Executive Summary

A vulnerability dubbed as ‘Zenbleed’ was discovered in AMD's Zen2 microarchitecture which could enable an malicious attacker to steal sensitive data, such as passwords and encryption keys. The Zenbleed vulnerability has been found to affect all AMD Zen 2 processors, including various models of the Ryzen processor and EPYC processor series.  Zenbleed requires local account access to the target system and a high degree of specialization and knowledge to exploit, however a proof of concept has now been publicly released.

What’s the risk to me or my business?

Exploitation of this vulnerability could compromise the confidentiality of data held or accessed through an affected device, allowing an attacker to gain unauthorised access to sensitive data. In addition, detection of the exploitation has been reported as almost impossible due to there being no requirement for elevated privileges to perform the attack. This vulnerability could also allow a malicious actor on a shared tenancy environment to access information running on the same server from a different tenant.

What can I do?

This vulnerability affects all Zen 2 class processors and as such it is essential to prioritise the patching of the upcoming updates to protect devices from this vulnerability when they become available. AMD has released a security bulletin detailing the AGESA Firmware updates which will be included within the BIOS updates for affected processors, and have classified the vulnerability as ‘Medium’ severity. Microcode updates have been created for the affected AMD EPYC processors, however updates for the Desktop, Mobile, High-end Desktop and Workstation processors are scheduled for later in the year. Once OEM’s have released BIOS updates it is strongly recommended that they are applied after appropriate testing has taken place.

In the meantime, a workaround has been recommended by the security researcher who discovered the vulnerability. If you are unsure whether you are impacted or how to implement the mitigation, then you should contact your vendor/MSP. Please note, workarounds are not a permanent fix and Black Arrow maintains that the patches should be applied when available.

Technical Summary

CVE-2023-20593 – If successfully exploited this vulnerability allows a malicious actor to access sensitive data from any system operation including those taking place in virtual machines, isolated containers, and sandboxes.

Affected product ranges include:

• 2nd Generation AMD EPYC “Rome” Processors

• AMD Ryzen 3000 and 4000 series Desktop Processors

• AMD Ryzen Threadripper 3000 and 3000WX series High End Desktop and Workstation Processors

• AMD Ryzen 4000, 5000 and 7020 series Mobile Processors

Further details of the Zenbleed vulnerability can be found here:

https://lock.cmpxchg8b.com/zenbleed.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Experts at Davos 2023 Call for a Global Response to the Gathering 'Cyber Storm'

As economic and geopolitical instability spills into the new year, experts predict that 2023 will be a consequential year for cyber security. The developments, they say, will include an expanded threat landscape and increasingly sophisticated cyber attacks.

"There's a gathering cyber storm," Sadie Creese, a Professor of Cyber Security at the University of Oxford, said during an interview at the World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland. "This storm is brewing, and it's really hard to anticipate just how bad that will be."

Already, cyber attacks such as phishing, ransomware and distributed denial-of-service (DDoS) attacks are on the rise. Cloudflare, a major US cyber security firm that provides protection services for over 30% of Fortune 500 companies, found that DDoS attacks—which entail overwhelming a server with a flood of traffic to disrupt a network or webpage—increased last year by 79% year-over-year.

"There's been an enormous amount of insecurity around the world," Matthew Prince, the CEO of Cloudflare, stated during the Annual Meeting. "I think 2023 is going to be a busy year in terms of cyber attacks."

https://www.weforum.org/agenda/2023/01/cybersecurity-storm-2023-experts-davos23/

• Cost of Data Breaches to Global Businesses at Five-Year High

Research from business insurer Hiscox shows that the cost of dealing with cyber events for businesses has more than tripled since 2018. The study, which collated data from the organisation’s previous five annual Cyber Readiness reports, has revealed that:

• Since 2018 the median IT budgets for cyber security more than tripled.

• Between 2020 and 2022 cyber-attacks increased by over a quarter.

• Businesses are increasing their cyber security budgets year-on-year.

In the Hiscox 2022 Cyber Readiness report, the financial toll of cyber incidents, including data breaches, was estimated to be $16,950 (£15,265) on average. As the cost of cyber crime grew, so did organisations’ cyber security budgets – average spending on cyber security tripled from 2018 to 2022, rocketing from $1,470,196 (£1,323,973) to $5,235,162 (£4,714,482).

Hiscox has also revealed that half of all companies surveyed suffered at least one cyber attack in 2022, up 11% from 2020. Financial Services, as well as Technology, Media and Telecom (TMT) sectors even reported a minimum of one attack for three consecutive years. Financial Services firms, however, seemed to be hit the hardest, with 66% reporting being impacted by cyber attacks in 2021-2022.

Cyber risk has risen to the same strategic level as traditional financial and operational risks, thanks to a growing realisation by businesses that the impact can be just as severe.

https://www.itsecurityguru.org/2023/01/18/cost-of-data-breaches-to-global-businesses-at-five-year-high/

• European Data Protection Authorities Issue Record €2.92 Billion in GDPR Fines, an Increase of 168%

European data regulators issued a record €2.92 billion in fines last year, a 168% increase from 2021. That’s according to the latest GDPR and Data Breach survey from international law firm DLA Piper, which covers all 27 Member States of the European Union, plus the UK, Norway, Iceland, and Liechtenstein. This year’s biggest fine of €405 million was imposed by the Irish Data Protection Commissioner (DPC) against Meta Platforms Ireland Limited relating to Instagram for alleged failures to protect children’s personal data. The Irish DPC also fined Meta €265 million for failing to comply with the GDPR obligation for Data Protection by Design and Default. Both fines are currently under appeal.

