Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Half of UK Businesses Struggle to Fill Cyber Security Skills Gap

Half of UK businesses have a cyber security skills gap that they are struggling to fill amid a challenging labour market, according to data published by the UK Department for Science, Innovation and Technology (DSIT), which found that there were more than 160,000 cyber security job postings in the last year – a 30% increase on the previous period. In all, the UK requires an additional 11,200 people with suitable cyber skills to meet the demands of the market, the report estimates.

In a separate report, it was found that a lack of executive understanding and an ever-widening talent gap is placing an unsustainable burden on security teams to prevent business-ending breaches. When asked how long it takes to fill a cyber security role, 82% of organisations report it takes three months or longer, with 34% reporting it takes seven months or more. These challenges have led one-third (33%) of organisations to believe they will never have a fully-staffed security team with the proper skills.

With such a gap, some organisations have turned to outsourcing cyber security roles, such as chief information security officers (CISOs), leading to a rise in virtual CISOs (vCISO). With outsourcing, organisations can ensure that they are easily able to pick up and use cyber security experts, greatly reducing the delay were they to hire. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.uktech.news/cybersecurity/uk-cybersecurity-skills-gap-20230725

https://www.helpnetsecurity.com/2023/07/26/security-teams-executive-burden/

• Deloitte Joins Fellow Big Four MOVEit victims PWC, EY as Victims Exceed 500

The global auditing and accounting firm Deloitte appeared alongside a further 55 MOVEit victims that were recently named by the Cl0p ransomware gang, making them the third Big Four accounting firm to be affected and amongst over 500 organisations in total with that number expected to continue to increase.

Research by Kroll has also uncovered a new exfiltration method used by Cl0p in their the MOVEit attacks, highlighting constant efforts by the ransomware gang. Worryingly, it has been reported that Cl0p have made between $75-100 million from ransom payments and it is expected this, along with the victim count, will rise.

https://cybernews.com/security/deloitte-big-four-moveit-pwc-ey-clop/

https://www.kroll.com/en/insights/publications/cyber/moveit-vulnerability-investigations-uncover-additional-exfiltration-method

https://www.infosecurity-magazine.com/news/clop-could-make-100m-moveit/

• Why Cyber Security Should Be Part of Your ESG Strategy

Organisations need to consider cyber security risks in their overall environmental, social and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny. The ESG programme is, in many ways, a form of risk management to mitigate the risks to businesses, societies and the environment, all of which can be impacted by cyber security. The investment community has been singling out cyber security as one of the major risks that ESG programmes will need to address due to the potential financial losses, reputational damage and business continuity risks posed by a growing number of cyber attacks and data breaches.

Various ESG reporting frameworks have emerged in recent years to provide organisations with guidelines on how they can operate ethically and sustainably, along with metrics that they can use to measure their progress. There are also specific IT security standards and frameworks, including ISO 27001 and government guidelines. Some regulators have gone as far as mandating the adoption of baseline security standards by critical infrastructure operators and firms in industries like financial services, but that does not mean organisations outside of regulated sectors are less pressured to shore up their cyber security posture.

https://www.computerweekly.com/news/366545432/Why-cyber-security-should-be-part-of-your-ESG-strategy

• Lawyers Take Frontline Role in Business Response to Cyber Attacks

Cyber security risk has shot to the top of general counsels’ agendas as the sophistication and frequency of attacks has grown. According to security company Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed said they had been hit with ransomware in the past year. Of those affected, 33% said their data was encrypted and stolen and a further 6% said that their data was not encrypted but they experienced extortion.

In-house lawyers have a key role around the boardroom table when dealing with a breach including war-gaming and discussing cases in which a company will pay a ransom. The advent of General Data Protection Regulation (GDPR) legislation in Europe, and equivalents elsewhere, demands that businesses hit by a data breach notify a regulator, and the individuals whose data was stolen, or both, depending on certain factors. This has led to far greater exposure of cyber incidents which companies previously could have tried to deal with privately.

https://www.ft.com/content/2af44ae8-78fc-4393-88c3-0d784a850331

• Organisations Face Record $4.5M Per Data Breach Incident

In a recent report conducted by IBM, the average cost per data breach for US business in 2023 jumped to $4.45 million, a 15% increase over three years. In the UK, the average cost was found to be £3.4 million, rising to £5.3 million for financial services. It is likely that the cost per breach will maintain a continual rise, with organisations struggling to crack down on cyber crime, something threat groups like Cl0p are taking advantage of.

https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident

https://uk.newsroom.ibm.com/24-07-2023-IBM-Security-Report-Cost-of-a-Data-Breach-for-UK-Businesses-Averages-3-4m

• Cryptojacking Soars as Cyber Attacks Diversify

According to a recent report, a variety of attacks have increased globally, including cryptojacking (399%), IoT malware (37%) and encrypted threats (22%). This reflects the increase in actors who are changing their methods of attacks. The report found that we can expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.

Cryptojacking, sometimes referred to as malicious cryptomining, is where an attacker will use a victim’s device to mine cryptocurrency, giving the attacker free money at the expense of your device, network health and electricity.

https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/

• Ransomware Attacks Skyrocket in 2023

Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The significant increase in ransomware over April, May and June 2023 suggests that attackers are regrouping. In July 2023, the blockchain analysis firm Chainalysis found that in the first half of 2023, ransomware attackers extorted $176m more than the same period in 2022, reversing a brief downward trend in 2022.

The report also observed an uptick in “pure extortion attacks,” with cyber criminals increasingly relying on the threat of data leaks rather than encrypting data to extort victims. Such schemes may not trigger any ransomware detection capability but could potentially be picked up by a robust Data Loss Prevention (DLP) solution.

https://www.infosecurity-magazine.com/news/ransomware-attacks-skyrocket-q2/

• Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk

Despite the mass adoption of generative AI, most companies don’t know how to assess its security, exposing them to risks and disadvantages if they don’t change their approach. A report found that for every 10,000 enterprise users, an enterprise organisation is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month. Worryingly, despite the security issues, only 45% have an enterprise-wide strategy to ensure a secure, aligned deployment of AI across the entire organisation.

Blocking access to AI related content and AI applications is a short term solution to mitigate risk, but comes at the expense of the potential benefits that AI apps offer to supplement corporate innovation and employee productivity. The data shows that in financial services and healthcare nearly 1 in 5 organisations have implemented a blanket ban on employee use of ChatGPT, while in the technology sector, only 1 in 20 organisations have done likewise.

https://www.helpnetsecurity.com/2023/07/28/chatgpt-exposure/

https://www.techradar.com/pro/lots-of-sensitive-data-is-still-being-posted-to-chatgpt

https://www.helpnetsecurity.com/2023/07/25/generative-ai-strategy/

• Protect Your Data Like Your Reputation Depends on It (Because it Does)

Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organisation to its knees. However, in the face of economic damage, it’s too easy to overlook the vast reputational impacts that often do more harm to a business. After all, it’s relatively easy to recoup monetary losses, less so to regain customer trust.

It’s important to remember that reputational damage isn’t limited to consumer perceptions. Stakeholder, shareholder, and potential buyer perception is also something that needs to be considered. By having effective defence in depth controls including robust data loss prevention (DLP) solutions in place, organisations can reduce the risk of a breach from happening.

https://informationsecuritybuzz.com/protect-your-data-like-your-reputation-depends-on-it-because-it-does/

• Why CISOs Should Get Involved with Cyber Insurance Negotiation

Generally negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the chief information security officer (CISO) at the table when negotiating with insurance brokers or carriers is a best practice for ensuring the insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organisation's strategy. That said, often best practices are ignored for reasons of expediency and lack of acceptance by other C-suite executives.

Sometimes being the CISO can be a no-win position. According to a recent survey more than half of all CISOs report to a technical corporate officer rather than the business side of the organisation. This lack of recognition by the board can diminish the CISO's ability to deliver business-imperative insights and recommendations, leaving operations to have a more commanding influence on the board than cyber security. Too often the CISO gets the responsibility to protect the company without the authority and budget to accomplish their task.

https://www.darkreading.com/edge-articles/why-cisos-should-get-involved-with-cyber-insurance-negotiation

• Companies Must Have Corporate Cyber Security Experts, SEC Says

A recent report has found that only five Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is largely unchanged from five of the Fortune 100 in 2018. One likely reason why a great many companies still don’t include their security leaders within their highest echelons is that these employees do not report directly to the company’s CEO, board of directors, or chief risk officer.

The chief security officer (CSO) or chief information security officer (CISO) position traditionally has reported to an executive in a technical role, such as the chief technology officer (CTO) or chief information officer (CIO). But workforce experts say placing the CISO/CSO on unequal footing with the organisation’s top leaders makes it more likely that cyber security and risk concerns will take a backseat to initiatives designed to increase productivity and generally grow the business.

The US Securities and Exchange Commission (SEC) has recently implemented new regulations necessitating publicly traded companies to report cyber attacks within four business days, once they're deemed material incidents. While the SEC is not presently advocating for the need to validate a board cyber security expert's credentials, it continues to insist that cyber security expertise within management be duly reported to them. The increased disclosure should help companies compare practices and may spur improvements in cyber defences, but meeting the new disclosure standards could be a bigger challenge for smaller companies with limited resources.

https://www.darkreading.com/edge-articles/companies-must-have-corporate-cybersecurity-experts-sec-says

https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/

https://krebsonsecurity.com/2023/07/few-fortune-100-firms-list-security-pros-in-their-executive-ranks/

• Over 400,000 Corporate Credentials Stolen by Info-stealing Malware

Information stealers are malware that steal data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, file transfer protocol (FTP) clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cyber crime marketplaces. Worryingly, employees use personal devices for work or access personal stuff from work computers, and this may result in many info-stealer infections stealing business credentials and authentication cookies. A report has found there are over 400,000 corporate credentials stolen, from applications such as Salesforce, Google Cloud and AWS. Additionally, there was a significant increase in the number containing OpenAI credentials; this is alarming as where AI is used without governance, the credentials may leak things such as internal business strategies and source code.

