sophisticated methods. These developments serve as a crucial reminder for organisations to bolster their cyber defences and adopt a proactive stance against these emerging and increasingly automated threats.
Source: [Help Net Security]
Putin has Declared a Cyber War on Britain
This year over 2 billion people will vote for new governments across the world, and it is crucial to be aware of upcoming threats to these elections from foreign powers. In particular, Russia is notorious for deploying bots, trolls, and deepfakes, which are techniques used to manipulate information and influence public opinion. These malicious actors are adept at spreading misinformation and disinformation, often with the goal of interfering in elections. With the upcoming UK General Election in 2024 and the US Presidential Election also falling this year, it is imperative to exercise caution and discernment when consuming online content. Not everything we see can be taken at face value.
Source: [Telegraph]
Governance, Risk and Compliance
Thoughts for Boards: Key Issues in Corporate Governance for 2024 (harvard.edu)
Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Help Net Security
Navigating the New Age of Cyber Security Enforcement (darkreading.com)
Facts and misconceptions about cyber security budgets - Help Net Security
Budget cuts take a toll on IT decision makers' mental health - Help Net Security
Consumers prepared to ditch brands after cyber security issues - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Firms urged to stop ransomware payments as attacks become “astronomical” (emergingrisks.co.uk)
How ransomware could cripple countries, not just companies (economist.com)
New Black Basta decryptor exploits ransomware flaw to recover files (bleepingcomputer.com)
Sophos reports spike in ransomware groups using remote encryption (securitybrief.co.nz)
Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop (securityaffairs.com)
Police locate missing Chinese student who was victim of ‘cyber kidnapping’ (msn.com)
Kai Zhuang: Cyber kidnapping in US illustrates growing crime trend - BBC News
Ban on ransomware payments? The alternative isn't working • The Register
December ransomware attacks disrupt healthcare organisations | TechTarget
Study: Ransomware Is Actually Killing One American Per Month (tech.co)
Zeppelin ransomware source code sold for $500 on hacking forum (bleepingcomputer.com)
Ransomware Victims
Hospitals ask courts to force cloud storage firm to return stolen data (bleepingcomputer.com)
Software Used by Hundreds of Museums Taken Down by Ransomware Attack (pcmag.com)
CTS cyber attack: Disruption to home sales now over - BBC News
Xerox says subsidiary XBS US breached after ransomware gang leaks data (bleepingcomputer.com)
Cyber attackers breach trove of Victoria court recordings • The Register
Estes refuses to pay off ransomware crew, says data stolen • The Register
Phishing & Email Based Attacks
Numerous backdoors deployed in new Kimsuky spear-phishing attacks | SC Media (scmagazine.com)
Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)
SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails (thehackernews.com)
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)
Crypto phishing scams took almost $300M from 324K victims in 2023: Report (cointelegraph.com)
Artificial Intelligence
Cyber Criminals Implemented Artificial Intelligence (AI) for Invoice Fraud (securityaffairs.com)
The Imperative of Cyber Security in the Era of AI (thefastmode.com)
Finance orgs to face increasingly prevalent AI cyber attacks | SC Media (scmagazine.com)
Enterprise cyber security in 2024: The AI play comes to the fore - Verdict
NIST Identifies Types of Cyber Attacks That Manipulate Behaviour of AI Systems | NIST
Use of generative AI in the legal profession accelerating despite accuracy concerns | ITPro
A New Kind of AI Copy Can Fully Replicate Famous People. The Law Is Powerless. - POLITICO
CISO Planning for 2024 May Struggle When It Comes to AI (darkreading.com)
Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Help Net Security
AI Is Driving a Silent Cyber Security Arms Race (govtech.com)
Malware
Google accounts may be vulnerable to new hack, changing password won’t help | Cybernews
Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts (bleepingcomputer.com)
Microsoft patches critical vulnerability used to install malware on Windows PCs - MSPoweruser
Microsoft disables Windows app installation, again • The Register
New Version of Meduza Stealer Released in Dark Web (securityaffairs.com)
Weak password and infostealer blamed for Orange Spain outage • The Register
Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)
Russian Military Intelligence Blamed for Blitzkrieg Hacks (inforisktoday.com)
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)
Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks (thehackernews.com)
Activity of Rugmi malware loader spikes | SC Media (scmagazine.com)
Kronos Malware Reemerges with Increased Functionality (securityintelligence.com)
Malware attacks exploiting app installation protocol prompt deactivation | SC Media (scmagazine.com)
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections (thehackernews.com)
29 malware families target 1,800 banking apps worldwide - Help Net Security
Google password resets not enough to stop this malware • The Register
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)