Despite the overall increase in fines since January 28, 2022, the fine of €746 million that Luxembourg authorities levied against Amazon last year remains the biggest to be issued by an EU-based data regulator to date (though the retail giant is still believed to be appealing).

The report also revealed a notable increase in focus by supervisory authorities on the use of artificial intelligence (AI), while the volume of data breaches reported to regulators decreased slightly against the previous year’s total.

https://www.csoonline.com/article/3685789/european-data-protection-authorities-issue-record-2-92-billion-in-gdpr-fines.html#tk.rss_news

• PayPal Accounts Breached in Large-Scale Credential Stuffing Attack

PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.

Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites. This type of attack relies on an automated approach with bots running lists of credentials to "stuff" into login portals for various services. Credential stuffing targets users that employ the same password for multiple online accounts, which is known as "password recycling."

PayPal explains that the credential stuffing attack occurred between December 6 and December 8, 2022. The company detected and mitigated it at the time but also started an internal investigation to find out how the hackers obtained access to the accounts. By December 20, 2022, PayPal concluded its investigation, confirming that unauthorised third parties logged into the accounts with valid credentials. The electronic payments platform claims that this was not due to a breach on its systems and has no evidence that the user credentials were obtained directly from them.

According to the data breach reporting from PayPal, 34,942 of its users have been impacted by the incident. During the two days, hackers had access to account holders' full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers. Transaction histories, connected credit or debit card details, and PayPal invoicing data are also accessible on PayPal accounts.

https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/

• Royal Mail Boss to Face MPs’ Questions Over Russian Ransomware Attack

Royal Mail’s chief executive faced questions from MPs last week over the Russia-linked ransomware attack that caused international deliveries to grind to a halt.

Simon Thompson, chief executive of Royal Mail, was asked about the recent cyber attack when he appeared before the Commons Business Select Committee to discuss Royal Mail’s response to the cyber attack at the evidence session on Tuesday Jan 17.

A Royal Mail spokesman said: “Royal Mail has been subject to a cyber incident that is affecting our international export service. We are focused on restoring this service as soon as we are able.”

Royal Mail was forced to suspend all outbound international post after machines used for printing customs dockets were disabled by the Russia-linked Lockbit cyber crime gang. Lockbit’s attackers used ransomware, malicious software that scrambles vital computer files before the gang demands payment to unlock them again. The software also took over printers at Royal Mail’s international sorting offices and caused ransom notes to “spout” from them, according to reports.

Cyber security industry sources cautioned that while Lockbit is known to be Russian in origin, it is not known whether a stolen copy of the gang’s signature ransomware had been deployed by rival hackers.

https://www.telegraph.co.uk/business/2023/01/13/royal-mail-boss-face-mps-questions-russian-ransomware-attack/

• Third-Party Risk Management: Why 2023 Could be the Perfect Time to Overhaul your TPRM Program

Ensuring risk caused by third parties does not occur to your organisation is becoming increasingly difficult. Every business outsources some aspects of its operations, and ensuring these external entities are a strength and not a weakness isn’t always a straightforward process.

In the coming years we’ll see organisations dedicate more time and resources to developing detailed standards and assessments for potential third-party vendors. Not only will this help to mitigate risk within their supply chain network, it will also provide better security.

As demand for third-party risk management (TPRM) grows, there are key reasons why we believe 2023 could be pivotal for the future of your organisation’s TPRM program, cyber risk being principal amongst them.

Forrester predicted that 60% of security incidents in 2022 would stem from third parties. In 2021 there was a 300% increase in supply chain attacks, a trend that has continued to increase over the past 12 months also. For example, Japanese car manufacturer Toyota was forced to completely shut down its operations due to a security breach with a third-party plastics supplier.

It’s not only the frequency of third-party attacks that has increased, but also the methods that cyber criminals are using are becoming increasingly sophisticated. For example, the SolarWinds cyber breach in 2020 was so advanced that Microsoft estimated it took over a thousand engineers to stop the impact of the attack.

As the sophistication and frequency of supply chain attacks increases, the impact they have on businesses reputations and valuations is also becoming apparent. There is a need for organisations to conduct thorough due diligence of the third parties they choose to work with, otherwise the consequences could be disastrous.

Remember always that cyber security should be a non-negotiable feature of all business transactions.

https://informationsecuritybuzz.com/third-party-risk-management-why-2023-could-be-the-perfect-time-to-overhaul-your-tprm-program/

• EU Cyber Resilience Regulation Could Translate into Millions in Fines

The EU Commission’s Cyber Resilience Act (CRA) is intended to close the digital fragmentation problem surrounding devices and systems with network connections – from printers and routers to smart household appliances and industrial control systems. Industrial networks and critical infrastructures require special protection.

According to the European Union, there is currently a ransomware attack every eleven seconds. In the last few weeks alone, among others, a leading German children’s food manufacturer and a global Tier1 automotive supplier headquartered in Germany were hit, with the latter becoming the victim of a massive ransomware attack. Such an attack even led to insolvency at the German manufacturer Prophete in January 2023. To press manufacturers, distributors and importers into action, they face significant penalties if security vulnerabilities in devices are discovered and not properly reported and closed.

“The pressure on the industry – manufacturers, distributors and importers – is growing immensely. The EU will implement this regulation without compromise, even though there are still some work packages to be done, for example regarding local country authorities,” says Jan Wendenburg, CEO, ONEKEY.

The financial fines for affected manufacturers and distributors are therefore severe: up to 15 million euros or 2.5 percent of global annual revenues in the past fiscal year – the larger number counts. “This makes it absolutely clear: there will be substantial penalties on manufacturers if the requirements are not implemented,” Wendenburg continues.