With such an array of valuable information for an attacker, it is no wonder incidents involving info stealers doubled in Q1 2023. Organisations can best protect themselves by utilising password managers, enforcing multi-factor authentication and having strict usage controls. Additionally, user awareness training can help avoid common infection channels such as malicious websites and adverts.

https://www.bleepingcomputer.com/news/security/over-400-000-corporate-credentials-stolen-by-info-stealing-malware/

https://www.scmagazine.com/news/infostealer-incidents-more-than-doubled-in-q1-2023

Governance, Risk and Compliance

• Data Breaches Cost Businesses $4.5M on Average (darkreading.com)

• Deciphering The IBM Cost Of A Data Breach Report: A Statistical Perspective For Business Leaders (informationsecuritybuzz.com)

• Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)

• SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)

• Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)

• Companies encounter months-long delays in filling critical security positions - Help Net Security

• Why Today's CISOs Must Embrace Change (darkreading.com)

• Enterprises should layer-up security to avoid legal repercussions - Help Net Security

• Aligning Risk Appetite, Tolerance, And Thresholds With Business Planning: A Comprehensive Guide To Enterprise Risk Management (informationsecuritybuzz.com)

• Explaining risk maturity models and how they work | TechTarget

• Why cyber security should be part of your ESG strategy | Computer Weekly

• The old “trust but verify” adage should be the motto for every CISO | CSO Online

• Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security

• Few Fortune 100 Firms List Security Pros in Their Executive Ranks – Krebs on Security

• The critical cyber security backup plan too many companies are ignoring (cnbc.com)

• Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)

• Why Computer Security Advice Is More Confusing Than It Should Be (darkreading.com)

• Why whistleblowers in cyber security are important and need support | CSO Online

• The challenge of managing unlimited threats in a limited budget: cyber security experts comment | CSO Online

• 4 Cyber security Budget Management Tips (trendmicro.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Clop now leaks data stolen in MOVEit attacks on clearweb sites (bleepingcomputer.com)

• MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method (kroll.com)

• Clop Could Make $100m from MOVEit Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)

• Millions of people's healthcare files accessed by Clop gang • The Register

• Ransomware Attacks Skyrocket in Q2 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Local Governments Targeted for Ransomware – How to Prevent Falling Victim (thehackernews.com)

• New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)

• Dozens of Organisations Targeted by Akira Ransomware - SecurityWeek

• Ransomware Spotlight: Play - Security News (trendmicro.com)

• The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop

• Risk & Repeat: Are data extortion attacks ransomware? | TechTarget

• ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)

• Education Sector Has Highest Ransomware Victim Count - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware: Sophos says most universities pay | Times Higher Education (THE)

Ransomware Victims

• PwC has data leaked on the clear web - Cyber Security Connect

• Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews

• DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)

• Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek

• Millions of people's healthcare files accessed by Clop gang • The Register

• Tampa General Hospital Says Patient Information Stolen in Ransomware Attack - SecurityWeek

• Another Cl0p victim goes public | Cybernews

• Yamaha confirms cyber attack after multiple ransomware gangs claim attacks (therecord.media)

Phishing & Email Based Attacks

• Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Stolen Microsoft key may have opened up more than inboxes • The Register

• KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related (darkreading.com)

• The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)

• How to avoid LinkedIn phishing attacks in the enterprise | TechTarget

• Windows 11 just got a big upgrade to protect you from phishing attacks — here’s how it works | Tom's Guide (tomsguide.com)

• Critical Infrastructure Workers More Likely to Detect and Report Phishing and Malicious Emails, Study Finds - MSSP Alert

BEC – Business Email Compromise

• Repeatable VEC Attacks Target Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• The Dark Side of AI (darkreading.com)

• Blocking access to ChatGPT is a short term solution to mitigate risk - Help Net Security

• UN Security Council to hold first talks on AI risks | Reuters

• Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security

• ChatGPT, Other Generative AI Apps Prone to Compromise, Manipulation (darkreading.com)

• Lots of sensitive data is still being posted to ChatGPT | TechRadar

• Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)

• Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop

• The Good, the Bad and the Ugly of Generative AI - SecurityWeek

• OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop

• Intel's deepfake detector tested on real and fake videos - BBC News

• Are AI-Engineered Threats FUD or Reality? (darkreading.com)

• How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)

Malware

• Over 400,000 corporate credentials stolen by info-stealing malware (bleepingcomputer.com)

• Infostealer incidents more than doubled in Q1 2023 | SC Media (scmagazine.com)

• The Alarming Rise of Infostealers: How to Detect this Silent Threat (thehackernews.com)

• Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks (thehackernews.com)

• Rust-based malware used to hack both Windows and Linux servers - Neowin

• Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets (thehackernews.com)

• Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)

• FIN8 is rewriting its backdoor malware to avoid detection | SC Media (scmagazine.com)

• New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)

• New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)

• HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software (thehackernews.com)

• Who and What is Behind the Malware Proxy Service SocksEscort? – Krebs on Security

Mobile

• Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert

• Spyhide stalkerware is spying on tens of thousands of phones | TechCrunch

• 5 steps to approach BYOD compliance policies | TechTarget

Botnets

• Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)

• Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek

Denial of Service/DoS/DDOS

• Critical UK Infrastructures in the crosshairs of DDoS attacks (link11.com)

• Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica

• Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)

BYOD

• 5 steps to approach BYOD compliance policies | TechTarget

Internet of Things – IoT

• Peloton Bugs Expose Enterprise Networks to IoT Attacks (darkreading.com)

• Microsoft previews  Defender for IoT firmware analysis service (bleepingcomputer.com)

• Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats - SecurityWeek

Data Breaches/Leaks

• Deciphering The IBM Cost Of A Data Breach Report: A Statistical Perspective For Business Leaders (informationsecuritybuzz.com)

• Capita breach class action nears 1,000 sign-ups • The Register

• VirusTotal: We're sorry for mistake that exposed 5,000 users • The Register

• Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews

• NATO investigating apparent breach of unclassified information sharing platform | CyberScoop

• Tampa General Hospital Data Breach Impacts 1.2 Million Patients - Infosecurity Magazine (infosecurity-magazine.com)

• Australian Home Affairs cyber survey exposed personal data of participating firms | Data and computer security | The Guardian

• Data Breach Costs Hit Record High but Fall For Some - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker Claims to Have Stolen Sensitive Medical Records from Egypt's Ministry of Health - Infosecurity Magazine (infosecurity-magazine.com)

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

• Nice Suzuki, sport: shame dealer left your data up for grabs - Security Affairs

• Johns Hopkins hit with class action lawsuit connected to data breach - CBS Baltimore (cbsnews.com)

Organised Crime & Criminal Actors

• The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cryptojacking soars as cyber attacks increase, diversify - Help Net Security

• Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)

• Cryptojacking: Understanding and defending against cloud compute resource abuse | Microsoft Security Blog

• Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)

• New Realst macOS malware steals your cryptocurrency wallets (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)

• Consumers demand more from businesses when it comes to security - Help Net Security

• CISOs gear up to combat the rising threat of B2B fraud - Help Net Security

• Booz Allen Pays $377m to Settle Government Fraud Case - Infosecurity Magazine (infosecurity-magazine.com)

• MPs launch inquiry into prosecution of Norton Motorcycles pension fraud | Crime | The Guardian

Insurance

• Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)

• Brave New World of Cyber Insurance Meets Old-World Contract Principles | New Jersey Law Journal

Dark Web

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

• How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)

Supply Chain and Third Parties

• Capita breach class action nears 1,000 sign-ups • The Register

• DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)

• The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)

• Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek

• Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)

• Strengthening the weakest links in the digital supply chain - Help Net Security

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• Supply Chain Attack Hits NHS Ambulance Trusts - Infosecurity Magazine (infosecurity-magazine.com)

Software Supply Chain

• Two ambulance services in UK lost access to patient records after a cyber attack on software provider - Security Affairs

Cloud/SaaS

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps (darkreading.com)

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek

• The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)

• Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)

Shadow IT

• NCSC Publishes New Guidance on Shadow IT - Infosecurity Magazine (infosecurity-magazine.com)

Encryption

• The UK Government Is Very Close To Eroding Encryption Worldwide  | Electronic Frontier Foundation (eff.org)

• Apple could opt to stop iMessage and FaceTime services due to the government's surveillance demands - Security Affairs

• Hacking police radios: 30-year-old crypto flaws in the spotlight – Naked Security (sophos.com)

• Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (vice.com)

API

• Reining in API sprawl | TechCrunch

• ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)

Open Source

• New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection (thehackernews.com)

• Rust-based malware used to hack both Windows and Linux servers - Neowin

• Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)

• New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)

• Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• CISA: Most cyber attacks on gov’ts, critical infrastructure involve valid credentials (therecord.media)

Social Media

• How to avoid LinkedIn phishing attacks in the enterprise | TechTarget

• Stanford researchers find Mastodon has a massive child abuse material problem - The Verge

Training, Education and Awareness

• Why are computer security guidelines so confusing? - Help Net Security

Travel

• The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)

Parental Controls and Child Safety

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Stanford researchers find Mastodon has a massive child abuse material problem - The Verge

Regulations, Fines and Legislation

• SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)

• Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Apple could opt to stop iMessage and FaceTime services due to the government's surveillance demands - Security Affairs

• OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop

• EU Agrees On Common Position For Cyber Resilience Act To Enhance Security Of Digital Products (informationsecuritybuzz.com)

Data Protection

• More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)

• Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)

Careers, Working in Cyber and Information Security

• Companies encounter months-long delays in filling critical security positions - Help Net Security

• UK Government Report Finds Cyber security Skills Gap Stagnant - Infosecurity Magazine (infosecurity-magazine.com)

• Bridging the cyber security skills gap through cyber range training - Help Net Security

• Overcoming the cyber security talent shortage with upskilling initiatives - Help Net Security

