Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

The Human Element Is the Weakest Link

Within the last week, Facebook has become the subject of a whistleblowing campaign featuring thousands of documents alleging malpractice. Despite their size and expected security controls, these documents have been exfiltrated without detection, lending credence to the idea of the insider threat. https://www.darkreading.com/risk/the-human-element-is-the-weakest-link

Ransomware is the Biggest Cyber Threat to Business But Most Firms Still Aren't Ready for It

Ransomware is still the most significant cyber security threat facing organisations – ranging from critical national infrastructure providers and large enterprises to schools and local businesses – but it's a threat that can be countered. https://www.zdnet.com/article/ransomware-is-now-the-most-urgent-cyber-threat-to-business-but-most-firms-arent-ready-for-it/

Most Known Ransomware Targets Windows Devices

Recently conducted research shows that 95% of identified ransomware is targeting Windows machines. Furthermore, the stats show that Israel are submitting by far the most ransomware samples, followed by South Korea, Vietnam, and China, with the UK in 10th place. https://www.theregister.com/2021/10/14/googles_virustotal_malware/

67% of Organisations Have Been Hit by Ransomware at Least Once

A recent report found that two-thirds of surveyed organizations have suffered a ransomware attack, with about half having been hit multiple times, and 16% having been hit three or more times. https://threatpost.com/podcast-67-percent-orgs-ransomware/175339/

Russian Cyber Crime Gang Targets Finance Firms With Stealthy Macros

A new phishing campaign dubbed MirrorBlast is deploying weaponized Excel documents that are extremely difficult to detect to compromise financial service organizations. The most notable feature of MirrorBlast is the low detection rates of the campaign's malicious Excel documents by security software, putting firms that rely solely upon detection tools at high risk. https://www.bleepingcomputer.com/news/security/russian-cybercrime-gang-targets-finance-firms-with-stealthy-macros/  

70% of Businesses Can’t Ensure the Same Level of Protection for Every Endpoint

Recent research found that 86% of UK respondents believe it is not possible to fully prevent ransomware and malware attacks from compromising their organisations. It also found that the rise in the number of endpoints that businesses need to protect continues to be a key source of risk exposure. https://www.helpnetsecurity.com/2021/10/15/endpoint-protection-level/

Over 90% of Firms Suffered Supply Chain Breaches Last Year

A recent survey polled 1200 IT and procurement leaders responsible for supply chain and cyber risk management. Those polled came from global companies with 1,000+ employees and were used to compile its report: Managing Cyber Risk Across the Extended Vendor Ecosystem. The report revealed the average number of breaches experienced in the past 12 months grew from 2.7 in 2020 to 3.7 in 2021 – a 37% year-on-year increase. https://www.infosecurity-magazine.com/news/90-firms-supply-chain-breaches/

Cyber Security Shortcomings Exposed By The Pandemic

According to a survey by SecureAge, 48% of businesses have experienced a cyber breach during the COVID-19 pandemic and another 8% ‘were not sure’. In addition, 16% of employees said they personally had to deal with a cyber security incident during the same period. https://www.helpnetsecurity.com/2021/10/13/cybersecurity-shortcomings/

6 Things to Know About 'Killware,' Cyber Security's Next Big Threat

Threat actors are adopting a “killware” cyber model, which launches attacks on critical infrastructure with the intent to cause harm. Alejandro Mayorkas, secretary for Homeland Security, told USA Today he is worried about killware because it has the potential to kill. Hackers breached a water system in February this year, which was considered an unsuccessful attempt to distribute contaminated water to residents of Florida. "[The] attack was not for financial gain but rather purely to do harm,” he said. https://www.beckershospitalreview.com/cybersecurity/6-things-to-know-about-killware-cybersecurity-s-next-big-threat.html

2021 Nastiest Malware: Here to Stay and Ever Evolving

This year was yet another year with COVID-19 and malware running rampant in the headlines. Be it in person or online, the world is still struggling in the fight against viruses. This year took another turn for the worse when attacks on critical infrastructure and supply chains became a hot trend. https://www.helpnetsecurity.com/2021/10/12/nastiest-malware-2021/