New Bandook RAT Variant Resurfaces, Targeting Windows Machines (thehackernews.com)
Mobile
Europe's Largest Parking App Provider Informs Customers of Data Breach - Security Week
How to prevent hackers from breaking into your Android, stealing bank info (nypost.com)
QR code hacking: How to protect yourself from rogue QR codes (androidpolice.com)
29 malware families target 1,800 banking apps worldwide - Help Net Security
Denial of Service/DoS/DDOS
Internet of Things – IoT
Study Finds IoT Cyber Security Risk Increased 400 Percent Last Year - RFID JOURNAL
4 essential smart home cameras tips to protect your sensitive data
Ukraine says Russia hacked web cameras to spy on targets in Kyiv (therecord.media)
Data Breaches/Leaks
23andMe tells victims it’s their fault that their data was breached | TechCrunch
Law firm that handles data breaches was hit by data breach | TechCrunch
Europe's Largest Parking App Provider Informs Customers of Data Breach - Security Week
Here we go again: 2023’s badly handled data breaches | TechCrunch
Over 900k Impacted by Data Breach at Defunct Boston Ambulance Service - Security Week
Data breach at healthcare tech firm impacts 4.5 million patients (bleepingcomputer.com)
'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month (darkreading.com)
Cyber Attacks Are Back in Hollywood. Did Sony Hack Teach Us Nothing? (variety.com)
Accounting Firm Battling Cyber Security Lawsuit Seeks Dismissal (bloomberglaw.com)
Organised Crime & Criminal Actors
Nigerian hacker arrested for stealing $7.5M from charities (bleepingcomputer.com)
Hackers employ nuanced tactics to evade detection - Help Net Security
The law enforcement operations targeting cyber crime in 2023 (bleepingcomputer.com)
What’s It Like to Be the Victim of Cyber Crimes? (govtech.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishing scams took almost $300M from 324K victims in 2023: Report (cointelegraph.com)
Cryptocurrency wallet CEO loses $125,000 in wallet-draining scam | Tripwire
Cyber criminals set their sights on crypto markets - Help Net Security
Orbit Chain loses $86 million in the last fintech hack of 2023 (bleepingcomputer.com)
Crypto-crook Sam Bankman-Fried spared a second trial • The Register
Bitconned review — Netflix documentary about a fortune built on brazen lies
Hackers hijack govt and business accounts on X for crypto scams (bleepingcomputer.com)
Insurance
Supply Chain and Third Parties
Online museum collections down after cyber attack on service provider (bleepingcomputer.com)
A new framework for third-party risk in the European Union | ITPro
Cloud/SaaS
Identity and Access Management
The password identity crisis: Evolving authentication methods in 2024 and beyond | VentureBeat
Active Directory Infiltration Methods Employed by Cyber Criminals (gbhackers.com)
Encryption
Quantum Risks and Rewards: Forward-Defending Cyber Security (govinfosecurity.com)
Saving Schrödinger’s Cat: Getting serious about post-quantum encryption in 2024 - Breaking Defence
Nearly 11 million SSH servers vulnerable to new Terrapin attacks (bleepingcomputer.com)
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
A “ridiculously weak“ password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica
23andMe tells victims it’s their fault that their data was breached | TechCrunch
The password identity crisis: Evolving authentication methods in 2024 and beyond | VentureBeat
Social Media
Instagram Trend Could Be a Gift to Hackers (businessinsider.com)
Cyber Attackers Target Nuclear Waste Company via LinkedIn (darkreading.com)
Cyber Criminals Flood Dark Web with X (Twitter) Gold Accounts (darkreading.com)
Hackers hijack govt and business accounts on X for crypto scams (bleepingcomputer.com)
Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack (thehackernews.com)
Malvertising
Regulations, Fines and Legislation
New risk management framework helps with SEC mandate compliance | CSO Online
A new framework for third-party risk in the European Union | ITPro
Navigating the New Age of Cyber Security Enforcement (darkreading.com)
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Cyber security skills gap poses threat to business protection measures (securitybrief.co.nz)
Many cyber security workers feel burnt out and worry about understaffing | TechRadar
Law Enforcement Action and Take Downs
Police investigate virtual sex assault on girl's avatar - BBC News
The law enforcement operations targeting cyber crime in 2023 (bleepingcomputer.com)
Additional cyber agents to be deployed by FBI | SC Media (scmagazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
BT Miss Deadline to Remove All Huawei Kit from UK Core Network UPDATE - ISPreview UK
Three Chinese balloons float near Taiwanese airbase • The Register
Russia
Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns (darkreading.com)
Russian hackers were inside Ukraine telecoms giant for months – cyber spy chief – Euractiv
Ukraine says Russia hacked web cameras to spy on targets in Kyiv (therecord.media)
UK exposes Russia for attempted political interference (ukdefencejournal.org.uk)
Vladimir Putin has declared a cyber war on Britain (telegraph.co.uk)
Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)
Russian Military Intelligence Blamed for Blitzkrieg Hacks (inforisktoday.com)
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)
Massive missile strike disrupts Kyiv's internet and power supply (therecord.media)