Law Enforcement Action and Take Downs

• The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop

Privacy, Surveillance and Mass Monitoring

• More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Companies Need to Prove They Can Be Trusted with Technology (hbr.org)

• Ryanair Hit With Lawsuit Over Use of Facial Recognition Technology (darkreading.com)

Misinformation, Disinformation and Propaganda

• China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)

• Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)

• Russian court jails cyber security executive for 14 years in treason case | Reuters

• Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian

• 69% of Russian gamers are pirating after Ukraine invasion pushback | Ars Technica

China

• Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Stolen Microsoft key may have opened up more than inboxes • The Register

• Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)

• The Chinese groups accused of hacking the US and others | Reuters

• Industrial Organisations in Eastern Europe Targeted by Chinese Cyber spies - SecurityWeek

• Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert

• China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)

• China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)

• US Senator Wyden Accuses Microsoft of ‘Cyber security Negligence’ - SecurityWeek

• China’s Wuhan Earthquake Center Suffers Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

North Korea

• North Korean Cyber spies Target GitHub Developers (darkreading.com)

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• GitHub warns of Lazarus hackers targeting devs with malicious projects (bleepingcomputer.com)

• Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)

• Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)

• APT “Mysterious Elephant” Emerges in Q2 2023, Kaspersky Reports - Infosecurity Magazine (infosecurity-magazine.com)

Misc/Other/Unknown

• Advanced Persistent Threats (APTs): Detection and Mitigation (blueteamresources.in)

• Part 1: Historic To 2022 – The APT And Logical Threats (informationsecuritybuzz.com)

Vulnerability Management

• Google: 41 zero-day vulnerabilities exploited in 2022 | TechTarget

• CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem (darkreading.com)

• Want to live dangerously? Try running Windows XP in 2023 • The Register

• A step-by-step guide for patching software vulnerabilities - Help Net Security

Vulnerabilities

• Over 20,000 Citrix Appliances Vulnerable to New Exploit - SecurityWeek

• A flaw in OpenSSH forwarded ssh-agent allows remote code execution-Security Affairs

• Apple fixes new zero-day used in attacks against iPhones, Macs (bleepingcomputer.com)

• Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519 - Security Affairs

• NetScaler RCE bug abused to pilfer critical infrastructure Active Directory data | SC Media (scmagazine.com)

• Ivanti patches MobileIron zero-day bug exploited in attacks (bleepingcomputer.com)

• Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica

• Apache OpenMeetings Wide Open to Account Takeover, Code Execution (darkreading.com)

• Super Admin elevation bug puts 900,000 MikroTik devices at risk (bleepingcomputer.com)

• Norwegian government IT systems hacked using zero-day flaw (bleepingcomputer.com)

• VMware fixes bug exposing CF API admin credentials in audit logs (bleepingcomputer.com)

• Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required (thehackernews.com)

• Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)

• Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks (thehackernews.com)

• Atlassian RCE Bugs Plague Confluence, Bamboo (darkreading.com)

• Zenbleed attack leaks sensitive data from AMD Zen2 processors (bleepingcomputer.com)

• Microsoft shares fix for some Outlook hyperlinks not opening (bleepingcomputer.com)

• Critical Flaws Found in Microsoft Message Queuing Service - Infosecurity Magazine (infosecurity-magazine.com)

• China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)

• Study reveals silent Python package security fixes • The Register

• Windows 10 KB5028244 update released with 19 fixes, improved security (bleepingcomputer.com)

• VMware Patches Vulnerability Exposing Admin Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek

• Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek

• Zimbra patches zero-day vulnerability exploited in XSS attacks (bleepingcomputer.com)

• WordPress Ninja Forms plugin flaw lets hackers steal submitted data (bleepingcomputer.com)

• Two flaws in Linux Ubuntu affect 40% of Ubuntu users - Security Affairs

Tools and Controls

• Aligning Risk Appetite, Tolerance, And Thresholds With Business Planning: A Comprehensive Guide To Enterprise Risk Management (informationsecuritybuzz.com)

• Why cyber security should be part of your ESG strategy | Computer Weekly

• Lawyers take frontline role in business response to cyber attacks | Financial Times (ft.com)

• Explaining risk maturity models and how they work | TechTarget

• Microsoft enhances Windows 11 Phishing Protection with new features (bleepingcomputer.com)

• Shadow Coding Is An Intoxicating Shortcut—And A Security Landmine (forbes.com)

• Zero trust rated as highly effective by businesses worldwide - Help Net Security

• 50% of Zero Trust Programs Risk Failure According to PlainID Survey (darkreading.com)

• Google Chrome to offer 'Link Previews' when hovering over links (bleepingcomputer.com)

• Why are computer security guidelines so confusing? - Help Net Security

• Threat Intelligence Is Growing — Here's How SOCs Can Keep Up (darkreading.com)

• The challenge of managing unlimited threats in a limited budget: cyber security experts comment | CSO Online

• Shaping the future of digital identity - Help Net Security

• How to Put the Sec in DevSecOps (darkreading.com)

• Designing a Security Strategy for Defending Multicloud Architectures (darkreading.com)

• How Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats | Microsoft Security Blog

• Converging networking and security with SASE - Help Net Security

• 5 steps to approach BYOD compliance policies | TechTarget

• KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related (darkreading.com)

• Windows 11 just got a big upgrade to protect you from phishing attacks — here’s how it works | Tom's Guide (tomsguide.com)

• Artificial Intelligence Continues To Revolutionize Cyber security (forbes.com)

• Key factors for effective security automation - Help Net Security

• Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)

• The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)

• CISOs consider zero trust a hot security ticket - Help Net Security

• How a Cyber Security Platform Addresses the 3 “S” (trendmicro.com)

• 4 Cyber security Budget Management Tips (trendmicro.com)

Reports Published in the Last Week

• The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)

• Cost of a data breach 2023 | IBM

• Internet Organised Crime Threat Assessment (IOCTA) | Europol (europa.eu)

• Q1 Report: Email Threat Trends Discover Q1 trends and stay ahead of email based threats. - VIPRE

Other News

• Maritime Cyber attack Database Launched by Dutch University - SecurityWeek

• Google’s new security pilot program will ban employee Internet access | Ars Technica

• Inspiring secure coding: Strategies to encourage developers' continuous improvement - Help Net Security

• macOS Under Attack: Examining the Growing Threat and User Perspectives (thehackernews.com)

• Why whistleblowers in cyber security are important and need support | CSO Online

• Cyber crime as a Public Health Crisis (darkreading.com)

• 7 in 10 MSPs Name Data Security and Network Security As Their Top IT Priorities for 2023 (darkreading.com)

• TETRA Radio Code Encryption Has a Flaw: A Backdoor | WIRED

• World's most internetty firm tries life off the net • The Register

• Exam board cyber attack investigation: Teenager arrested (schoolsweek.co.uk)

• Companies Need to Prove They Can Be Trusted with Technology (hbr.org)

• Heart monitor manufacturer hit by cyber attack, takes systems offline (bitdefender.com)

• How do companies protect customer data? | TechTarget

• Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years

The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups according to Check Point Research, with healthcare in particular facing a significant year-on-year increase. The impact of ransomware hits every organisation, with separate research finding global financial services organisations having lost over $32bn in downtime since 2018 due to ransomware breaches.

A recent report found that the ransomware gangs LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June 2023. The impact from Cl0p’s MOVEit attack alone has been felt by over 400 organisations since May 2023. One of the key takeaways from the MOVEit attack is that no matter the sector, any organisation can be a victim and as such it is essential to have effective controls in place, incorporating defence-in-depth. It’s worth considering how many organisations are still running vulnerable instances of MOVEit, or have someone in their supply chain who is.

https://www.infosecurity-magazine.com/news/ransomware-costs-financial-32bn/

https://www.itpro.com/security/ransomware/weekly-cyber-attacks-reach-two-year-high-amid-ransomware-resurgence

• MOVEit Body Count Closes in on 400 Organisations, 20M+ Individuals

The number of victims and the costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven. In late May 2023, Russian ransomware gang Cl0p exploited a security hole in Progress Software's MOVEit product suite to steal documents from vulnerable networks. As of last week, the number of affected organisations was closing in on 400 and individual victims exceed 20 million.

The attack highlights the need for organisations to have policies and procedures in place for third parties, and to be aware of the data which a third party supplier has on them. It will be the organisation who will need to let their customers know in the event of a breach.

https://www.theregister.com/2023/07/20/moveit_victim_count/

• IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer

28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. Liles, an IT security analyst at an Oxford-based company in the UK, exploited his position to intercept a ransomware payment following an attack suffered by his employer. To deceive the company, he impersonated the ransomware gang extorting them. He tried to redirect the ransomware payments by switching the cyber criminals' cryptocurrency wallet to one under his control. He also accessed a board member's private emails over 300 times.

Insider threat is a risk that organisations need to be aware of and, although it was malicious in this case, it can also come from employee negligence. Organisations looking to achieve a strong level of cyber resilience should incorporate insider risk into their training and controls.

https://www.bleepingcomputer.com/news/security/it-worker-jailed-for-impersonating-ransomware-gang-to-extort-employer/

• Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs

In today's evolving digital landscape, the role of a chief information security officer (CISO) is critical. These professionals defend against the rising tide of daily cyber threats. Yet many CISOs are leaving or considering leaving their jobs; this trend seems to reflect the intense pressure CISOs endure. They face a constant stream of complex cyber threats, manage compliance issues and struggle with a talent deficit in cyber security. Paired with high expectations, many reconsider their roles which can lead to a leadership gap.