Manufacturers, distributors and importers are required to notify ENISA – the European Union’s cyber security agency – within 24 hours if a security vulnerability in one of their products is exploited. Exceeding the notification deadlines is already subject to sanctions.

https://www.helpnetsecurity.com/2023/01/19/eu-cyber-resilience-regulation-fines/

• Russian Hackers Try to Bypass ChatGPT's Restrictions for Malicious Purposes

Russian cyber-criminals have been observed on dark web forums trying to bypass OpenAI’s API restrictions to gain access to the ChatGPT chatbot for nefarious purposes.

Various individuals have been observed, for instance, discussing how to use stolen payment cards to pay for upgraded users on OpenAI (thus circumventing the limitations of free accounts). Others have created blog posts on how to bypass the geo controls of OpenAI, and others still have created tutorials explaining how to use semi-legal online SMS services to register to ChatGPT.

“Generally, there are a lot of tutorials in Russian semi-legal online SMS services on how to use it to register to ChatGPT, and we have examples that it is already being used,” wrote Check Point Research (CPR). “It is not extremely difficult to bypass OpenAI’s restricting measures for specific countries to access ChatGPT,” said Check Point. “Right now, we are seeing Russian hackers already discussing and checking how to get past the geofencing to use ChatGPT for their malicious purposes.”

They added that they believe these hackers are most likely trying to implement and test ChatGPT in their day-to-day criminal operations. “Cyber-criminals are growing more and more interested in ChatGPT because the AI technology behind it can make a hacker more cost-efficient,” they explained.

Case in point, just last week, Check Point Research published a separate advisory highlighting how threat actors had already created malicious tools using ChatGPT. These included infostealers, multi-layer encryption tools and dark web marketplace scripts.

More generally, the cyber security firm is not the only one believing ChatGPT could democratise cyber crime, with various experts warning that the AI bot could be used by potential cyber-criminals to teach them how to create attacks and even write ransomware.

https://www.infosecurity-magazine.com/news/russian-hackers-to-bypass-chatgpt/

• New Report Reveals CISOs Rising Influence

Cyber security firm Coalfire this week unveiled its second annual State of CISO Influence report, which explores the expanding influence of Chief Information Security Officers (CISOs) and other security leaders.

The report revealed that the CISO role is maturing quickly, and the position is experiencing more equity in the boardroom. In the last year alone, there was a 10-point uptick in CISOs doing monthly reporting to the board. These positive outcomes likely stem from the increasingly metrics-driven reporting CISOs provide, where data is more effectively leveraged to connect security outcomes to business objectives.

An especially promising development in this year's report is how security teams are being looped into corporate projects. Of the security leaders surveyed, 78% say they are consulted early in project development when business objectives are first identified, and two-thirds are now making presentations to the highest levels of enterprise authority. 56% of CISOs present security metrics to their CEOs, up from 43% in 2021.

Cloud migration was universally identified as one of those top business objectives. The move to the cloud saddles CISOs with many challenges. The top priorities listed by CISOs include dealing with an expanding attack surface, staffing, and new compliance requirements — all within constrained budgets. In fact, 43% of security leaders said their budgets remained static or were reduced following business migration to the cloud.

Given these challenges, leading CISOs are transforming their approaches. To address multiple cloud compliance requirements, security leaders are focusing on the most onerous set of rules and creating separate environments for different requirements. Risk assessments were identified as the key tool used to secure funding for these and other cyber initiatives and to set top priorities.

"Costs and risks are up, while at the same time, cyber budgets are trending flat or down," said Colefire. "Cyber security has historically been lower in priority for organisations, but we are witnessing a big shift in enterprise cyber expectations. CISOs are rising to meet those expectations, speaking to the business, and as a result, solidifying their role in the C-suite."

https://www.darkreading.com/threat-intelligence/new-coalfire-report-reveals-cisos-rising-influence

• ChatGPT and its Perilous Use as a "Force Multiplier" for Cyber Attacks

As a form of OpenAI technology, ChatGPT has the ability to mimic natural language and human interaction with remarkable efficiency. However, from a cyber security perspective, this also means it can be used in a variety of ways to lower the bar for threat actors.

One key method is the ability for ChatGPT to draft cunning phishing emails en masse. By feeding ChatGPT with minimal information, it can create content and entire emails that will lure unsuspecting victims to provide their passwords. With the right API setup, thousands of unique, tailored, and sophisticated phishing emails can be sent almost simultaneously.

Another interesting capability of ChatGPT is the ability to write malicious code. While OpenAI has put some controls in place to prevent ChatGPT from creating malware, it is possible to convince ChatGPT to create ransomware and other forms of malware as code that can be copied and pasted into an integrated development environment (IDE) and used to compile actual malware. ChatGPT can also be used to identify vulnerabilities in code segments and reverse engineer applications.

ChatGPT will expedite a trend that is already wreaking havoc across sectors – lowering the bar for less sophisticated threat actors, enabling them to conduct attacks while evading security controls and bypassing advanced detection mechanisms. And currently, there is not much that organisations can do about it. ChatGPT represents a technological marvel that will usher in a new era, not just for the cyber security space.

https://www.calcalistech.com/ctechnews/article/sj0lfp11oi

• Mailchimp Discloses a New Security Breach, the Second One in 6 Months

The popular email marketing and newsletter platform Mailchimp was hacked twice in the past six months. The news of a new security breach was confirmed by the company; the incident exposed the data of 133 customers.

Threat actors targeted the company’s employees and contractors to gain access to an internal support and account admin tool.

“On January 11, the Mailchimp Security team identified an unauthorised actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration. The unauthorised actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack.” reads the notice published by the company. “Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts.”