The "Tallinn Mechanism" is Designed to Enhance Civilian Cyber Assistance to Ukraine
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)
Iran
Multiple organisations in Iran breached by a mysterious hacker (securityaffairs.com)
Israel Battles Spike in Wartime Hacktivist, OT Cyber Attacks (darkreading.com)
Pilfered Data From Iranian Insurance and Food Delivery Firms Leaked Online (darkreading.com)
North Korea
Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks (thehackernews.com)
Numerous backdoors deployed in new Kimsuky spear-phishing attacks | SC Media (scmagazine.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Apache ERP Zero-Day Underscores Dangers of Incomplete Patches (darkreading.com)
Vulnerability management remains a moving target | SC Media (scmagazine.com)
Vulnerabilities
Microsoft patches critical vulnerability used to install malware on Windows PCs - MSPoweruser
Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Security Week
Apache ERP Zero-Day Underscores Dangers of Incomplete Patches (darkreading.com)
Ivanti warns critical EPM bug lets hackers hijack enrolled devices (bleepingcomputer.com)
Vulnerabilities in Google Kubernetes Engine Could Allow Cluster Takeover - Security Week
Malware attacks exploiting app installation protocol prompt deactivation | SC Media (scmagazine.com)
Qualcomm chip vulnerability enables remote attack by voice call | SC Media (scmagazine.com)
Nearly 11 million SSH servers vulnerable to new Terrapin attacks (bleepingcomputer.com)
WordPress Google Fonts Plugin Vulnerability Affects Up To +300,000 Sites (searchenginejournal.com)
January Android Security Bulletin Arrives, So Does Pixel Update (droid-life.com)
Tools and Controls
Why training LLMs with endpoint data will strengthen cyber security | VentureBeat
Cyber security challenges emerge in the wake of API expansion - Help Net Security
Are Security Appliances fit for Purpose in a Decentralized Workplace? - Security Week
Guarding against DDoS attacks during high-traffic periods | CSO Online
8 Hybrid Cloud Security Challenges and How to Manage Them (techtarget.com)
Active Directory Infiltration Methods Employed by Cyber Criminals (gbhackers.com)
Other News
IT and OT cyber security: A holistic approach (securityintelligence.com)
The FBI is adding more cyber focused agents to US embassies | CyberScoop
Hackers hit Australian state's court recording database | Reuters
Cyber Attacks Are Back in Hollywood. Did Sony Hack Teach Us Nothing? (variety.com)
Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 22 December 2023
Black Arrow Cyber Threat Intelligence Briefing 22 December 2023:
-Majority of 2023’s Critical Cyber Attacks Stemmed from Fewer Than 1% of Vulnerabilities, with 1 in 4 High Risk Vulnerabilities Exploited Within 24 Hours of Going Public
-Ransomware Gangs Are Increasingly Turning to Remote Access Tools for Attacks, As UK Honeypots Attacked 17 Million Times Per Day
-Why Employees Are a Bigger Security Risk than Hackers
-77% of Financial Services Firms Detected a Cyber Attack in the Last Year, as Finance and Healthcare Continue to Suffer the Most Cyber Attacks
-New Report Data Shows 75% Increase in Suspicious Emails Hitting Inboxes
-Threat Actors Still Exploiting Old Unpatched Vulnerabilities
-Many Organisations Still Lack Formal Cyber Security Training
-Addressing the Growing Threat of Supply Chain Cyber Attacks
-Cyber Incident Costs Surge 11% as Budgets Remain Muted
-Attacks on Critical Infrastructure are Harbingers of War: Are We Prepared?
-UK Data Centres to be Classed as Critical Infrastructure Under New Gov Proposals
-Data Exfiltration and Extortion is the New Ransomware Threat, as 65% of Organisations Say Ransomware Concerns Impact Risk Management
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Majority of 2023’s Critical Cyber Attacks Stemmed from Fewer Than 1% of Vulnerabilities, with 1 in 4 High Risk Vulnerabilities Exploited Within 24 Hours of Going Public
A new Qualys report reveals that less than 1% of vulnerabilities are responsible for the greatest damage, and a quarter of high-risk vulnerabilities are now being exploited within a day of disclosure. In 2023, a record-breaking 26,000 vulnerabilities have been identified so far, emphasising the need for organisations to accelerate their response times. High-risk vulnerabilities, particularly in network devices and web applications, are the main targets for attackers seeking unauthorised access or privilege escalation. This situation underscores the critical need for organisations to implement a multi-layered defence strategy, automate patching where appropriate especially in areas of critical infrastructure, and adopt zero-trust principles to safeguard against such swift and potent cyber threats.
Sources: [SiliconANGLE] [SC Media]
Ransomware Gangs Are Increasingly Turning to Remote Access Tools for Attacks, As UK Honeypots Attacked 17 million Times Per Day
Nearly three quarters of cyber-attacks across the UK in 2023 targeted technology frequently used for remote working, new data from Coalition has revealed.
Attackers frequently target Remote Desktop Protocol (RDP), a tool that lets users access office computers from home, as it grants the attacker quick access to devices and allows them to execute further attacks.
Honeypot sensors maintained by Coalition have recorded 5.8 billion attacks so far in 2023, averaging around 17 million attacks per day. Of these it was found that 76% of attacks targeted RDP.