Threats

Ransomware

• Since 2020, At Least 130 Different Ransomware Families Have Been Active

• AWS Ransomware Attacks: Not A Question Of If, But When

• This New Ransomware Encrypts Your Data And Makes Some Nasty Threats, Too

• UK Cyber Head Says Russia Responsible For 'Devastating' Ransomware Attacks

• What Makes AWS Buckets Vulnerable To Ransomware

• The Netherlands Declares War On Ransomware Operations

• Weir Group Suffers 'Sophisticated' Ransomware Attack

• US Ransomware Law Would Require Victims To Disclose Ransom Payments Within 48 Hours

• Ransomware: Cyber Criminals Are Still Exploiting These Old Vulnerabilities, So Patch Now

BEC

• Analyzing Email Services Abused For Business Email Compromise

Phishing

• Human Hacking Increased As Apps And Browsers Moved Completely To The Cloud

• DocuSign Phishing Campaign Targets Low-Ranking Employees

• Phishing Campaign Uses Math Symbols To Evade Detection

Malware

• FreakOut Botnet Now Attacks Vulnerable Video DVR Devices

• FontOnLake Malware Strikes Linux Systems In Targeted Attacks

• Hackers Use Stealthy ShellClient Malware On Aerospace, Telco Firms

Vulnerabilities

• NSA Warns Of Alpaca TLS Attack, Use Of Wildcard TLS Certificates[RP1] 

• October Patch Tuesday: 3 Critical Bulletins Among 71

• Update Your Windows PCs Immediately To Patch New 0-Day Under Active Attack

• Microsoft Fixes Zero-Day Flaw In WIN32 Driver

• Windows Zero-Day Actively Exploited In Widespread Espionage Campaign

• Chinese Hackers Use Windows Zero-Day To Attack Defense, IT Firms

• Apple Releases Urgent iPhone And iPad Updates To Patch New Zero-Day Vulnerability

• Sky.Com Servers Exposed Via Misconfiguration

• Apache Patch Proves Patchy – Now You Need To Patch The Patch

Data Breaches/Leaks

• Data Breach Sees Millions Of Acer Customers' Data Being Sold By Hackers

Organised Crime & Criminal Actors

• Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds

Cryptocurrency/Cryptojacking

• CryptoRom Scam Rakes In $1.4m By Exploiting Apple Enterprise Features

• Hackers Are Hijacking Copy And Paste To Steal Millions Of Dollars In Crypto Currency

Dark Web

• Dark Web: Many Cyber Crime Services Sell For Less Than $500

• What It Costs To Hire A Hacker On The Dark Web

• Warning: 24M Webcam Video Records Up For Grabs On The Dark Web

Supply Chain

• Worldwide Supply Chains Vulnerable As Businesses Lack Visibility Into Suppliers

DoS/DDoS

• Microsoft Says Azure Fended Off What Might Just Be The World's Biggest-Ever DDoS Attack

• Ukrainian Police Arrest DDoS Operator Controlling 100,000 Bots

OT, ICS, IIoT and SCADA

• Critical Infrastructure Security Dubbed 'Abysmal' By Researchers

Nation State Actors

• Google: We're Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

• Google Sent 50,000 Warnings Of State-Sponsored Attacks In 2021

• How Shape-Shifting Threat Actors Complicate Attack Attribution

• Google Warns Some Users That Fancybear’s Been Prowling Around

• Microsoft: Iran-Linked Hackers Breached Office 365 Customer Accounts

• We’re Not In Competition With China; We’re At War, Argues A Provocative New Book

Privacy

• Amazon's Ring Doorbell Can Violate Your Neighbour’s Privacy, A UK Judge Rules

• Amnesty International Links Cyber Security Firm To Spyware Operation

• Study Reveals Android Phones Constantly Snoop On Their Users

• How Apple Can Read Your Encrypted Messages

Other News

• This Is How Formula 1 Teams Fight Off Cyber Attacks

• Cyber Attack Shuts Down Ecuador's Largest Bank, Banco Pichincha[RP2] 