A virtual CISO (vCISO) is an outsourced security practitioner who offers their expertise to businesses on a part-time or contractual basis. These professionals provide many of the same services as a traditional CISO, such as developing and implementing security strategies, ensuring compliance with regulations, training staff and managing a company's cyber security posture. vCISOs, such as from Black Arrow, are often part of a larger team and can bring a wide range of experiences and skills. They are exposed to diverse security landscapes across industries, and can provide a fresh perspective and innovative solutions to your security challenges. The vCISO model may not replace the need for a full-time CISO in all cases, but it can certainly add a flexible and cost-effective tool to the arsenal of businesses looking to bolster their cyber security posture.

https://www.forbes.com/sites/theyec/2023/07/14/stabilizing-the-cybersecurity-landscape-the-ciso-exodus-and-the-rise-of-vcisos/

• Risk is Driving Medium-Sized Business Decisions

Small and medium sized businesses (SMBs) have long lacked the tools, expertise, staff and budget to make major cyber security investments. However, as threats become more mainstream and more advanced, the focus is shifting, so SMBs need to take the threats seriously and evaluate their cyber security controls.

In a survey of 140 SMBs, it was found that 40% of respondents believe they are very likely or extremely likely to experience a cyber security attack target in the next 12 months. That fear is founded, as 34% of organisations stated they experienced a malware attack in the past year, and 29% experienced a phishing or spear phishing incident. SMBs are putting their time, energy, and budget toward risk management. When it came to budgeting, 67% list their primary budgeting method as “risk-based”, and only 32% as “ad hoc/following an attack or breach”. It was found that over two-thirds of businesses would rather spend money now than pay a ransom later.

https://www.msspalert.com/cybersecurity-guests/risk-is-driving-small-and-medium-sized-businesses-smb-decisions/

• Talent and Governance, Not Technology, are Key to Drive Change Around Cyber Security

For the last 20 years, large organisations have been spending significant amounts of money on cyber security products and solutions, on managed services, or with consultancies large and small. Yet maturity levels remain elusive: a report found that 70% of firms surveyed had yet to fully advance to a mature-based approach. Cyber security good practices have been well established for the best part of the last 20 years and continue to provide, in most industries, an acceptable level of protection against most threats and an acceptable level of compliance against most regulations.

However cyber security is often viewed as something external to the business. This perspective leads to talent alienation and execution failures because the employees who should be invested in maintaining and improving cyber security may feel disconnected from these efforts. To make genuine progress, cyber security needs to be intrinsically linked to business values as a visible priority, owned and directed from the highest levels of an organisation.

This approach underlines the importance of governance in setting effective cyber security policies and procedures. It also highlights the crucial role of nurturing talent within the organisation to ensure active involvement in maintaining and improving cyber security measures. While technology is undoubtedly an essential element of cyber security, prioritising talent and governance can lead to lasting progress.

https://technative.io/talent-and-governance-not-technology-are-key-to-drive-change-around-cyber-security/

• Hybrid Work, Digital Transformation can Exploit Security Gaps

A new study showed that larger organisations generally recognise malware threats but they lack protection against malicious actors and ways to properly remediate infections. The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data. 53% say they are extremely concerned about attacks, with 1% of security leaders saying they weren’t concerned at all. 98% said that better visibility into at-risk applications would significantly improve their security posture.

The most overlooked entry points for malware include 57% of organisations allowing employees to sync browser data between personal and corporate devices. 54% of organisations struggle with shadow IT, due to employees’ unsanctioned adoption of applications and systems, creating gaps not only in visibility but also in basic security controls and corporate policies.

https://www.msspalert.com/cybersecurity-research/digital-transformation-hybrid-work-models-create-perfect-setting-for-cybercriminals-to-exploit-security-gaps-study-finds/

• Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training

The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing end user behaviour. It reflects a growing acceptance that traditional methods haven’t worked. While traditional security awareness teaches users how to recognise social engineering, new behaviour changing trains the brain – almost pre-programs it – on the correct recognition and response to phishing.

What is considered a standard phishing email today may not be tomorrow, and changes in user behaviour will help to combat this. It is simply not enough to be shown one phishing email and be told to follow procedures. Training should instead be focused on going beyond; this should look to change how the user approaches things such as phishing, and gamifying the recognition and reporting of it.

https://www.securityweek.com/human-cyber-risk-can-be-demonstrably-mitigated-by-behavior-changing-training-analysis/

• AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks

A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber criminals, specifically for launching business email compromise (BEC) attacks, according to new findings. The tool is designed for malicious purposes and has no restrictions on what a user can request. Such a tool allows for impeccable grammar in emails to reduce suspicion and allows sophistication with no restrictions on prompts. The lowered entry threshold enables cyber criminals with limited skills to execute sophisticated attacks, democratising the use of this technology.

https://www.infosecurity-magazine.com/news/wormgpt-fake-emails-bec-attacks/

https://www.independent.co.uk/tech/chatgpt-dark-web-wormgpt-hack-b2376627.html

• Pro-Russian Hacktivists Increase Focus on Western Targets

‘Anonymous Sudan’, apparent pro-Russian hacktivists, claimed a one-hour distributed denial of service attack on the social platform OnlyFans last week. This was the latest in a string of operations aimed at targets in the US and Europe. The group’s digital assaults coincide with attacks coming from a broader network of hackers aligned with Moscow that seek attention by taking down high-profile victims and strategic targets; many of the targets support Ukraine in its ongoing war against Russia.

The pro-Russian group appears to be affiliated with Killnet, a pro-Russian hacktivist group that emerged in late 2021 or early 2022 and has claimed distributed denial of service (DDoS) attacks, data theft and leaks on perceived adversaries of the Russian government, according to an analysis from Google’s Mandiant released earlier this week. The collective’s apparent significant growth in capabilities, demonstrated by Microsoft’s confirmation that Anonymous Sudan was responsible for the outages they experienced, potentially indicates a significant increase in outside investment in the collective, further suggesting a potential tie to the Russian state.

https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/

• Infosec Doesn't Know What AI Tools Organisations Are Using

With the marketplace awash in new artificial intelligence (AI) tools and new AI features being added to existing tools, organisations are finding themselves lacking visibility into what AI tools are in use, how they are used, who has access, and what data is being shared. As businesses try, adopt, and abandon new generative AI tools, it falls on enterprise IT, risk, and security leaders to govern and secure their use without hindering innovation. While developing security policies to govern AI use is important, it is not possible without knowing what tools are being used in the first place.

Enterprise security teams have to consider how to handle discovery, learning which generative AI tools have been introduced into the environment and by whom, as well as risk assessment.

https://www.darkreading.com/tech-trends/infosec-doesnt-know-what-ai-tools-orgs-are-using

• Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk

In a bid to shrink the attack surface of its employees, and thus boost security, Google is taking an experimental, and some might say extreme, approach: cutting some of their workstations off from the internet. The company originally selected more than 2,500 employees to participate and will disable internet access on the selected desktops, except for internal web-based tools and Google owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

Google is running the programme to reduce the risk of cyber attacks, according to internal materials. If a Google employee’s device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust. The program comes as companies face increasingly sophisticated cyber attacks. Just last week, Microsoft said Chinese intelligence hacked into company email accounts belonging to two dozen government agencies in the US and Western Europe, including the US State Department, in a “significant” breach.

https://www.cnbc.com/2023/07/18/google-restricting-internet-access-to-some-employees-for-security.html

https://www.theregister.com/2023/07/19/google_cuts_internet/

• Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset

Enterprises are responding to growing cyber security threats by working to make the best use of tools and services to ensure business resilience, according to a recent report. Chief information security officers (CISOs) and virtual CISOs (vCISOS) in particular, want more solutions and services that help them align security measures with enterprise objectives and C-level executives have become more aware of the need for cyber resilience. As a result, security investments have expanded beyond detection and response to include rapid recovery and business continuity.

The report found that amongst other things, enterprises are investing in risk assessments and outsourcing more services. In some cases, where a CISO cannot be hired, organisations may look to hire a vCISO. It is important that the vCISO is able to understand cyber in context to the business and help to align security objectives with the organisations objectives. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.blackarrowcyber.com/blog/threat-briefing-14-july-2023

Governance, Risk and Compliance

• Risk is Driving Small and Medium-Sized Businesses (SMB) Decisions - MSSP Alert

• Stabilising The Cyber security Landscape: The Rise Of vCISOs (forbes.com)

• Talent and Governance, not Technology, are Key to Drive Change around Cyber Security - TechNative

• Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert

• Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training: Analysis - SecurityWeek

• Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)

• CISOs under pressure: Protecting sensitive information in the age of high employee turnover - Help Net Security

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• CISOs are making cyber security a business problem - Help Net Security

• Top Information Security Threats for Businesses 2023 (cybersecuritynews.com)

• How to Build a Cyber Resilient Company | Entrepreneur

• Best practices for an effective cyber security strategy | CSO Online

• Exploring the macro shifts in enterprise security - Help Net Security

• Google Cloud CISO Phil Venables On Cyber security, Cloud Adoption And The Boardroom (forbes.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Costs Financial Services $32bn in Five Years - Infosecurity Magazine (infosecurity-magazine.com)

• MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register

• Weekly cyber attacks reach two-year high amid ransomware resurgence | ITPro

• Ransomware attacks are on the rise—and so are ransom payments (fastcompany.com)

• IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR

• Who are the ransomware gangs wreaking havoc on the world’s biggest companies? | Renee Dudley | The Guardian

• Cyber security firm Sophos impersonated by new SophosEncrypt ransomware (bleepingcomputer.com)

• Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net SecurityFIN8 deploys ALPHV ransomware using Sardonic malware variant (bleepingcomputer.com)

• Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)

• Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop

• Ransomware attackers getting more sophisticated: Canadian Centre for Cyber Security (yahoo.com)

• SophosEncrypt Ransomware Fools Security Researchers (darkreading.com)

• Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks (thehackernews.com)

• New Ransomware With RAT Capabilities Impersonating Sophos - SecurityWeek

• Google’s Bard poses ransomware risk, say researchers | Cybernews

• Ransomware review: July 2023 (malwarebytes.com)

• FIN8 Group spotted delivering the BlackCat Ransomware - Security Affairs

• What is Cyber Extortion? | Definition from TechTarget

• Cyber insurers adapting to data-centric ransomware threats | TechTarget

• Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)

Ransomware Victims

• MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register

• Ofcom says it won’t pay ransom, as new MOVEit hack victims come forward | TechCrunch