Attackers exploit RDP vulnerabilities that often stem from simple configuration mistakes. By taking steps like disabling unnecessary remote access or tightening controls, companies can help shield themselves from these pervasive threats.
Sources: [Insurance Times] [TechRadar] [Infosecurity Magazine]
Why Employees Are a Bigger Security Risk than Hackers
In today's interconnected world, the spotlight is often on cyber criminals attacking from outside, but a worrying trend points inward. A recent study by Imperva reveals that insiders pose a significant threat, being behind 58% of security incidents. The incidents are a mixture of deliberate misuse and accidents, however the majority of organisations lack a strategy to combat these risks. Even when strategies exist, they may be undermined by employees bypassing IT protocols or due to the pressures of adapting to new technologies. With insider incidents on the rise by 47% in two years, the costs are too great to ignore.
Source: [Raconteur]
77% of Financial Services Firms Detected a Cyber Attack in the Last Year, as Finance and Healthcare Continue to Suffer the Most Cyber Attacks
Cyber attacks are more prevalent in the financial services sector than in any other industry. Last year, 77% of financial institutions were targeted, primarily through phishing and ransomware attacks. After financial services the second most targeted sector is healthcare. Both types of institutions are attractive targets not only because of their wealth of sensitive data but also because disruptions to their operations can lead to substantial ransom payments. They face increasingly sophisticated threats and the financial impact is significant, with approximately a quarter of these institutions estimating damages of at least $50,000. To mitigate these risks organisations are turning to cyber insurance, which necessitates further tightening of security practices, including identity and access management, to meet insurers’ stringent standards.
The healthcare sector reported over 179,000 cyber attacks in a single quarter, affecting entities globally. The primary threats were infostealers and ransomware. There have been scores of notable incidents where hospitals have been shut down or otherwise unable to operate. In many cases, this resulted in closing emergency departments, interfering with planned or emergency surgeries and forcing ambulances to divert to other hospitals, potentially causing life threatening delays. Further, a recent report analysing the enterprise risk management for the financial sector found that the two biggest concerns were rising interest rates at 74% and ransomware attacks at 65%.
Sources: [Security Magazine] [MSSP Alert] [PR NewsWire] [Security Magazine]
New Report Data Shows 75% Increase in Suspicious Emails Hitting Inboxes
A new report has unveiled the escalating threat posed by phishing emails, as detected by DMARC software. In the past year, there's been a 70% rise in emails flagged as fraudulent, with almost 18% of total email traffic in the first half of 2023 being intercepted as potential phishing attempts. This surge underscores a pressing need for robust email security measures. Simple yet effective tools like DMARC, which automatically weeds out emails impersonating legitimate domains, are becoming critical in the fight against these sophisticated scams. With the average cost of a cyber attack now well into the millions, and given the high click rates on phishing emails, it is clear that taking proactive steps to strengthen an organisations digital defence is not just sensible, it is essential for safeguarding the businesses in the digital age.
Source: [Dark Reading]
Threat Actors Still Exploiting Old Unpatched Vulnerabilities
A report by Cisco has found that the most targeted vulnerabilities this year, same as previous years, were old unpatched vulnerabilities which should have been fixed a long time ago. Some of these security gaps in widely-used applications like Microsoft Office and or within versions of Windows itself are over a decade old. Unpatched vulnerabilities can leave systems open to exploitation, potentially leading to unauthorised access, data breaches, and widespread security incidents, including being a key enabler of ransomware attacks. This highlights an urgent call to action for organisations to patch known vulnerabilities and secure user accounts to fortify their defences against cyber threats.
Source: [IT Business]
Many Organisations Still Lack Formal Cyber Security Training
As we navigate into 2024, a new report by the SANS Institute found that more than 30% of organisations do not regularly perform cyber readiness exercises, while 40% have yet to establish formal training for cyber security. These findings underline a gap between the need for robust security measures and actual preparedness. On a positive note, most organisations are adopting frameworks like the NIST CSF to shape their security posture, and two-thirds are actively using metrics to gauge the effectiveness of their security operations. Yet, there’s a call to action here: for real progress, intentional investment and commitment to comprehensive training and stringent security operations are non-negotiable. This is the path to mature security operations that can withstand the complexities of today’s cyber threats.
Source: [Security Brief]
Addressing the Growing Threat of Supply Chain Cyber Attacks
As businesses become more interconnected through digital supply chains, supply chain cyber attacks are becoming more of a pressing issue for organisations. The attackers tend to exploit weaknesses in third-party suppliers, often with less guarded entry points, to access larger networks. With companies increasingly outsourcing and using cloud adoption, the need for stringent third-party cyber risk assessments is vital. However, complexities arise with the shared responsibility model for cloud security, where setting out the division of security duties between cloud service providers and clients can blur lines of defence. To tackle these challenges, integration of cyber security into procurement and supply chain processes is essential. This means enforcing collaboration between procurement and cyber security teams, mandating security standards in vendor contracts, and utilising automated tools for continuous risk assessments. Safeguarding modern supply chains is no longer a siloed task but a strategic, organisation wide imperative.