The malicious activity was discovered on January 11, 2023; in response to the intrusion the company temporarily suspended access for impacted accounts. The company also notified the primary contacts for all affected accounts less than 24 hours after the initial discovery.

https://securityaffairs.com/140997/data-breach/mailchimp-security-breach.html

Threats

Ransomware, Extortion and Destructive Attacks

• Yum Brands says nearly 300 restaurants in UK impacted due to cyber attack | Reuters

• Royal Mail boss to face MPs’ questions over Russian ransomware attack (telegraph.co.uk)

• What is LockBit ransomware and how does it operate? | Royal Mail | The Guardian

• How cyber-attack on Royal Mail has left firms in limbo - BBC News

• Royal Mail restarts limited overseas post after cyber-attack - BBC News

• How Royal Mail’s hacker became the world’s most prolific ransomware group | Financial Times (ft.com)

• Ransomware Trends In Q4 2022: Key Findings And Recommendations (informationsecuritybuzz.com)

• Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw (bleepingcomputer.com)

• Microsoft retracts its report on Mac ransomware (techrepublic.com)

• Royal Mail operations hub in Mallusk hit by ‘cyber attack’ as printer spurts out ransom demands - BelfastTelegraph.co.uk

• Ransomware Dips During 2022: Are Cyber attacks Slowing or Just a Blip? - MSSP Alert

• Up to 1,000 ships affected by DNV ransomware attack - Splash247

• Avast releases free BianLian ransomware decryptor (bleepingcomputer.com)

• Vice Society ransomware leaks University of Duisburg-Essen’s data (bleepingcomputer.com)

• Ransomware attack cuts 1,000 ships off from on-shore servers • The Register

• Royal Mail promises ‘workarounds’ to restore services after ransomware attack | Computer Weekly

• Cyber-crime gangs' earnings slide as victims refuse to pay - BBC News

• Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner (bleepingcomputer.com)

Phishing & Email Based Attacks

• How AI chatbot ChatGPT changes the phishing game | CSO Online

• The big risk in the most-popular, and aging, big tech email programs (cnbc.com)

• Why encrypting emails isn't as simple as it sounds - Help Net Security

• Is it your bank or a scam? How to deal with phishing attacks | Economy and Business | EL PAÍS English Edition

• Fake DHL emails allow hackers to breach Microsoft 365 accounts (msn.com)

Other Social Engineering; Smishing, Vishing, etc

• Techniques that attackers use to trick victims into visiting malicious content - Help Net Security

• Mailchimp slips up again, suffers security breach after falling on social engineering banana skin • Graham Cluley

• As Social Engineering Tactics Change, So Must Your Security Training (darkreading.com)

2FA/MFA

• CircleCI's hack caused by malware stealing engineer's 2FA-backed session (bleepingcomputer.com)

• The Importance of Multi-Factor Authentication (MFA) - MSSP Alert

Malware

• Qbot Overtakes Emotet in December 2022's Most Wanted Malware List - Infosecurity Magazine (infosecurity-magazine.com)

• IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours (thehackernews.com)

• New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild (thehackernews.com)

• CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop - Infosecurity Magazine (infosecurity-magazine.com)

• Experts spotted a backdoor that borrows code from CIA's Hive malware - Security Affairs

• ChatGPT Creates Polymorphic Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Attackers Crafted Custom Malware for Fortinet Zero-Day (darkreading.com)

• New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (thehackernews.com)

• Malicious ‘Lolip0p’ PyPi packages install info-stealing malware (bleepingcomputer.com)

• Hackers exploit Cacti critical bug to install malware, open reverse shells (bleepingcomputer.com)

• Hackers can use GitHub Codespaces to host and deliver malware (bleepingcomputer.com)

• Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks (trendmicro.com)

• Hackers turn to Google search ads to push info-stealing malware (bleepingcomputer.com)

• How to spot a cyberbot – five tips to keep your device safe (theconversation.com)

Mobile

• New 'Hook' Android malware lets hackers remotely control your phone (bleepingcomputer.com)

• Roaming Mantis’ Android malware adds DNS changer to hack WiFi routers (bleepingcomputer.com)

Botnets

• How to spot a cyberbot – five tips to keep your device safe (theconversation.com)

Denial of Service/DoS/DDOS

• Russian hacktivists NoName057 offer cash for DDoS attacks (techmonitor.ai)

Internet of Things – IoT

• Smart appliances could stop working after two years, says Which? - BBC News

Data Breaches/Leaks

• 6,000+ Customer Accounts Breached, NortonLifeLock Alert Users (informationsecuritybuzz.com)

• 1.7 TB of data from digital intelligence firm Cellebrite leaked online - Security Affairs

• CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop - Infosecurity Magazine (infosecurity-magazine.com)

• LastPass faces mounting criticism over recent breach | TechTarget

• Mailchimp Suffers Another Security Breach Compromising Some Customers' Information (thehackernews.com)

• Mailchimp discloses a new incident, the second one in 6 months - Security Affairs

• Timeline of the latest LastPass data breaches | CSO Online

• PayPal Breach Exposed PII of Nearly 35K Accounts (darkreading.com)

• T-Mobile US says hacker accessed personal data of 37 million customers • TechCrunch

• Twitter says leaked emails not hacked from its systems - BBC News

• Hacked! My Twitter user data is out on the dark web -- now what? | ZDNET

• Twitter sued over data leak that it denied was caused by a flaw | Business

• Nissan North America data breach caused by vendor-exposed database (bleepingcomputer.com)

• 18k Nissan Customers Affected by Data Breach at Third-Party Software Developer | SecurityWeek.Com

• Third-party administrator hack leads to theft of patient data for over 251K | SC Media (scmagazine.com)