• MOVEit Transfer vulnerability: New Cl0p 'victims' include Discovery (techmonitor.ai)

• BlackCat and Clop gangs both claim cyber attack on Estée Lauder | Computer Weekly

• Iron ore giant Fortescue Metals targeted by Russian ransomware group | Cybercrime | The Guardian

• Russian medical lab suspends some services after ransomware attack (therecord.media)

• Recycling Giant Tomra Takes Systems Offline Following Cyber attack - SecurityWeek

• Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)

Phishing & Email Based Attacks

• Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)

• AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft Exchange servers compromised by Turla APT - Help Net Security

• Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica

• Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog

• Only a handful of hackers are responsible for all email extortion attacks | TechRadar

• Microsoft Tops List of the Most Impersonated Brand for Phishing Scams in Q2 2023 - MSSP Alert

• Enhanced Monitoring to Detect APT Activity Targeting Outlook Online | CISA

• Sorillus RAT and Phishing Attacks Exploit Google Firebase Hosting - Infosecurity Magazine (infosecurity-magazine.com)

• Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)

BEC – Business Email Compromise

• AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Only a handful of hackers are responsible for all email extortion attacks | TechRadar

• Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek

Other Social Engineering; Smishing, Vishing, etc

• Meta's Threads app used as a lure - Help Net Security

Artificial Intelligence

• ChatGPT rival WormGPT with ‘no ethical boundaries’ sold to hackers on dark web | The Independent

• Infosec Doesn't Know What AI Tools Orgs Are Using (darkreading.com)

• One in 12 victims of rise in AI scams (telegraph.co.uk)

• AI models must be reconciled with data protection laws • The Register

• UK Financial Regulator Urges Banks to Tackle AI-Based Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 4 Brits play with generative AI and some believe it too • The Register

• OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)

• AI must have better security, says top cyber official - BBC News

• Google Categorises 6 Real-World AI Attacks to Prepare for Now (darkreading.com)

• How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED

• Google’s Bard poses ransomware risk, say researchers | Cybernews

Malware

• Microsoft: Hackers turn Exchange servers into malware control centers (bleepingcomputer.com)

• Malicious USB Drives Targeting Global Targets with SOGU and SNOWYDRIVE Malware (thehackernews.com)

• Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop

• New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)

• LokiBot Malware Targets Windows Users in Office Document Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers Target Gamers With Microsoft-Signed Rootkit (darkreading.com)

• Source code of the BlackLotus UEFI Bootkit was leaked on GitHub - Security Affairs

• Are Viruses Still a Threat to Cyber security? (makeuseof.com)

• Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek

• Pernicious Rootkits Pose Growing Blight On Threat Landscape (darkreading.com)

• Sorillus RAT and Phishing Attacks Exploit Google Firebase Hosting - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Apple slams UK surveillance-bill proposals - BBC News

• Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps (thehackernews.com)

• Meta confirms WhatsApp is down worldwide (bleepingcomputer.com)

• Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware (thehackernews.com)

Botnets

• New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)

• Ukraine's cyber police dismantled a massive bot farm - Security Affairs

Denial of Service/DoS/DDOS

• Cloudflare reports 'alarming surge' in DDoS sophistication, escalation in recent months | CyberScoop

• Attackers intensify DDoS attacks with new tactics - Help Net Security

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• How your internet-connected domestic devices can be a critical tool of cyber attack (mid-day.com)

• US preparing Cyber Trust Mark for more secure smart devices (bleepingcomputer.com)

• Seven new gadgets added to riskiest connected devices list | SC Media (scmagazine.com)

Data Breaches/Leaks

• MOVEit Hack: Number of Impacted Organisations Exceeds 340 - SecurityWeek

• Data compromises on track to set a new record - Help Net Security

• Virustotal data leak exposed data of some registered customers - Security Affairs

• What to do (and what not to do) after a data breach - Help Net Security

• HWL Ebsworth hack: Queensland says its files were taken after criminals release Victorian documents | Cybercrime | The Guardian

• CISOs under pressure: Protecting sensitive information in the age of high employee turnover - Help Net Security

• Thousands of images on Docker Hub leak auth secrets, private keys (bleepingcomputer.com)

• Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard

• LastPass: The lessons we learnt from our devastating breach | TechRadar

• JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica

• Rogue Azure AD Guests Can Steal Data via Power Apps (darkreading.com)

• FIA World Endurance Championship driver passports leaked - Security Affairs

• Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)

• Old Roblox Data Leak Resurfaces, 4000 Users' Personal Information Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Colorado State University says data breach impacts students, staff (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Only a handful of hackers are responsible for all email extortion attacks | TechRadar

• Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek

• NCA: Nation States Using Cyber crime Groups as Proxies - Infosecurity Magazine (infosecurity-magazine.com)

• Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)

• Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)

• Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek

• Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)

• Taking the Fight to the Cyber Criminals (trendmicro.com)

• Russian Charged with Tech Smuggling and Money Laundering - Infosecurity Magazine (infosecurity-magazine.com)

• Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian

• Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat - SecurityWeek

• Go Beyond the Headlines for Deeper Dives into the Cyber criminal Underground (thehackernews.com)

• SA on the brink of being Africa's capital of cyber crime, say digital experts | City Press (news24.com)

• What’s the NCA doing about cyber crime? - Tech Monitor

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net Security

Insider Risk and Insider Threats

• IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)

• Former contractor accused of remotely accessing town's water treatment facility | Tripwire

• Insider Risk Management Starts With SaaS Security (darkreading.com)

Fraud, Scams & Financial Crime

• One in 12 victims of rise in AI scams (telegraph.co.uk)

• A Twitter user found scam numbers for major airlines on Google Maps. Google is working to fix it | CNN Business

• UK Financial Regulator Urges Banks to Tackle AI-Based Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Growing scam activity linked to social media and automation - Help Net Security

• A fresh look at the current state of financial fraud - Help Net Security

• Tech support scammers now accepting cash via snail mail • The Register

• Half of UK company directors struck off linked to alleged Covid loan fraud | Coronavirus | The Guardian

• Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian

• The cruel new holiday scams you need to know about | This is Money

• Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)

AML/CFT/Sanctions

• Russian Charged with Tech Smuggling and Money Laundering - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• Cyber insurers adapting to data-centric ransomware threats | TechTarget

• Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)

Dark Web

• Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)

• OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)

• Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations (thehackernews.com)

Supply Chain and Third Parties

• JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica

• Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)

• Supply chain executives unaware of growing customer trust issues - Help Net Security

• Possible Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad (trendmicro.com)

Cloud/SaaS

• Microsoft makes cloud security logs available for free • The Register

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)

• Top 5 Cloud Security Threats in 2023 (analyticsinsight.net)

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)

• Reducing Security Debt in the Cloud (darkreading.com)

• Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop

• TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)

• How to manage cloud exploitation at the edge | CIO

• Sorillus RAT and Phishing Attacks Exploit Google Firebase Hosting - Infosecurity Magazine (infosecurity-magazine.com)

Hybrid/Remote Working

• Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert

• Securing The Hybrid Workforce Begins With Browsing (forbes.com)

Attack Surface Management

• How to Manage Your Attack Surface? (thehackernews.com)

• What is attack surface management? | Intruder

Identity and Access Management

• Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain (securityintelligence.com)

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• The rise of hassle-free and secure authentication | CyberScoop

Encryption

• Real-world examples of quantum-based attacks - Help Net Security

• EU Urged to Prepare for Quantum Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Signal president rejects ‘mass surveillance’ UK law | Fortune

API

• Docker Leaks API Secrets & Private Keys, as Cyber criminals Pounce (darkreading.com)

• API keys: Weaknesses and security best practices | TechTarget

Open Source

• Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)

• Half of AI Open Source Projects Reference Buggy Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• LastPass: The lessons we learnt from our devastating breach | TechRadar

• Millions of Keyboard Walk Patterns Found in Compromised Passwords - IT Security Guru

• TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)

• Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)

Social Media

• Growing scam activity linked to social media and automation - Help Net Security

• Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard

• Meta's Threads app used as a lure - Help Net Security

• TechScape: ‘Lives are ruined in an afternoon’ – social media and the Huw Edwards story | Technology | The Guardian

Training, Education and Awareness

• Human Cyber Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis - SecurityWeek

• Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek

• Companywide Cyber security Training: 20 Tips To Make It ‘Stick’ (forbes.com)

Digital Transformation

• Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert

Travel

• The cruel new holiday scams you need to know about | This is Money

• Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)

• A Twitter user found scam numbers for major airlines on Google Maps. Google is working to fix it | CNN Business

Regulations, Fines and Legislation

• AI models must be reconciled with data protection laws • The Register

• UK Financial Regulator Urges Banks to Tackle AI-Based Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Apple slams UK surveillance-bill proposals - BBC News

• Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard

Models, Frameworks and Standards

• OWASP ZAP 2.13.0 Released – What’s New! (gbhackers.com)

Data Protection

• AI models must be reconciled with data protection laws • The Register

Careers, Working in Cyber and Information Security

• Career Benefits of Learning Ethical Hacking (analyticsinsight.net)

• Should You Be Using a Cyber security Careers Framework? (darkreading.com)

Law Enforcement Action and Take Downs

• Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek

• Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)

• What’s the NCA doing about cyber crime? - Tech Monitor

• Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)

• Russian Charged with Tech Smuggling and Money Laundering - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine's cyber police dismantled a massive bot farm - Security Affairs

Privacy, Surveillance and Mass Monitoring

• Apple slams UK surveillance-bill proposals - BBC News

• Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard

• Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)

• How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED

Misinformation, Disinformation and Propaganda

• Ukraine's cyber police dismantled a massive bot farm - Security Affairs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR

• Gamaredon hackers start stealing data 30 minutes after a breach (bleepingcomputer.com)

• Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog

• Microsoft Exchange servers compromised by Turla APT - Help Net Security

• Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. | CyberScoop

• Elon Musk’s Starlink is putting our soldiers at risk, Ukraine warns (telegraph.co.uk)