• 30 Mins Or Less: Rapid Attacks Extort Orgs Without Ransomware

• University Of Sunderland Is Latest To Be Hit By Cyber Attack

• Russia Excluded From 30-Country Meeting To Fight Ransomware And Cyber Crime

• Inside Apple: How MacOS Attacks Are Evolving

• Zero-Day Hunters Seek Laws To Prevent Vendors Suing Them For Helping Out And Doing Their Jobs

• Google To Give Security Keys To ‘High Risk’ Users Targeted By Government Hackers

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

World’s Biggest Meat Producer JBS Pays $11m Cyber Crime Ransom

JBS, the world’s biggest meat processor, has paid an $11m (£7.8m) ransom after a cyber attack shut down operations, including abattoirs in the US, Australia and Canada. While most of its operations have been restored, the Brazilian-headquartered company said it hoped the payment would head off any further complications including data theft. JBS, which supplies more than a fifth of all beef in the US, reportedly made the payment in bitcoin.

https://www.theguardian.com/business/2021/jun/10/worlds-biggest-meat-producer-jbs-pays-11m-cybercrime-ransom

Jackware: A New Type Of Ransomware Could Be 10 Times As Dangerous

Between the attacks on Colonial Pipeline and JBS, which disrupted nearly half of the East Coast’s gasoline supply for a week and threatened 20% of the U.S. meat market, respectively, consumers are finally experiencing the first physical impacts to their daily lives from cyber attacks. As bad as these attacks are, they could get a lot worse. Cyber criminals are constantly evolving, and what is keeping many security professionals up at night is the growing risk of “jackware” — a new type of ransomware that could be 10 times more dangerous because instead of encrypting Windows computers and servers. Jackware hijacks the actual physical devices and machines that make modern life possible. It’s only a matter of when we will see these attacks happen

https://finance.yahoo.com/news/ransomware-jackware-115229732.html?soc_src=social-sh&soc_trk=tw&tsrc=twtr

Lewd Phishing Lures Aimed At Business Explode

Attackers have amped up their use of X-rated phishing lures in business email compromise (BEC) attacks. A new report found a stunning 974-percent spike in social-engineering scams involving suggestive materials, usually aimed at male-sounding names within a company. The Threat Intelligence team with GreatHorn made the discovery and explained it’s not simply libido driving users to click on these suggestive scams. Instead, these emails popping up on people’s screens at work are intended to shock the user, opening the door for them to make a reckless decision to click. It’s a tactic GreatHorn called “dynamite phishing.”

https://threatpost.com/lewd-phishing-lures-business-explode/166734/

UK Schools Forced To Shut Following Critical Ransomware Attack

Two schools in the south of England have been forced to temporarily close their doors after a ransomware attack that encrypted and stole sensitive data. The Skinners' Kent Academy and Skinners' Kent Primary School were attacked on June 2, according to a statement on the trust’s website which said it is currently working with third-party security experts, the police, and the National Cyber Security Centre (NCSC). It revealed that on-premises servers were targeted at the Tunbridge Well-based schools. As student and staff emergency contact details, medical records, timetables, and registers were encrypted by the attackers, the decision was taken to close on Monday.

https://www.infosecurity-magazine.com/news/schools-shut-ransomware-attacl/

Emerging Ransomware Targets Dozens Of Businesses Worldwide

An emerging ransomware strain in the threat landscape claims to have breached 30 organisations in just four months since it went operational by riding on the coattails of a notorious ransomware syndicate. First observed in February 2021, "Prometheus" is an offshoot of another well-known ransomware variant called Thanos, which was previously deployed against state-run organisations in the Middle East and North Africa last year. The affected entities are believed to be government, financial services, manufacturing, logistics, consulting, agriculture, healthcare services, insurance agencies, energy and law firms in the U.S., U.K., and a dozen more countries in Asia, Europe, the Middle East, and South America.