Organised Crime & Criminal Actors

• Russia's Ukraine War Drives 62% Slump in Stolen Cards - Infosecurity Magazine (infosecurity-magazine.com)

• Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto exchanges freeze accounts tied to North Korea • The Register

• Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs

• FTX Says $415 Million Of Its Crypto Assets Was Hacked (informationsecuritybuzz.com)

• Google Ads-delivered malware drains NFT influencer’s entire crypto wallet (cointelegraph.com)

• Bitcoin is a ‘hyped-up fraud’, says JP Morgan chief (telegraph.co.uk)

• International Arrests Over 'Criminal' Crypto Exchange | SecurityWeek.Com

Fraud, Scams & Financial Crime

• A $175 Million Dollar Blunder: How A 30-Year-Old Entrepreneur Allegedly Defrauded JP Morgan With 4 Million Fake Email Accounts | Celebrity Net Worth

• Opinion: These online scams to steal your money will shock you -- even if you think you've seen them all - MarketWatch

• Young people warned not to be exploited as ‘money mules’ for UK criminal gangs | Crime | The Guardian

• Hacker stole credit cards from Canada alcohol retailer LCBO - Security Affairs

• Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs

• New York man defrauded thousands using credit cards sold on dark web (bleepingcomputer.com)

• FTX Says $415 Million Of Its Crypto Assets Was Hacked (informationsecuritybuzz.com)

• The US Has a Massive Money Transfer Surveillance Apparatus (gizmodo.com)

• The threat of location spoofing and fraud - Help Net Security

• HUMAN Security Stops VASTFLUX Digital Ad Fraud Operation - MSSP Alert

• International Arrests Over 'Criminal' Crypto Exchange | SecurityWeek.Com

Insurance

• Millions of Insurance Customers Compromised Via Supplier - Infosecurity Magazine (infosecurity-magazine.com)

Dark Web

• Russia's Ukraine War Drives 62% Slump in Stolen Cards - Infosecurity Magazine (infosecurity-magazine.com)

• New York man defrauded thousands using credit cards sold on dark web (bleepingcomputer.com)

• Illegal Solaris darknet market hijacked by competitor Kraken (bleepingcomputer.com)

Supply Chain and Third Parties

• CircleCI, LastPass, Okta, and Slack: Cyber attackers Pivot to Target Core Enterprise Tools (darkreading.com)

• Third-Party Risk Management: Why 2023 Could Be The Perfect Time To Overhaul Your TPRM Program (informationsecuritybuzz.com)

Cloud/SaaS

• The Dangers of Default Cloud Configurations (darkreading.com)

• Report: Cloud-based networks under growing attack • The Register

• Data Security in Multicloud: Limit Access, Increase Visibility (darkreading.com)

Hybrid/Remote Working

• Training, endpoint management reduce remote working cyber security risks - Help Net Security

Encryption

• Vulnerabilities in cryptographic libraries found through modern fuzzing - Help Net Security

• teiss - Cyber Threats - Managing the treat from quantum computers

• Threats Of Quantum: The Solution Lies In Quantum Cryptography (informationsecuritybuzz.com)

• Why encrypting emails isn't as simple as it sounds - Help Net Security

• TLS Connection Cryptographic Protocol Vulnerabilities (trendmicro.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Compromise of employee device, credentials led to CircleCI breach | SC Media (scmagazine.com)

• PayPal accounts breached in large-scale credential stuffing attack (bleepingcomputer.com)

• Timeline of the latest LastPass data breaches | CSO Online

• NortonLifeLock: threat actors breached Norton Password Manager accounts - Security Affairs

Social Media

• Twitter says leaked emails not hacked from its systems - BBC News

• Hacked! My Twitter user data is out on the dark web -- now what? | ZDNET

• French CNIL fined Tiktok $5.4 Million for violating cookie laws - Security Affairs

Malvertising

• Hackers turn to Google search ads to push info-stealing malware (bleepingcomputer.com)

• Google Ads-delivered malware drains NFT influencer’s entire crypto wallet (cointelegraph.com)

• HUMAN Security Stops VASTFLUX Digital Ad Fraud Operation - MSSP Alert

Training, Education and Awareness

• Training, endpoint management reduce remote working cyber security risks - Help Net Security

• As Social Engineering Tactics Change, So Must Your Security Training (darkreading.com)

Regulations, Fines and Legislation

• GDPR Fines Surge 168% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• European data protection authorities issue record €2.92 billion in GDPR fines | CSO Online

• State of data privacy laws in 2023 | TechTarget

• How data protection is evolving in a digital world - Help Net Security

• EU cyber resilience regulation could translate into millions in fines - Help Net Security

• UN Hearing On Proposed Cyber Crime Treaty: Legal Measures To Tackle Cyber Crimes (informationsecuritybuzz.com)

• Online safety bill: Attempt to jail tech bosses ‘could backfire’ | News | The Times

• Culture secretary examines plans to punish tech bosses over online harms | Financial Times (ft.com)

• French CNIL fined Tiktok $5.4 Million for violating cookie laws - Security Affairs

• State legislators aren't waiting for Congress to regulate children's online privacy - CyberScoop

• How Would the FTC Rule on Noncompetes Affect Data Security? (darkreading.com)

• The US Has a Massive Money Transfer Surveillance Apparatus (gizmodo.com)

• What are International Traffic in Arms Regulations and Export Administration Regulations? (techtarget.com)

Governance, Risk and Compliance

• Technology is a fragile machine that seems to power everything | Android Central

• Third-Party Risk Management: Why 2023 Could Be The Perfect Time To Overhaul Your TPRM Program (informationsecuritybuzz.com)

• Training, endpoint management reduce remote working cyber security risks - Help Net Security

• New Coalfire Report Reveals CISOs Rising Influence (darkreading.com)