• New Threat Actor Launches Cyber attacks on Ukraine and Poland - Infosecurity Magazine (infosecurity-magazine.com)

• 1st Case Of Online Killing? Russian Submarine Commander Falls Prey To Fitness Tracking App (eurasiantimes.com)

• Thousands of Russian officials to give up iPhones over US spying fears | Financial Times (ft.com)

• Ukraine innovates on cyber defence | Financial Times (ft.com)

China

• Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop

• Chinese APT Favourite Backdoor Found in Pakistani Government App - Infosecurity Magazine (infosecurity-magazine.com)

• China Espionage Operatives Left Empty Handed in Email Heist, White House Official Says - MSSP Alert

• Xi wants to make the Great Firewall of China even greater • The Register

• Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware (thehackernews.com)

North Korea

• JumpCloud breach traced back to North Korean state hackers (bleepingcomputer.com)

• North Korean hackers breached a US tech company to steal crypto | Reuters

Misc/Other/Unknown

• JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica

• NCA: Nation States Using Cyber crime Groups as Proxies - Infosecurity Magazine (infosecurity-magazine.com)

• APT Protection: The Key to Safeguarding Your Business (ts2.space)

• How to Secure Your OT Network Against Advanced Persistent Threats (APTs) (ts2.space)

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)

Vulnerability Management

• CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• What is Vulnerability Assessment In Cyber security? (gbhackers.com)

• Half of AI Open Source Projects Reference Buggy Packages - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerabilities

• Windows Users Urged To Update As Microsoft Confirms New Zero-Day Exploits (forbes.com)

• Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organisations via Forged Azure AD Tokens (thehackernews.com)

• Microsoft still unsure how hackers stole Azure AD signing key (bleepingcomputer.com)

• Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica

• CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog

• New critical Citrix ADC and Gateway flaw exploited as zero-day (bleepingcomputer.com)

• OpenSSH Addresses Remote Code Execution Vulnerability: CVE-2023-38408 - VULNERA

• New AMI BMC Flaws Allowing Takeover and Physical Damage Could Impact Millions of Devices - SecurityWeek

• Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability (thehackernews.com)

• Cisco fixed a critical flaw in SD-WAN vManage - Security Affairs

• Hacking campaign targets sites using WordPress WooCommerce Payments Plugin - Security Affairs

• Microsoft hit by Storm season – a tale of two semi-zero days – Naked Security (sophos.com)

• Chrome 115 Patches 20 Vulnerabilities - SecurityWeek

• 'METIOR' Defence Blueprint Against Side-Channel Vulnerabilities Debuts | Tom's Hardware (tomshardware.com)

• 5 Major Takeaways From Microsoft's July Patch Tuesday (darkreading.com)

• Two Jira Plugin Vulnerabilities in Attacker Crosshairs - SecurityWeek

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Google says Apple employee found a zero-day but did not report it | TechCrunch

Tools and Controls

• Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training: Analysis - SecurityWeek

• CISOs under pressure: Protecting sensitive information in the age of high employee turnover - Help Net Security

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)

• Reducing Security Debt in the Cloud (darkreading.com)

• Leverage Threat Intelligence, AI, and Data at Scale to Boost Cyber Defences (darkreading.com)

• A Few More Reasons Why RDP is Insecure (Surprise!) (thehackernews.com)

• Enterprise communication security a growing risk, priority | TechTarget

• SBOMs Still More Mandate Than Security (darkreading.com)

• MIT’s Cyber security Metior: A Secret Weapon Against Side-Channel Attacks (scitechdaily.com)

• NCSC Shares Alternatives to Using a SOC - Infosecurity Magazine (infosecurity-magazine.com)

• Building resilience through DevSecOps - Help Net Security

• Microsoft's security roadmap: Protect Azure DevOps secrets • The Register

• CISA shares free tools to help secure data in the cloud (bleepingcomputer.com)

• What is the new Enhanced Safe Browsing for Gmail (and should you enable it)? | ZDNET

• Insider Risk Management Starts With SaaS Security (darkreading.com)

• What is Real-Time Monitoring? | Definition from TechTarget

• How to Manage Your Attack Surface? (thehackernews.com)

• What is attack surface management? | Intruder

• 67% of daily security alerts overwhelm SOC analysts - Help Net Security

• Technical Aspects Of Modern SIEM Systems (forbes.com)

• Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)

• 3 Ways AI Could Improve Authentication (darkreading.com)

• Microsoft makes cloud security logs available for free • The Register

• Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek

• The XDR Payoff: Better Security Posture (trendmicro.com)

• API keys: Weaknesses and security best practices | TechTarget

• 10 Steps to Help Secure Your APIs - SecurityWeek

• Threat Actors are Targeting Your Web Applications – Here’s How To Protect Them (bleepingcomputer.com)

Other News

• Google restricting internet access to some employees for security (cnbc.com)

• Enterprise communication security a growing risk, priority | TechTarget

• Healthcare organisations in the crosshairs of cyber attackers - Help Net Security

• Broadband consumers demand security and sustainability - Help Net Security

• Microsoft Exchange Online hit by new outage blocking emails (bleepingcomputer.com)

• Famed Hacker Kevin Mitnick Dead at 59 - SecurityWeek

• Most CNI Firms Think Climate Tech is Increasing Cyber Risk - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security measures SMBs should implement - Help Net Security

• Satellites Are Rife With Basic Security Flaws | WIRED

• How Hackers Can Hijack a Satellite (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive Summary

A remote code execution vulnerability has been discovered in OpenSSH’s forwarded ssh-agent. This vulnerability could potentially enable a remote attacker to execute arbitrary commands on a vulnerable system. Whilst this vulnerability has currently not been given a CVSS rating it is embedded in to a significant amount of systems and devices. A proof of concept (PoC) has also been made public by Qualys Threat Research Unit.

Technical Summary

CVE-2023-38408 – Successful exploitation of this vulnerability allows a remote attacker to execute commands on vulnerable OpenSSH forwarded ssh-agents.

What’s the risk to me or my business?

Successful exploitation of this vulnerability can compromise the confidentiality, integrity, and availability of the data in your organisation. This can result in a malicious actor gaining unauthorised access to sensitive data, manipulation, or deletion of important information, or even a complete system takeover. The publicly released PoC exploits focus on Ubuntu Desktop 22.04 and 21.10, however Qualys Threat Research Unit have advised other Linux distributions are “likely vulnerable and probably exploitable”.

the patch for this vulnerability is available in OpenSSH 9.3p2.

What can I do?

Given the widespread use of OpenSSH's forwarded ssh-agent in devices, software and applications, it is important prioritise the application of patches provided by OpenSSH for this vulnerability. Black Arrow recommends performing vulnerability scanning to identify any devices and software that have been impacted by this vulnerability.

More information on the OpenSSH vulnerability can be found here:

https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent

An in-depth breakdown of the vulnerability can be found here:

https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible

Zurich Insurance Group is a major player in the insurance game, with over 55 million clients. They have recently just fixed a sensitive file that they had left publicly accessible. The file in question contained a range of credentials including database credentials, admin credentials, credentials for the actively exploited MOVEit software, credentials for their HR system and more. All of which could be utilised by threat actors to inflict serious damage. This was not the only vulnerability stemming from the insurance group; researchers found that Zurich were also running an outdated website, which contained a large number of vulnerabilities.

The case is alarming as Zurich Insurance Group provides cyber insurance and the instance above reinforces the need for organisations to be proactive in identifying cyber risks in their environment; it is simply not enough to rely on having insurance or meeting insurance requirements.

https://cybernews.com/zurich-insurance-data-leak/

• Employees Worry Less About Cyber Security Best Practices in the Summer

IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months according to a new report. The report found that 55% of employees admitted to relying solely on their mobile devices while working remotely in the summer. 25% of all respondents claim that they aren’t concerned about ensuring network connections are secure when accessing their company’s data.

In the same report, 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cyber security training and guides and even less (17%) in the US. This comes as a separate report found that the number of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022, and this is likely to continue rising. Worryingly, it was also found that the average user is between six and ten times more likely to fall for an SMS phishing attack than email.

https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/

https://www.infosecurity-magazine.com/news/mobile-malware-and-phishing-surge/

• Businesses are Ignoring Third-Party Security Risks

With 58% of companies managing over 100 vendors, 8% of which manage over 1,000, the need for a robust Third-Party Security Risk Management process becomes abundantly clear. Despite this, only 13% of organisations continuously monitor the security risks of their third parties. This is worrying, when considering the knock-on effects of third party breaches from the likes of Capita, SolarWinds and 3CX, and the recent MOVEit attack, impacting organisations whose only relationship with MOVEit was that their supplier used it.

https://www.helpnetsecurity.com/2023/06/30/third-party-relationships-risks/

• Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back

When a person is notified of a data breach involving their personal information, if they react with a feeling of fear, as opposed to anger, they’re more likely to stop using the site. A report found that positive attitudes toward the website before the breach did not meaningfully affect whether consumers reengaged with the website after the breach, as some prior research has indicated. Instead, the emotional response of fear weighed heavily on customers and outweighed any earlier positive sentiment towards the organisation.

When a company has been breached in the past they have dealt with angry customers and negative press. To do so, companies may engage crisis managers to contain the damage, partner with identity protection services, pay fines or settlements, or try to lure back customers with free services. However, the study shows that companies need to address fearful customers differently after a data breach has occurred if they want to avoid customer loss. To do this, companies can work with their IT departments to identify customers who are no longer active after a breach and then reach out to them directly to assuage their fears.

https://theconversation.com/fear-trumps-anger-when-it-comes-to-data-breaches-angry-customers-vent-but-fearful-customers-dont-come-back-203109

• Over 130 Organisations and Millions of Individuals Believed to be Impacted by MOVEit Hack, it Keeps Growing

The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. These join others, including PwC, Sony and EY. If the attack has shown us one thing, it’s that any organisation can be a victim.

https://www.securityweek.com/over-130-organizations-millions-of-individuals-believed-to-be-impacted-by-moveit-hack/

https://arstechnica.com/security/2023/06/casualties-keep-growing-in-this-months-mass-exploitation-of-moveit-0-day/

• Widespread BEC Attacks Threaten European Organisations

Based on an analysis of email attack trends between June 2022 and May 2023, total email attacks in Europe increased by 7 times and the US 5 times. For business email compromise (BEC) specifically, Europe saw an alarming 10 times the amount it had previously and the US saw a 2 times increase.