https://thehackernews.com/2021/06/emerging-ransomware-targets-dozens-of.html

COVID-19 Has Transformed Work, But Cyber Security Is Not Keeping Pace, Report Finds

An international survey of tech professionals from the Thales Group finds some bleak news for the current state of data security: the COVID-19 pandemic has upended cyber security norms, and security teams are struggling to keep up. The problems appear to be snowballing; lack of preparation has led to a scramble resulting in poor data protection practices, outdated security infrastructure not receiving needed overhauls, a jumble of new systems that only make matters worse and priority misalignment between security teams and leadership.

https://www.techrepublic.com/article/covid-19-has-transformed-work-but-cybersecurity-isnt-keeping-pace-report-finds/

Colonial Pipeline Ransomware Attack Was The Result Of An Old VPN Password

It took only one dusty, no-longer-used password for the DarkSide cyber criminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cyber security experts. Attackers used the password to a VPN account that was no longer in use but still allowed them to remotely access Colonial Pipeline’s network, Charles Carmakal, senior vice president at FireEye’s cyber security consulting firm Mandiant, told Bloomberg in an interview, according to a published report on the news outlet’s website.

https://threatpost.com/darkside-pwned-colonial-with-old-vpn-password/166743/

Evil Corp Rebrands Ransomware To Escape Sanctions

Threat actors behind a notorious Russian cyber crime group appear to have rebranded their ransomware once again in a bid to escape US sanctions prohibiting victims from paying them. Experts took to Twitter to point out that a leak site previously run by the Babuk group, which famously attacked Washington DC’s Metropolitan Police Department (MPD), had rebranded to “PayloadBin.” The Babuk group claimed that it was shutting down its affiliate model for encrypting victims and moving to a new model back in April. A ‘new’ ransomware variant with the same name has also been doing the rounds of late, but according to CTO of Emsisoft, Fabian Wosar, it’s nothing more than a copycat effort by Evil Corp.

https://www.infosecurity-magazine.com/news/evil-corp-rebrands-ransomware/

Billions Of Passwords Leaked Online From Past Data Breaches

A list of leaked passwords discovered on a hacker forum may be one of the largest such collections of all time. A 100GB text file leaked by a user on a popular hacker forum contains 8.4 billion passwords, likely gathered from past data breaches.

https://www.techrepublic.com/article/billions-of-passwords-leaked-online-from-past-data-breaches/

Threats

Ransomware

• Emerging 'Prometheus' Ransomware Claims 30 Victims In A Dozen Countries, Palo Alto Networks Says

• Ransomware Gangs Are Increasingly Going After SonicWall Devices

• A Deep Dive Into Nefilim, A Ransomware Group With An Eye For $1BN+ Revenue Companies

• Fujifilm Refuses To Pay Ransomware Demand, Restores Network From Backups

Phishing

• New Sophisticated Email-Based Attack From Nobelium

• Phishing Emails Remain In User Inboxes Over 3 Days Before They're Removed

• This Phishing Email Is Pushing Password-Stealing Malware To Windows PCs

Other Social Engineering

• Dangerous Connections: Sextortion Scams Soar During Lockdown, ITV News Investigation Finds

• WhatsApp Hijack Scam Continues To Spread

Malware

• Pirated Games Helped A Malware Campaign Compromise 3.2 Million PCs

• Steam Gaming Platform Hosting Malware

• Mystery Malware Steals 26M Passwords From Millions Of PCs. Are You Affected?

• Unit 42 Discovers First Known Malware Targeting Windows Containers

• Freakout Malware Worms Its Way Into Vulnerable VMware Servers

Mobile

• Android Banking Malware Sharply Increased In The First Chunk Of 2021, Reckons ESET

Vulnerabilities

• Microsoft June 2021 Patch Tuesday: 50 Vulnerabilities Patched, Six Zero-Days Exploited In The Wild