• Cost of data breaches to global businesses at five-year high- IT Security Guru

• Experts at Davos 2023 sound the alarm on cyber security | World Economic Forum (weforum.org)

• Why Mean Time to Repair Is Not Always A Useful Security Metric (darkreading.com)

• Why are there so many cyber attacks lately? An explainer on the rising trend | Globalnews.ca

• How To Build A Network Of Security Champions In Your Organisation (forbes.com)

• EU cyber resilience regulation could translate into millions in fines - Help Net Security

• What is Business Attack Surface Management? (trendmicro.com)

• How to build a cyber-resilience culture in the enterprise | TechTarget

• Why Businesses Need to Think Like Hackers This Year (darkreading.com)

• How to prioritize resilience in the face of cyber-attacks | World Economic Forum (weforum.org)

• #WEF23: Geopolitical Instability Means a Cyber “Catastrophe” is Imminent - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber-attack contributes to major Harrogate district firm posting £4.1m loss - The Stray Ferret

Data Protection

• GDPR Fines Surge 168% in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• European data protection authorities issue record €2.92 billion in GDPR fines | CSO Online

• How data protection is evolving in a digital world - Help Net Security

• State legislators aren't waiting for Congress to regulate children's online privacy - CyberScoop

• European Businesses Admit Major Privacy Skills Gap - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• New Coalfire Report Reveals CISOs Rising Influence (darkreading.com)

• IT Burnout may be Putting Your Organisation at Risk (bleepingcomputer.com)

• Sophos Joins List of Cyber security Companies Cutting Staff | SecurityWeek.Com

Law Enforcement Action and Take Downs

• Europol arrested cryptocurrency scammers that stole millions from victims - Security Affairs

Privacy, Surveillance and Mass Monitoring

• AI and privacy: Experts worry users may have already ‘traded a lot’ for services - National | Globalnews.ca

• State of data privacy laws in 2023 | TechTarget

• How data privacy and automation offer both challenges and opportunities in a fintech future | Kyndryl: The Heart of Progress | The Guardian

• UK supermarket uses facial recognition tech to track shoppers - Coda Story

• State legislators aren't waiting for Congress to regulate children's online privacy - CyberScoop

• European Businesses Admit Major Privacy Skills Gap - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• Russian Hackers Try to Bypass ChatGPT's Restrictions For Malicious Purposes - Infosecurity Magazine (infosecurity-magazine.com)

• How AI chatbot ChatGPT changes the phishing game | CSO Online

• ChatGPT Opens New Opportunities for Cyber criminals: 5 Ways for Organisations to Get Ready (darkreading.com)

• ChatGPT and its perilous use as a "Force Multiplier" for cyber attacks | Ctech (calcalistech.com)

• AI and privacy: Experts worry users may have already ‘traded a lot’ for services - National | Globalnews.ca

• Potential threats and sinister implications of ChatGPT - Help Net Security

• Criminals seek OpenAI guardrail bypass, use ChatGPT for evil • The Register

• ChatGPT Creates Polymorphic Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Is ChatGPT a cyber security threat? | TechCrunch

Misinformation, Disinformation and Propaganda

• Over Four Billion People Affected By Internet Censorship in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian Hackers Try to Bypass ChatGPT's Restrictions For Malicious Purposes - Infosecurity Magazine (infosecurity-magazine.com)

• Putin’s Russian cyber attacks could target UK’s infrastructure | News | The Times

• From phishing scams to propaganda: How Russia, rogue nations utilize cyber capabilities against the US | Fox News

• Industrial espionage: How China sneaks out America's technology secrets - BBC News

• Russia's Ukraine War Drives 62% Slump in Stolen Cards - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine blames Russia for most of over 2,000 cyber attacks in 2022 | Reuters

• Cyber  attacks have tripled in past year, says Ukraine’s cyber security agency | Ukraine | The Guardian

• Pro-Russian Hacktivist Group Targets Czech Presidential Election - Infosecurity Magazine (infosecurity-magazine.com)

• Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware (thehackernews.com)

• Is Elon Musk’s Starlink winning the war for Ukraine? | World | The Sunday Times (thetimes.co.uk)

• Pro-Russia Hacktivist Group NoName057(16) Strikes Again (informationsecuritybuzz.com)

• Earth Bogle Group Targets Middle East With NjRAT, Geopolitical Lures - Infosecurity Magazine (infosecurity-magazine.com)

• Russian hacktivists NoName057 offer cash for DDoS attacks (techmonitor.ai)

• Chinese APT Group Vixen Panda Targets Iranian Government Entities - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine links data-wiping attack on news agency to Russian hackers (bleepingcomputer.com)

• Russian hackers target Ukrainian press briefing about cyber attacks (axios.com)

• Chinese hackers targeted Iranian government entities for months: Report | CSO Online

• Myanmar Acquired Spyware From Israeli Cyber-intelligence Firm Cognyte, New Docs Reveal - National Security & Cyber - Haaretz.com

Nation State Actors

Nation State Actors – Russia

• Russian Hackers Try to Bypass ChatGPT's Restrictions For Malicious Purposes - Infosecurity Magazine (infosecurity-magazine.com)

• Putin’s Russian cyber attacks could target UK’s infrastructure | News | The Times

• From phishing scams to propaganda: How Russia, rogue nations utilize cyber capabilities against the US | Fox News

• Russia's Ukraine War Drives 62% Slump in Stolen Cards - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine blames Russia for most of over 2,000 cyber attacks in 2022 | Reuters

• Cyber attacks have tripled in past year, says Ukraine’s cyber security agency | Ukraine | The Guardian