BEC continues to remain a high priority threat for many organisations and if someone already has a legitimate business email which they have compromised to use for BEC attacks on your organisation, it is very likely that your technical processes will be ineffective, leaving your people and operational processes to stop an attack. Is your organisation cyber aware? Are they undergoing regular awareness training?

This is one of many areas that Black Arrow can help improve your organisation’s security through robust employee cyber security Awareness Behaviour and Culture training.

https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency/

• Lloyd’s Syndicates Sued Over Cyber Insurance

The University of California (UCLA) is suing a number of insurance firms for refusing to pay out on cyber policies nearly 10 years after hackers breached data on millions of patients at its health system. The dispute is over a cyber attack from 2014 through 2015 that exposed personal information of patients at UCLA Health.

UCLA Health allege that the syndicates refused to engage in dispute resolution by asserting that the statue of limitations applying to the claims had expired. The insurers, who could not be named, are said to have refused every claim saying that UCLA Health failed to satisfy cyber security requirements under the contract terms. It’s important for organisations with cyber insurance to understand their insurance in detail and to know where they stand in the event of a cyber incident.

https://www.wsj.com/articles/university-of-california-sues-lloyds-syndicates-over-cyber-insurance-da4675f5

• 95% Fear Inadequate Cloud Security Detection and Response

A recent report found 95% of respondents expressed concern in their organisation’s ability to detect and respond to a security event in their cloud environment. The same study also found that 50% of total respondents had reported a data breach due to unauthorised access to their cloud environment.

It is often the case that issues in the cloud come from the perception of the responsibility of the cloud environment. Organisations must realise that they share responsibility for securing their cloud environment, including its configuration. The report found that, despite the number of breaches and concerns in their organisation’s ability, more than 80% of respondents still felt their existing tooling and configuration would sufficiently cover their organisation from an attack. Organisations must ask themselves what they are doing to protect their cloud environment.

https://www.helpnetsecurity.com/2023/06/27/cloud-environment-security/

• The Growing Use of Generative AI and the Security Risks They Pose

A recent survey by Malwarebytes revealed 81% of people are concerned about the security risks posed by ChatGPT and generative AI, and 52% of respondents are calling for a pause on ChatGPT for regulations to catch up, while 7% think it will improve internet security. A key concern about the data produced by generative AI platforms is the risk of "hallucinations" whereby machine learning models produce untruths. This becomes a serious issue for organisations if its content is heavily relied upon to make decisions, particularly those relating to threat detection and response.

Another recent report on the risks brought by Large Language Model AIs showed that the rise in opensource AI adoption is developed insecurely; this results in an increased threat with substantial security risks to organisation.

https://www.csoonline.com/article/643516/survey-reveals-mass-concern-over-generative-ai-security-risks.html

https://www.darkreading.com/operations/malwarebytes-chatgpt-survey-reveals-81-are-concerned-by-generative-ai-security-risks

https://www.darkreading.com/vulnerabilities-threats/generative-ai-projects-cybersecurity-risks-enterprises

• The CISO’s Toolkit Must Include Political Capital Within The C-Suite

Over the past 18 months, there has been a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is responsible for the protection of an entity's information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cyber security risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board's oversight of cyber security risk. Couple this with the former CISO of Uber being found guilty on charges of "obstruction of the proceedings of the Federal Trade Commission" and it is clear that the hand at the helm must be able to navigate all types of seas in their entity's political milieu. In this regard, the CISO needs to acquire political capital. CISO’s should have the capability to talk in understandable terms and clearly demonstrate value to the other board members.

https://www.csoonline.com/article/643199/the-cisos-toolkit-must-include-political-capital-within-the-c-suite.html

• Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime

Russia's diminishing position on the world stage has limited its physical options on the ground, leaving Putin's regime increasingly reliant on cyber crime to carry out its oppositional activities against Ukraine and Europe. Microsoft has disclosed that it has detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.

This comes as Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment, predicting that Russia will increasingly launch cyber attacks as part of its war strategy not just in Ukraine, but against NATO member states as well.

https://www.darkreading.com/threat-intelligence/russia-reliant-on-cybercrime-as-international-pariah

https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html

• SMB’s Plagued as Cyber Attackers Still Rely on Decades Old Security Weaknesses and Tactics

Despite best cyber security efforts, small and mid-sized businesses (SMBs) continue to struggle to thwart attacks and harden defences in response to remote working and other newer challenges.

This future focus can lead to a neglection of older weaknesses. Cyber attackers are typically relying on tried-and-tested tactics and old security weaknesses to target organisations, a recent Barracuda threat spotlight found. Hackers are returning to proven methods to gain remote control of systems, install malware, steal information and disrupt or disable business operations through denial-of-service attacks, Barracuda reports. The report found that between February to April 2023, the top malicious tactics found to be used were vulnerabilities from 2008.

The report highlights the fact that there are no cutoff dates for vulnerabilities and attackers will use whatever is at their disposal to try and infiltrate your organisation. This can be protected by having strong policies and controls in place alongside frequent penetration testing to ensure these vulnerabilities are being patched.

https://www.msspalert.com/cybersecurity-research/cyberattackers-still-rely-on-decades-old-security-weaknesses-tactics-barracuda-reports/

https://www.scmagazine.com/news/malware/smbs-plagued-by-exploits-trojans-and-backdoors

Governance, Risk and Compliance

• Businesses are ignoring third-party security risks - Help Net Security

• Employees worry less about cyber security best practices in the summer - Help Net Security

• Digital-First Economy Has Transformed Role of CISO- IT Security Guru

• SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)

• Companies Call for Changes to UK’s Cyber Essentials Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Fear trumps anger when it comes to data breaches – angry customers vent, but fearful customers don't come back (theconversation.com)

• The CISO’s toolkit must include political capital within the C-suite | CSO Online

• NCSC Launches Cyber Risk Management Toolbox - Infosecurity Magazine (infosecurity-magazine.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Over 130 Organisations, Millions of Individuals Believed to Be Impacted by MOVEit Hack - SecurityWeek

• MOVEit hackers may have found simpler business model beyond ransomware | SC Media (scmagazine.com)

• Dozens of Businesses Hit Recently by '8Base' Ransomware Gang - SecurityWeek

• UK cyber spies warn ransomware criminals targeting law firms • The Register

• How Dangerous Is Smartphone Ransomware? (makeuseof.com)

• Cl0p in Your Network? Here's How to Find Out (darkreading.com)

• Sixth anniversary of NotPetya - IT Security Guru

• July is Ransomware Month: Reminder to Prepare, Defend Against Hijackers - MSSP Alert

• LockBit Dominates Ransomware World, New Report Finds - Infosecurity Magazine (infosecurity-magazine.com)

• The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)

• Linux version of Akira ransomware targets VMware ESXi servers (bleepingcomputer.com)

• 'Wagner' Ransomware Targets Computers in Russia | PCMag

Ransomware Victims

• Casualties keep growing in this month’s mass exploitation of MOVEit 0-day | Ars Technica

• Manchester University Breach Victims Hit with Triple Extortion - Infosecurity Magazine (infosecurity-magazine.com)

• 8 Tech And IT Companies Targeted In The MOVEit Attacks | CRN

• MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed (bleepingcomputer.com)

• Clop names PWC, Ernst & Young, and Sony in MOVEit hack | Cybernews

• UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks (darkreading.com)

• Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack - SecurityWeek

• Clop ransomware gang obtained personal data of 45,000 New York City students in MOVEit hack | Engadget

• 10 banks alleged victims of ransomware attacks on file transfer software | American Banker

• Almost 770,000 Calpers members hit by cyber attack | Financial Times (ft.com)

• Ransomware and phishing attacks continue to plague businesses in Singapore | ZDNET

• K-12 schools are revisiting their cyber strategies after year of ransomware attacks (axios.com)

Phishing & Email Based Attacks

• Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• How a Layered Security Approach Can Minimise Email Threats - MSSP Alert

• Less than half of UK banks implement most secure DMARC level | CSO Online

• Over Half of UK Banks Are Exposing Customers to Email Fraud - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Widespread BEC attacks threaten European organisations - Help Net Security

• The Current State of Business Email Compromise Attacks (bleepingcomputer.com)

Other Social Engineering; Smishing, Vishing, etc

• Cyber Crime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering (thehackernews.com)

• How scammers use psychology to create some of the most convincing internet cons – and what to watch out for (theconversation.com)

• Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)

Artificial Intelligence

• Malwarebytes ChatGPT Survey Reveals 81% are Concerned by Generative AI Security Risks (darkreading.com)

• Sharing Your Business’ Data With ChatGPT: How Risky Is It? - MSSP Alert

• ChatGPT users at risk for credential theft | TechTarget

• OpenAI lawsuit: Maker of ChatGPT sued over alleged data usage | CNN Business

• Lawyers who cited fake cases invented by ChatGPT must pay • The Register

• Generative AI Projects Pose Major Cyber security Risk to Enterprises (darkreading.com)

• How to Deploy Generative AI Safely and Responsibly (trendmicro.com)

• Generative-AI apps & ChatGPT: Potential risks and mitigation strategies (thehackernews.com)

• Does the world need an arms control treaty for AI? | CyberScoop

• When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)

• AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping (darkreading.com)

2FA/MFA

• LastPass users furious after being locked out due to MFA resets (bleepingcomputer.com)

Malware

• SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)

• OpenSSH Trojan Campaign Targets IoT and Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers Use Weaponized PDF Files to Attack Organisations (cybersecuritynews.com)