Source: [HackerNoon]
Cyber Incident Costs Surge 11% as Budgets Remain Muted
A new report found an 11% jump in the direct costs of a significant cyber incident, now averaging $1.7 million. The burden is even heavier for those without cyber insurance, with costs escalating to $2.7 million per incident. Cyber risks like fraud, third-party breaches, and data theft remain prevalent. Despite these increasing threats, cyber security budgets have grown modestly and are not keeping pace with the increased level of threat. The report also highlights a concerning gap in understanding cyber threats and a lack of internal training, emphasising the critical need for not just financial investment, but also a deeper engagement with cyber security training and awareness within organisations.
Source: [Infosecurity Magazine]
Attacks on Critical Infrastructure are Harbingers of War: Are We Prepared?
The escalating cyber threats against critical infrastructure, like recent attacks on water authorities, highlight an urgent security concern. These attacks, which are often state-sponsored, are not just targeting financial or data assets but are striking at essential services vital to human survival. The tactics used in these attacks, known as Intelligence Preparation of the Battlefield (IPB), are aimed at weakening a nation by disrupting services like power and water, key to both civil stability and military operations. Nations like Russia, China, and Iran employ these strategies for different purposes, ranging from strategic military advantages to ideological victories. The use of ransomware, as seen in the increasing incidents reported by the FBI, is a tool for both financial gain and geopolitical disruption. As we face these multifaceted threats, the need for robust cyber security measures to protect our critical infrastructure has never been more pressing. It is a call to action for nations and organisations alike to fortify their defences against these evolving and serious cyber threats.
Source: [SC Media]
UK Data Centres to be Classed as Critical Infrastructure Under New Gov Proposals
The UK government is considering new regulations aimed at enhancing the security and resilience of data centres. The Department for Science, Innovation and Technology (DSIT) recognises the vital role of these data hubs and is examining the adequacy of current safety practices. With the identification of varying levels of security across the sector, the prospect of legislating minimum security standards is on the table. This may include establishing a regulatory body to oversee incident reporting and risk mitigation strategies, particularly for third-party service providers. These measures underscore the government's commitment to safeguarding data centres, which are increasingly integral to the UK's economic vitality and national security. As part of a broader initiative, the sector could be designated as critical national infrastructure, aligning it with international best practices and ensuring comprehensive protection from cyber threats and other risks.
Source: [ITPro]
Data Exfiltration and Extortion is the New Ransomware Threat, as 65% of Organisations Say Ransomware Concerns Impact Risk Management
Cyber criminals are escalating their tactics and becoming more aggressive in their effort to maximise disruption and compel the payment of ransom demands. Earlier this year, the ransomware group ALPHV exploited the new US data breach disclosure rules by filing a complaint with the US Securities and Exchange Commission (SEC) against a victim company for not reporting an alleged significant data breach. This marks a strategic evolution from traditional ransomware attacks, where data is encrypted and held hostage, to more nuanced extortion schemes. Such tactics are becoming more sophisticated, with triple extortion attacks threatening not just the target company but also their partners and clients. This shift from encryption to pure extortion requires a fresh understanding of cyber threats and a re-evaluation of defence strategies. It highlights the urgent need for businesses to protect not just their own data but also to consider the security of their entire data supply chain.
Source: [TechCrunch]
Governance, Risk and Compliance
Three Tech Budget Implementations To Help Optimize Your Resources (forbes.com)
65% of organisations say ransomware concerns impact risk management | Security Magazine
Healthcare and Finance Suffer Most Cyber Attacks | MSSP Alert
SEC vs SolarWinds: A cyber security game changer for CISOs (securitybrief.co.nz)
77% of financial organisations detected a cyber attack in the last year | Security Magazine
Level of cyber security: the new key indicator of a company's performance | TechRadar
Managing cyber security risk during challenging economic times (techinformed.com)
Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)
The year in cyber security: 6 stories to read from 2023 | World Economic Forum (weforum.org)
After-Incident Reports Turn Breaches Into Security Blueprints (pymnts.com)
What's the Best Way to Communicate After a Data Breach? (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
65% of organisations say ransomware concerns impact risk management | Security Magazine
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims (bleepingcomputer.com)
Ransomware attacks hit new record in November :: Insurance Day
Ransomware attacks on the rise in the UK (itsecuritywire.com)
Ransomware surges, despite aggressive defences | SC Media (scmagazine.com)
BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets - Security Week
A Major Ransomware Takedown Suffers a Strange Setback | WIRED
Double-Extortion Play Ransomware Strikes 300 Organisations Worldwide (thehackernews.com)
Ransomware trends and recovery strategies companies should know - Help Net Security
Ransomware Attacks in November Rise 67% From 2022 (darkreading.com)
BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign (securityaffairs.com)
CISA releases Play ransomware guidelines | Security Magazine
US and Australia Warn of Play Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)
Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team (thehackernews.com)
FBI Develops Decryption Tool That Could Tackle Casino Attacks (sbcamericas.com)
Ransomware Victims
Homebuyers stress as thousands of house purchases frozen by cyber attack - Property Industry Eye
Ransomware gang behind threats to Fred Hutch cancer patients (bleepingcomputer.com)
Delta Dental of California data breach exposed info of 7 million people (bleepingcomputer.com)
Seattle cancer centre confirms cyber attack after ransomware gang threats (therecord.media)
France International Schools Agency Impacted by Ransomware Hack - Bloomberg
Cyber Attack Slams The North Face and Vans Owner, Shares Plunge - The Messenger
Mr Cooper now says 15M people's data exposed in cyber attack • The Register
MongoDB shares fall on cyber security incident By Investing.com
2.7M medical records exposed in double-extortion ransomware attack | SC Media (scmagazine.com)
Nearly 3 million affected by ransomware attack on medical software firm (therecord.media)
Title insurance giant First American offline after cyber attack (bleepingcomputer.com)
St Vincent’s Health Australia says data stolen in cyber attack (yahoo.com)
Ransomware cyber attack hits Milton Town School District (databreaches.net)
Phishing & Email Based Attacks
Generative AI is making phishing attacks more dangerous | TechTarget
New DMARC Data Shows 75% Increase in Suspicious Emails Hitting Inboxes (darkreading.com)
Anatomy of a Phishing Attack: How Hackers Trick You - Techopedia
Qakbot is back and targets the Hospitality industry (securityaffairs.com)
SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols - Security Week
Fake F5 BIG-IP zero-day warning emails push data wipers (bleepingcomputer.com)
New phishing attack steals your Instagram backup codes to bypass 2FA (bleepingcomputer.com)
Artificial Intelligence
Generative AI is making phishing attacks more dangerous | TechTarget
AI’s efficacy is constrained in cyber security, but limitless in cyber crime - Help Net Security
'Unintended harms' of generative AI are national security risk to UK (techmonitor.ai)
Unequal Risk, Unequal Reward: How Gen AI disproportionately harms countries (ox.ac.uk)
Anonymous Sudan hacking group pledges to keep targeting OpenAI's ChatGPT (axios.com)
AI in Cyber Security: It's All About Being Aware (inforisktoday.com)
Why 'dark AI' is a top cyber security concern for 2024 | Pension Times
How AI Is Shaping the Future of Cyber Crime (darkreading.com)
2FA/MFA
Malware
Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges (thehackernews.com)
Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware (thehackernews.com)
Windows and macOS targeted by new Go-based malware | TechRadar
QNAP VioStor NVR vulnerability actively exploited by malware botnet (bleepingcomputer.com)
Over 10K downloads amassed by malicious PyPi packages | SC Media (scmagazine.com)
Info stealers and how to protect against them (securityaffairs.com)
8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware (thehackernews.com)
Qakbot is back and targets the Hospitality industry (securityaffairs.com)
Qakbot Sightings Confirm Law Enforcement Takedown Was Only a Setback (darkreading.com)
Cyber criminals target hotel staff for management credentials • The Register
BattleRoyal Cluster Signals DarkGate Surge - Infosecurity Magazine (infosecurity-magazine.com)
Scam 'missed parcel' SMS messages: advice on avoiding malware - NCSC.GOV.UK
3 Ways to Use Real-Time Intelligence to Defeat Bots (darkreading.com)
Microsoft: Hackers target defence firms with new FalseFont malware (bleepingcomputer.com)
Hospitality sector subjected to new malware attacks | SC Media (scmagazine.com)
Mobile
iOS 17.2 update puts an end to Flipper Zero's iPhone shenanigans | ZDNET
The 5G risk: How to protect your smartphone from emerging security threats - PhoneArena
Apple rolls out iOS 17.2.1 with bugfixes and minor improvements - Neowin
What is spyware and what can you do to stay protected? - Amnesty International
NSO Group May Be On Its Way Out But There’s No Shortage Of Competitors To Take Its Place | Techdirt
Suspects can refuse to provide phone passcodes to police, court rules | Ars Technica
Internet of Things – IoT
Porsche To Kill ICE-Powered Macan In Europe Over Cyber Security Laws | Carscoops
Cyber security and car thefts: how are car makers responding? | CAR Magazine
Marketer sparks panic with claims it uses smart devices to eavesdrop on people | Ars Technica
Marketing firm admits it listens to conversations to sell targeted ads (searchengineland.com)
Data Breaches/Leaks
Data of over a million users of the crypto exchange GokuMarket exposed (securityaffairs.com)
MongoDB says customer data was exposed in a cyber attack (bleepingcomputer.com)
Mr Cooper now says 15M people's data exposed in cyber attack • The Register
Wolverine-developer Insomniac Games sees 1.67TB of secrets leaked in data breach | Ars Technica