• Adobe Issues Security Updates For 41 Vulnerabilities In 10 Products

• Update Google Chrome Right Now To Avoid A Zero-Day Vulnerability

• Puzzlemaker Attacks Exploit Windows Zero-Day, Chrome Vulnerabilities

• Another Brick In The Wall: eCrime Groups Leverage SonicWall VPN Vulnerability

• Google Patches Critical Android RCE Bug

• Intel Plugs 29 Holes In CPUs, Bluetooth, Security

• Critical Zero-Day Vulnerabilities Found In ‘Unsupported’ Fedena School Management Software

• Microsoft Office MSGraph Vulnerability Could Lead To Code Execution

• WordPress Force Installs Jetpack Security Update On 5 Million Sites

Data Breaches

• EA Got Hit By A Data Breach, And Hackers Are Selling Source Code

• Dutch Pizza Chain Discloses Breach After Hacker Tries To Extort Company

Organised Crime & Criminal Actors

• ANOM: Hundreds Arrested In Massive Global Crime Sting Using Messaging App

Cryptocurrency

• Bitcoin Falls After US Seizes Most Of Colonial Ransom

• Crypto Currency Dealers Face Closure For Failing Uk Money Laundering Test

Nation State Actors

• Gelsemium: When Threat Actors Go Gardening

• Security Researcher Says Attacks On Russian Government Have Chinese Fingerprints – And Typos, Too

• Novel ‘Victory’ Backdoor Spotted In Chinese APT Campaign

• Chinese Hackers Using Previously Unknown Backdoor

Denial of Service

• ‘Fancy Lazarus’ Cyber Attackers Ramp Up Ransom DDoS Efforts

• DDoS Attacks Increase 341% Amid Pandemic

Charities

• Hackers Stole $650,000 From Nonprofit And Got Away

Other News

• US Investigates Leak Of Records Showing Billionaires Pay Little Tax

• Most Mobile Finance Apps Vulnerable To Data Breaches

• Many Executives Still Don't Understand Basic Tech

• The Rise Of Cyber Security Debt

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Headlines of the Week

Ransomware is now the biggest Cyber Security concern for CISOs

Ransomware is the biggest cyber security concern facing businesses, according to those responsible for keeping organisations safe from hacking and cyberattacks. A survey of chief information security officers (CISOs) and chief security officers (CISOs found that ransomware is now viewed as the main cyber security threat to their organisation over the course of the next year. Almost half – 46% – of CISOs and CISOs surveyed said that ransomware or other forms of extortion by outsiders represents the biggest cyber security threat.

https://www.zdnet.com/article/ransomware-is-now-the-biggest-cybersecurity-concern-for-cisos/

Crypto ransomware payments grew 311% in 2020

Crypto payments associated with ransomware grew at least 311% in 2020. “Ransomware” refers to a category of malicious computer programs that force users into paying ransoms. Just 0.34% of all cryptocurrency transactions last year were criminal, down from 2.1% in 2019. But that number is bound to go up, said the firm.

https://decrypt.co/54648/crypto-crime-ransomware-chainalysis-report-2020

The SolarWinds hackers used tactics other groups will copy

One of the most chilling aspects of Russia's recent hacking spree—which breached numerous United States government agencies among other targets—was the successful use of a “supply chain attack” to gain tens of thousands of potential targets from a single compromise at the IT services firm SolarWinds. But this was not the only striking feature of the assault. After that initial foothold, the attackers bored deeper into their victims' networks with simple and elegant strategies. Now researchers are bracing for a surge in those techniques from other attackers.

https://www.wired.com/story/solarwinds-hacker-methods-copycats/

Global Cyber Security spending to soar in 2021

The worldwide cyber security market is set to grow by up to 10% this year to top $60bn, as the global economy slowly recovers from the pandemic. Double-digit growth from $54.7bn in 2020 would be its best-case scenario. However, even in the worst case, cyber security spending would reach 6.6%. That would factor in a deeper-than-anticipated economic impact from lockdowns, although the security market has proven to be remarkably resilient thus far to the pandemic-induced global economic crisis. That said, SMB spending was hit hard last year, along with certain sectors like hospitality, retail and transport.