• New Mockingjay Process Injection Technique Could Let Malware Evade Detection (thehackernews.com)

• Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online

• NSA warns of ‘false sense of security’ against BlackLotus malware (therecord.media)

• Chinese state-backed hackers accidentally infected a European hospital with malware (therecord.media)

• Trojanized Super Mario Bros game spreads malware- - Security Affairs

• New PindOS JavaScript dropper deploys Bumblebee, IcedID malware (bleepingcomputer.com)

• NPM Plagued with ‘Manifest Confusion’ Malware-Hiding Weakness (darkreading.com)

• Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data (thehackernews.com)

• North Korean Andariel APT used a new malware named EarlyRat - Security Affairs

Mobile

• Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge

• Anatsa Android trojan now steals banking info from users in US, UK (bleepingcomputer.com)

• How Dangerous Is Smartphone Ransomware? (makeuseof.com)

• Aussie PM says, “Shut down your phone every 24 hours for 5 mins” – but that’s not enough on its own – Naked Security (sophos.com)

• Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes (thehackernews.com)

Denial of Service/DoS/DDOS

• Global rise in DDoS attacks threatens digital infrastructure - Help Net Security

• Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)

• Diablo IV video game hit by DDoS attacks • Graham Cluley

Internet of Things – IoT

• OpenSSH Trojan Campaign Targets IoT and Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Someone sent mysterious smartwatches to US Military personnel - Security Affairs

• The tech flaw that lets hackers control surveillance cameras - BBC News

Data Breaches/Leaks

• Fear trumps anger when it comes to data breaches – angry customers vent, but fearful customers don't come back (theconversation.com)

• Latitude hit with $1 million lawsuit over data breach (9news.com.au)

• Recruitment portal exposes data of US pilot candidates • The Register

• Genworth Financial Reports Data Breach Leaking SSNs Belonging to 2.7M Policyholders and Customers (darkreading.com)

• 3 Steps to Successfully & Ethically Navigate a Data Breach (darkreading.com)

• Sensitive Information Stolen in LetMeSpy Stalkerware Hack - SecurityWeek

• US Patent Office Data Spill Exposes Trademark Applications (darkreading.com)

Organised Crime & Criminal Actors

• 2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek

• Security analyst wanted by both Russia and the US • The Register

• Former Group-IB manager has been arrested in Kazahstan - Security Affairs

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)

• JOKERSPY used to target a cryptocurrency exchange in Japan - Security Affairs

• Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack (thehackernews.com)

Insider Risk and Insider Threats

• Employees worry less about cyber security best practices in the summer - Help Net Security

Fraud, Scams & Financial Crime

• How scammers use psychology to create some of the most convincing internet cons – and what to watch out for (theconversation.com)

• Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)

• Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)

• Safety checks run down and boom time for criminals: this is why the UK is becoming the ‘dustbin of Europe’ | Polly Toynbee | The Guardian

• This Chatbot Gives Phone Call Scammers a Taste of Their Own Medicine (pcmag.com)

• The robotic falcon maker who was targeted by cyber criminals - BBC News

Deepfakes

• AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping (darkreading.com)

Insurance

• University of California Sues Lloyd’s Syndicates Over Cyber Insurance - WSJ

• Second Wave of Cyber Insurance | Arctic Wolf

• Insurance companies using AI for underwriting and due diligence amid cyber threats | Fox Business

• How Big Is the Cyber Insurance Market? Can It Keep Growing? | Lawfare (lawfaremedia.org)

Dark Web

• Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs

• Inside Threat Actors: Dark Web Forums vs. Illicit Telegram Communities (bleepingcomputer.com)

Supply Chain and Third Parties

• Businesses are ignoring third-party security risks - Help Net Security

Cloud/SaaS

• 95% fear inadequate cloud security detection and response - Help Net Security

• The unhappy reality of cloud security in 2023 | InfoWorld

• Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online

• 5 Pitfalls in Cloud Cyber security’s Shared Responsibility Model - MSSP Alert

• Uncovering attacker tactics through cloud honeypots - Help Net Security

• How hardening Microsoft 365 tenants mitigates potential cloud attacks - Help Net Security

• Outlook for the web outage impacts users across America (bleepingcomputer.com)

• 3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)

Identity and Access Management

• 10 things every CISO needs to know about identity and access management (IAM) | VentureBeat

• Human vs Machine Identity Risk Management (trendmicro.com)

Encryption

• Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge

• Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer

• How to stop quantum computers from breaking the internet’s encryption (sciencenews.org)

Open Source

• Linux version of Akira ransomware targets VMware ESXi servers (bleepingcomputer.com)

• OpenSSH Trojan Campaign Targets IoT and Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Exploring The Anatomy Of A Linux Kernel Exploit | Hackaday

Passwords, Credential Stuffing & Brute Force Attacks

• A New Era Of Security: Are Passwords No Longer Fit For Purpose? (informationsecuritybuzz.com)

Social Media

• Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)

Travel

• Employees worry less about cyber security best practices in the summer - Help Net Security

Cyber Bullying, Cyber Stalking and Sextortion

• Sensitive Information Stolen in LetMeSpy Stalkerware Hack - SecurityWeek

Regulations, Fines and Legislation

• SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)

• US firm 'breached GDPR' by reputation-scoring EU citizens • The Register

• JP Morgan accidentally deletes 47 million comms records • The Register

Models, Frameworks and Standards

• Companies Call for Changes to UK’s Cyber Essentials Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• How to Reach Compliance with HIPAA (trendmicro.com)

Careers, Working in Cyber and Information Security

• SEC notice to SolarWinds CISO and CFO roils cyber security industry | CSO Online

• Skill gap plagues cyber security industry as jobs go unfilled | Mint (livemint.com)

• Experts Unconvinced by Upskill in UK Cyber Program - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• Hacker responsible for 2020 Twitter breach sentenced to prison | TechCrunch

• Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs

• 2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Someone sent mysterious smartwatches to US Military personnel - Security Affairs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers (thehackernews.com)

• Russian Spies, War Ministers Reliant on Cyber Crime in Pariah State (darkreading.com)

• What is Cyberwar? - SecurityWeek

• Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)

• Sachkov's Revenge: Jailed On Treason Charges, A Russian Cyber security Exec Goes On The Offensive (rferl.org)

• Microsoft hackers say they work for Sudan, not Russia | Fortune

• 'Chinese spy balloon' was 'crammed' with US hardware • The Register

• 'Wagner' Ransomware Targets Computers in Russia | PCMag

• Hackers attack Russian satellite telecom provider, claim affiliation with Wagner Group | CyberScoop

China

• Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks (thehackernews.com)

• China's 'Volt Typhoon' APT Now Exploits Zoho ManageEngine (darkreading.com)

• Ministers accused of ‘letting Huawei off the hook’ after scrapping release of security report (telegraph.co.uk)

• Chinese state-backed hackers accidentally infected a European hospital with malware (therecord.media)

• 'Chinese spy balloon' was 'crammed' with US hardware • The Register

Iran

• The potent cyber adversary threatening to further inflame Iranian politics | CyberScoop

• From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon (thehackernews.com)

• Charming Kitten’s PowerStar Malware Evolves with Advanced Techniques - Infosecurity Magazine (infosecurity-magazine.com)

• Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer

North Korea

• New EarlyRAT malware linked to North Korean Andariel hacking group (bleepingcomputer.com)

Misc/Other/Unknown

• Someone sent mysterious smartwatches to US Military personnel - Security Affairs

Vulnerability Management

• SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)

• Cyber attackers Still Rely on Decades-Old Security Weaknesses & Tactics, Barracuda Reports - MSSP Alert

• Remediation Ballet Is a Pas de Deux of Patch and Performance (darkreading.com)

• Micropatches: What they are and how they work - Help Net Security

• MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk? (thehackernews.com)

• When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)

• It's 2023 and out-of-bounds write bugs are still number one • The Register

Vulnerabilities

• VMware fixed five memory corruption issues in vCenter Server - Security Affairs

• US Cyber security Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog (thehackernews.com)

• CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks - SecurityWeek

• Serious IDOR Vulnerability Found In Microsoft Teams (latesthackingnews.com)

• Fortinet fixes critical FortiNAC RCE, install updates asap - Security Affairs

• Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain - SecurityWeek

• Critical flaw in VMware Aria Operations for Networks sees mass exploitation | CSO Online

• Internet Systems Consortium (ISC) fixed three DoS flaw in BIND - Security Affairs

• Chrome 114 Update Patches High-Severity Vulnerabilities - SecurityWeek

• Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts (thehackernews.com)

• Grafana warns of critical auth bypass due to Azure AD integration (bleepingcomputer.com)

• The tech flaw that lets hackers control surveillance cameras - BBC News

• Exploit released for new Arcserve UDP auth bypass vulnerability (bleepingcomputer.com)

Tools and Controls

• 95% fear inadequate cloud security detection and response - Help Net Security

• How a Layered Security Approach Can Minimize Email Threats - MSSP Alert

• ITDR Combines and Refines Familiar Cyber security Approaches (darkreading.com)

• How API gateways improve API security | TechTarget

• Uncovering attacker tactics through cloud honeypots - Help Net Security

• How Active Directory Bridging Extends Security Automation to Hybrid IT Environments (darkreading.com)

• Are GPT-Based Models the Right Fit for AI-Powered Cyber security? - Infosecurity Magazine (infosecurity-magazine.com)

• 10 things every CISO needs to know about identity and access management (IAM) | VentureBeat

• FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise (darkreading.com)

• 3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)

Other News

• Submarine Cables at Growing Risk of Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Businesses count the cost of network downtime - Help Net Security

• Exploring the persistent threat of cyber attacks on healthcare - Help Net Security

• How Can Manufacturers Stop Being The Top Target For Cyber Crime? (informationsecuritybuzz.com)

• Ex-FBI employee jailed for mishandling classified material • The Register

• Rapid7: Japan Threat Landscape Takes on Global Significance - SecurityWeek

• Over 1500 gas stations disrupted in Canada, after energy giant hacked (bitdefender.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.