Everything Hackers Just Revealed in Sony Insomniac Games Leak (tech.co)
Comcast says hackers stole data of close to 36 million Xfinity customers | TechCrunch
BMW dealer at risk of takeover by cyber criminals - Security Affairs
Celebrities Found in Unprotected Real Estate Database Exposing 1.5 Billion Records - Security Week
Data leak exposes users of car-sharing service Blink Mobility (securityaffairs.com)
Organised Crime & Criminal Actors
Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)
How Microsoft’s cyber crime unit has evolved to combat increased threats | Ars Technica
Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cyber Crime | WIRED
German police takes down Kingdom Market cyber crime marketplace (bleepingcomputer.com)
INTERPOL celebrates huge cyber crime Christmas present (emergingrisks.co.uk)
Law enforcement Operation HAECHI IV led to the seizure of $300 Million (securityaffairs.com)
NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains - Security Week
BattleRoyal Cluster Signals DarkGate Surge - Infosecurity Magazine (infosecurity-magazine.com)
Intelligence Researchers to Study Computer Code for Clues to Hackers’ Identities - WSJ
Dark web marketplace Kingdom Market dismantled | SC Media (scmagazine.com)
Lapsus$ teen sentenced to indefinite detention in hospital • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Data of over a million users of the crypto exchange GokuMarket exposed (securityaffairs.com)
Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)
DeFi’s billion-dollar secret: The insiders responsible for hacks – Cointelegraph Magazine
Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts (bleepingcomputer.com)
Crypto drainer steals $59 million from 63k people in Twitter ad push (bleepingcomputer.com)
Insider Risk and Insider Threats
Insider threats: why employees are a bigger risk than hackers (raconteur.net)
Former IT manager pleads guilty to attacking high school network (bleepingcomputer.com)
DeFi’s billion-dollar secret: The insiders responsible for hacks – Cointelegraph Magazine
Insurance
Supply Chain and Third Parties
What is supply chain risk management (SCRM)? | Definition by TechTarget
Addressing the Growing Threat of Supply Chain Cyber Attacks | HackerNoon
Homebuyers stress as thousands of house purchases frozen by cyber attack - Property Industry Eye
Supply chain emerges as major vector in escalating automotive cyber attacks - Help Net Security
Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 (darkreading.com)
Cloud/SaaS
Most cloud transformations are stuck in the middle - Help Net Security
Millions of Microsoft Accounts Power Lattice of Automated Cyber Attacks (darkreading.com)
Box cloud storage down amid 'critical' outage (bleepingcomputer.com)
Encryption
Zscaler ThreatLabz Finds Most Cyber Attacks Hide (itsecuritywire.com)
86% of cyber attacks are delivered over encrypted channels - Help Net Security
SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica
Passwords, Credential Stuffing & Brute Force Attacks
The password attacks of 2023: Lessons learned and next steps (bleepingcomputer.com)
CISA urges vendors to get rid of default passwords | CyberScoop
BMW dealer at risk of takeover by cyber criminals - Security Affairs
Cyber criminals target hotel staff for management credentials • The Register
Social Media
Social media platform X back up after global outage | Reuters
Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts (bleepingcomputer.com)
Crypto drainer steals $59 million from 63k people in Twitter ad push (bleepingcomputer.com)
New phishing attack steals your Instagram backup codes to bypass 2FA (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Are We Ready to Give Up on Security Awareness Training? (thehackernews.com)
Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)
Regulations, Fines and Legislation
SEC vs. SolarWinds: A cyber security game changer for CISOs (securitybrief.co.nz)
Porsche To Kill ICE-Powered Macan In Europe Over Cyber Security Laws | Carscoops
UK data centres to be classed as critical infrastructure under new gov proposals | ITPro
Clock Starts on SEC Cyber Attack Rules: What CISOs Should Know (informationweek.com)
SEC disclosure rule for ‘material’ cyber security incidents goes into effect | CyberScoop
What Do CISOs Have to Do to Meet New SEC Regulations? (darkreading.com)
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets - Security Week
A Major Ransomware Takedown Suffers a Strange Setback | WIRED
US law enforcement seizes BlackCat ransomware site, distributes decryption key (axios.com)
Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)
How Microsoft’s cyber crime unit has evolved to combat increased threats | Ars Technica
Former IT manager pleads guilty to attacking high school network (bleepingcomputer.com)
Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cyber Crime | WIRED
German police takes down Kingdom Market cyber crime marketplace (bleepingcomputer.com)
Law enforcement Operation HAECHI IV led to the seizure of $300 Million (securityaffairs.com)
Interpol op cuffs 3,500 cyber suspects, seizes $300M • The Register
NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains - Security Week
Qakbot Sightings Confirm Law Enforcement Takedown Was Only a Setback (darkreading.com)
Suspects can refuse to provide phone passcodes to police, court rules | Ars Technica
Dark web marketplace Kingdom Market dismantled | SC Media (scmagazine.com)
Lapsus$ teen sentenced to indefinite detention in hospital • The Register
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