• Pro-Russian Hacktivist Group Targets Czech Presidential Election - Infosecurity Magazine (infosecurity-magazine.com)

• Is Elon Musk’s Starlink winning the war for Ukraine? | World | The Sunday Times (thetimes.co.uk)

• Pro-Russia Hacktivist Group NoName057(16) Strikes Again (informationsecuritybuzz.com)

• Russian hacktivists NoName057 offer cash for DDoS attacks (techmonitor.ai)

• Ukraine links data-wiping attack on news agency to Russian hackers (bleepingcomputer.com)

• Russian hackers target Ukrainian press briefing about cyber attacks (axios.com)

• Russians say they can download software from Intel again • The Register

• Nation State Actors – China

• Industrial espionage: How China sneaks out America's technology secrets - BBC News

• Attackers Crafted Custom Malware for Fortinet Zero-Day (darkreading.com)

• New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (thehackernews.com)

• China wants 30 percent CAGR for its infosec industry • The Register

• Chinese APT Group Vixen Panda Targets Iranian Government Entities - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese hackers targeted Iranian government entities for months: Report | CSO Online

Nation State Actors – North Korea

• Crypto exchanges freeze accounts tied to North Korea • The Register

Nation State Actors – Iran

• Chinese APT Group Vixen Panda Targets Iranian Government Entities - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese hackers targeted Iranian government entities for months: Report | CSO Online

Nation State Actors – Misc

• Earth Bogle Group Targets Middle East With NjRAT, Geopolitical Lures - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• The Top 10 Vulnerabilities of 2022: Mastering Vulnerability Management - Security Boulevard

• Why you don’t have to fix every vulnerability | CSO Online

• 3 Lessons Learned in Vulnerability Management (darkreading.com)

Vulnerabilities

• Cisco won’t fix critical flaw in small business routers • The Register

• Unpatched Zoho ManageEngine Products Under Active Cyber attack (darkreading.com)

• Oracle's First Security Update for 2023 Includes 327 New Patches | SecurityWeek.Com

• Why it's time to review your on-premises Microsoft Exchange patch status | CSO Online

• Attackers Crafted Custom Malware for Fortinet Zero-Day (darkreading.com)

• New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (thehackernews.com)

• Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability (thehackernews.com)

• PoC exploits released for critical bugs in popular WordPress plugins (bleepingcomputer.com)

• Vulnerabilities in cryptographic libraries found through modern fuzzing - Help Net Security

• Microsoft: Exchange Server 2013 reaches end of support in 90 days (bleepingcomputer.com)

• AMD Revealed 31 Vulnerabilities Within Its Processor Lines, Ryzen & EPYC CPUs Included (wccftech.com)

• Hackers are using this old trick to dodge security protections | ZDNET

• Attackers deploy sophisticated Linux implant on Fortinet network security devices | CSO Online

• Researchers to release PoC exploit for critical Zoho RCE bug, patch now (bleepingcomputer.com)

• MSI accidentally breaks Secure Boot for hundreds of motherboards (bleepingcomputer.com)

• Git security vulnerabilities announced | The GitHub Blog

• Microsoft fixes SSRF vulnerabilities found in Azure services | TechTarget

• Over 4,000 Sophos Firewall devices vulnerable to RCE attacks (bleepingcomputer.com)

• Mozilla Releases Security Updates for Firefox | CISA

• Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers (thehackernews.com)

• Exploited Control Web Panel Flaw Added to CISA 'Must-Patch' List | SecurityWeek.Com

• Two critical flaws discovered in Git system - Security Affairs

• Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability | SecurityWeek.Com

• Cisco Patches High-Severity SQL Injection Vulnerability in Unified CM | SecurityWeek.Com

• CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability | Rapid7 Blog

• Critical Microsoft Azure RCE flaw impacted multiple services - Security Affairs

• New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks (thehackernews.com)

• Cross-site forgery bug would facilitate remote code execution in Microsoft Azure services | SC Media (scmagazine.com)

Tools and Controls

• Training, endpoint management reduce remote working cyber security risks - Help Net Security

• Why encrypting emails isn't as simple as it sounds - Help Net Security

• As Social Engineering Tactics Change, So Must Your Security Training (darkreading.com)

• Zero trust network access for Desktop as a Service - Help Net Security

• How to prioritize resilience in the face of cyber-attacks | World Economic Forum (weforum.org)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Crime Losses Triple To £1.3bn In H1 2021

Individuals and organisations lost three times more money to cyber crime and fraud in the first half of the year compared to the same period in 2020, as incidents soared, according to new figures. The report revealed that between January 1 and July 31 2020, victims lost £414.7m to cyber crime and fraud. However, the figure surged to £1.3bn for the same period in 2021. This can be partly explained by the huge increase in cases from last year to this. In the first half of 2020, there were just 39,160 reported to Action Fraud, versus 289,437 in the first six months of 2021. https://www.infosecurity-magazine.com/news/cybercrime-losses-triple-to-13bn/

Ransomware On A Rampage; A New Wake-Up Call

The ransomware rampage is continuing at pace and continues to create significant cyber security challenges. The use of ransomware by hackers to leverage exploits and extract financial benefits is not new. Ransomware has been around for over 2 decades, (early use of basic ransomware malware was used in the late 1980s) but as of late, it has become a trending and more dangerous cybersecurity threat. The inter-connectivity of digital commerce and expanding attack surfaces have enhanced the utility of ransomware as cyber weapon of choice for bad actors. Like bank robbers, cyber criminals go where the money is accessible. And it is now easier for them to reap benefits from extortion. Hackers can now demand cryptocurrencies payments or pre-paid cards that can be anonymously transacted. Those means of digital payments are difficult to trace by law enforcement. https://www.forbes.com/sites/chuckbrooks/2021/08/21/ransomware-on-a-rampage-a-new-wake-up-call/?sh=64a622362e81