https://www.infosecurity-magazine.com/news/global-cybersecurity-spending-to/

Cyber criminals publish more than 4,000 stolen Sepa files

Sepa rejected a ransom demand for the attack, which has been claimed by the international Conti ransomware group. Contracts, strategy documents and databases are among the 4,000 files released. The data has been put on the dark web - a part of the internet associated with criminality and only accessible through specialised software.

https://www.bbc.co.uk/news/uk-scotland-55757884

Ransomware provides the perfect cover for other attacks

Look at any list of security challenges that CISOs are most concerned about and you’ll consistently find ransomware on them. It’s no wonder: ransomware attacks cripple organizations due to the costs of downtime, recovery, regulatory penalties, and lost revenue. Unfortunately, cybercriminals have added an extra sting to these attacks: they are using ransomware as a smokescreen to divert security teams from other clandestine activities behind the scenes

https://www.helpnetsecurity.com/2021/01/21/ransomware-cover/

Popular PDF reader has database of 77 million users hacked and leaked online

A threat actor has leaked a 14 GB database online containing over 77 million records relating to thousands of users of the Nitro PDF reader software, with users' email addresses, full names, hashed passwords, company names, IP addresses, and other system-related information.

https://www.techradar.com/au/news/popular-pdf-reader-has-database-of-77-miliion-users-hacked-and-leaked-online

Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data

Some organisations that fall victim to ransomware attacks are paying ransoms to cyber-criminal gangs despite being able to restore their own networks from backups, in order to prevent hackers publishing stolen data. Over the course of the past year, many of the most successful ransomware gangs have added an additional technique in an effort to coerce victims into paying ransoms after compromising their networks – publishing stolen data if a payment isn't received.

https://www.zdnet.com/article/ransomware-victims-that-have-backups-are-paying-ransoms-to-stop-hackers-leaking-their-stolen-data/

GDPR fines skyrocket as EU gets tough on data breaches

Europe’s new privacy protection regime has led to a surge in fines for bad actors, according to research published today. Law firm DLA Piper says that, since January 28th, 2020, the EU has issued around €158.5 million (around $192 million) in financial penalties. That’s a 39-percent increase on the previous 20-month period Piper examined in its report, published this time last year. And as well as the increased fines, the number of breach notifications has shot up by 19 percent across the same 12-month period.

https://www.engadget.com/gdpr-fines-dla-piper-report-144510440.html

Malware incidents on remote devices increase

Devices compromised by malware in 2020, 37% continued accessing corporate emails after being compromised and 11% continued accessing cloud storage, highlighting a need for organizations to better determine how to configure business tools to ensure fast and safe connectivity for all users in 2021.

https://www.helpnetsecurity.com/2021/01/18/malware-incidents-remote-devices/

Threats

Phishing

• Phishing scam had all the bells and whistles—except for one

• Cyber Criminals Leave Stolen Phishing Credentials in Plain Sight

Malware

• Malware found on laptops given out by government

• Macs Do Get Malware And This Nasty Cryptomining Payload Has Been In Hiding For 5 Years

Vulnerabilities

• Signal and other video chat apps found to have some major security flaws

• Automated exploit of critical SAP SolMan vulnerability detected in the wild

• List of DNSpooq vulnerability advisories, patches, and update

• Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning

• Critical Cisco SD-WAN Bugs Allow RCE Attacks

• New FreakOut botnet targets Linux systems running unpatched software

Data Breaches

• Health Insurer Fined $5.1m Over Data Breach

• Ubiquiti breach, and other IoT security problems

Denial of Service

• Windows RDP servers are being abused to amplify DDoS attacks

Cloud

• Hackers hijacked cloud accounts of high-tech and aviation firms, hid in systems for years

Privacy

• Is your boss spying on you as you work from home? One in five firms admit using secret software

Other News

• Last-minute Trump order adds new security regulation to cloud providers

• FBI warns of voice phishing attacks targeting employees at large companies

• Microsoft Defender is boosting its response to malware attacks by changing a key setting

• Hacker posts 1.9 million Pixlr user records for free on forum

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.