China's Cyber Warfare Surges With Hacking Of US Infrastructure (thefederalist.com)
Espionage from the East: "Russia Is a Storm, China Is Climate Change" - DER SPIEGEL
National Grid drops Beijing-backed supplier over UK power network fears (ft.com)
Chinese Spacecraft Emitting Strong Signal Over North America (futurism.com)
A top-secret Chinese spy satellite just launched on a supersized rocket | Ars Technica
China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents (thehackernews.com)
Russia
Ukraine updates: UK says Ukraine suffered severe cyber attack – DW – 12/16/2023
Espionage from the East: "Russia Is a Storm, China Is Climate Change" - DER SPIEGEL
Anonymous Sudan hacking group pledges to keep targeting OpenAI's ChatGPT (axios.com)
UK and partners form The Tallinn Mechanism for cyber security - GOV.UK (www.gov.uk)
Ukraine mobile cyber attack high impact says UK - Emerging Risks Media Ltd
Russian APT29 Hacked US Biomedical Giant in TeamCity-Linked Breach (hackread.com)
Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
1 in 4 high-risk CVEs are exploited within 24 hours of going public | SC Media (scmagazine.com)
Will Putting a Dollar Value on Vulnerabilities Help Prioritize Them? (darkreading.com)
Creating a formula for effective vulnerability prioritization - Help Net Security
Zoom Unveils Open Source Vulnerability Impact Scoring System - Security Week
Threat actors still exploiting old unpatched vulnerabilities, says Cisco | IT Business
Vulnerabilities
80 percent of Struts 2 downloads include critical flaw • The Register
Fortinet Releases Security Updates for Multiple Products | CISA
Flaws in pfSense firewall can lead to arbitrary code execution (securityaffairs.com)
QNAP VioStor NVR vulnerability actively exploited by malware botnet (bleepingcomputer.com)
Microsoft discovers critical RCE flaw in Perforce Helix Core Server (bleepingcomputer.com)
Years-Old, Unpatched GWT Vuln Leaves Apps Open to Server-Side RCE (darkreading.com)
8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware (thehackernews.com)
3CX Urges Customers to Disable Integration Due to Potential Vulnerability - Security Week
Mozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox Escape - Security Week
Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File (darkreading.com)
3CX warns customers to disable SQL database integrations (bleepingcomputer.com)
Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products - Security Week
Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE - Security Week
Targeted F5 Vulnerability 'Update' Delivers Wiper to Israeli Victims (darkreading.com)
Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP (thehackernews.com)
Ivanti releases patches for 13 critical Avalanche RCE flaws (bleepingcomputer.com)
Apple rolls out iOS 17.2.1 with bugfixes and minor improvements - Neowin
Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware (thehackernews.com)
SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica
Fake F5 BIG-IP zero-day warning emails push data wipers (bleepingcomputer.com)
New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now (thehackernews.com)
Tools and Controls
AI’s efficacy is constrained in cyber security, but limitless in cyber crime - Help Net Security
More cyber criminals turning to remote desktop protocol attacks | Insurance Times
Microsoft unveils new, more secure Windows Protected Print Mode (bleepingcomputer.com)
65% of organisations say ransomware concerns impact risk management | Security Magazine
AI in Cyber Security: It's All About Being Aware (inforisktoday.com)
Demystifying Open XDR: What It Is, How to Do It, and ROI | Binary Defence
Can you trust Windows Hello biometric authentication | Kaspersky official blog
Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)
How CISOs can manage multiprovider cyber security portfolios | TechTarget
Intelligence Researchers to Study Computer Code for Clues to Hackers’ Identities - WSJ
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool | CISA
Are Workstation Security Logs Actually Important? | MSSP Alert
What's the Best Way to Communicate After a Data Breach? (darkreading.com)
Reports Published in the Last Week
Other News
77% of financial organisations detected a cyber attack in the last year | Security Magazine
Small businesses targeted by cyber criminals for data (securitybrief.co.nz)
Retailers Are Being Barraged By Cyber Attacks This Holiday Season (forbes.com)
Complexity leaves energy companies vulnerable to cyber attacks - Verdict
The MOVEit breach may well have been the biggest cyber attack of the year | TechRadar
How to bolster security against intellectual property theft (c4isrnet.com)
In Cyber Security, Some Conventional Wisdom, While Well-Intentioned, Is Off-Base (newsweek.com)
Navigating The Cyber Security Landscape In 2024 (forbes.com)
3 Strategic Insights from Cyber Security Leader Study (trendmicro.com)
The truth behind four small business cyber security myths (themanufacturer.com)
Conclusion of Crossed Swords: the most exciting offensive cyber operations exercise
Australia announces cyber security plan after major breaches | World Economic Forum (weforum.org)
National Grid drops Beijing-backed supplier over UK power network fears (ft.com)
NIST Report Spotlights Cyber, Privacy Risks in Genomic Data (inforisktoday.com)
Zscaler ThreatLabz Finds Most Cyber Attacks Hide (itsecuritywire.com)
86% of cyber attacks are delivered over encrypted channels - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.