22% Of Cyber Security Incidents In H1 2021 Were Ransomware Attacks

A report uncovered the number and nature of UK cyber security breaches reported to the UK Information Commissioner’s Office (ICO) in 2020 and 2021. So far in 2021 phishing was to blame for most incidents, accounting for 40% of all cyber security cases reported to the ICO, slightly down from 44% the year before. However, ransomware is surging, up from 11% of all reported incidents in the first half of 2020 to 22% in 2021. https://www.helpnetsecurity.com/2021/08/25/cybersecurity-incidents-h1-2021/

Ransomware: These Four Rising Gangs Could Be Your Next Major Cyber Security Threat

In recent months some significant ransomware operators have seemingly disappeared. But that doesn't mean that ransomware is any less of a problem, quite the opposite – new groups are emerging to fill the gaps and are often worse than the gangs that went before them. Cyber security researchers have detailed four upcoming families of ransomware discovered during investigations – and under the right circumstances, any of them could become the next big ransomware threat. One of these is LockBit 2.0, a ransomware-as-a-service operation that has existed since September 2019 but has gained major traction over the course of this summer. Those behind it revamped their dark web operations in June – when they launched the 2.0 version of LockBit – and aggressive advertising has drawn attention from cyber criminals. https://www.zdnet.com/article/ransomware-these-four-rising-threats-could-be-the-next-major-cybersecurity-risk-facing-your-business/

Key Email Threats And The High Cost Of Business Email Compromise

Researchers published the results of a study analysing over 31 million threats across multiple organisations and industries, with new findings and warnings issued by technical experts that every organisation should be aware of. A key aspect to preventing attacks is having a deep understanding of cyber actor patterns and continuously monitoring and deconstructing campaigns to anticipate future ones. Phishing can be a profitable business model, and most breaches begin with a phishing email. What appears to be an innocent email from a trusted vendor or internal department can lead to firm-wide shutdowns, loss of crucial data, and millions in financial costs. As detailed in the report, threats ranging from ransomware, credential harvesters to difficult-to-discover but costly Business Email Compromise (BEC) targeted inboxes, could have resulted in over $354 million in direct losses had they been successful. https://www.helpnetsecurity.com/2021/08/23/key-email-threats/

Microsoft Warns Thousands Of Cloud Customers Of Exposed Databases

Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security a company discovered it was able to access keys that control access to databases held by thousands of companies. https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/

58% Of IT Leaders Worried Their Business Could Become A Target Of Rising Nation State Attacks

Researchers released the findings of a global survey of 1,100 IT decision makers (ITDMs), examining their concerns around rising nation state attacks. 72% of respondents said they worry that nation state tools, techniques, and procedures (TTPs) could filter through to the dark net and be used to attack their business. https://www.helpnetsecurity.com/2021/08/23/rising-nation-state-attacks/

Cyber Insurance Market Encounters ‘Crisis Moment’ As Ransomware Costs Pile Up

It’s a sure sign of trouble when leading insurance industry executives are worried about their own prices going up. Ransomware now accounts for 75% of all cyber insurance claims, up from 55% in 2016, according to the credit ratings agency. The percentage increase in claims is outpacing that of premiums, said a June report which concluded that “the prospects for the cyber insurance market are grim.” Fitch Ratings in April found that the ratio of losses to premiums earned was at 73% last year, jeopardizing the profitability of the industry. https://www.cyberscoop.com/cyber-insurance-ransomware-crisis/

Security Teams Report Rise In Cyber Risk

Do you feel like you are gaining in your ability to protect your data and your network? If you are like 80% of respondents to the a recent report, you expect to experience a data breach that compromises customer data in the next 12 months. The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets. https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

The U.S. Cyber security and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. The vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution. While the former two were addressed by Microsoft on April 13, a patch for CVE-2021-31207 was shipped as part of the Windows maker's May Patch Tuesday updates. https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html

Threats

Ransomware

• 70% of Cyber Pros Believe Cyber Insurance is Exacerbating Ransomware

• Nigerian Threat Actors Solicit Employees To Deploy Ransomware for Cut Of Profits

• FBI Shares Technical Details For Hive Ransomware

• New Ransomware Called LockFile Targets Microsoft Exchange Servers

• Researchers Find New Evidence Linking Diavol Ransomware To TrickBot Gang

• FBI Sends Its First-Ever Alert About A ‘Ransomware Affiliate’

Phishing

• That Email Asking For Proof Of Vaccination Might Be A Phishing Scam

• Phishing Could Have Cost Businesses $354m In Potential Direct Losses

Other Social Engineering

• Scammers Impersonate Europol Chief In An Effort To Defraud Belgians

• Man Admits Impersonating Apple Support Staff To Steal 620,000 Photos From iCloud Accounts

Malware

• 13 Million Malware Attacks On Linux Seen In Wild

• New SideWalk Backdoor Targets U.S.-Based Computer Retail Business

• Mozi Botnet Gains The Ability To Tamper With Its Victims’ Traffic

• Shadowpad Malware Is Becoming A Favourite Choice Of Chinese Espionage Groups

Mobile

• Dreadful Joker Virus That Can Empty Bank Accounts Returns: Remove These Apps On Your Device ASAP

• Pegasus iPhone Hacks Used As Lure In Extortion Scheme

IOT

• Mirai-Style Iot Botnet Is Now Scanning For Router-Pwning Critical Vuln In Realtek Kit

• IoT Market To Reach $1.5 Trillion By 2027, Security Top Priority

• Hackers Could Increase Medication Doses Through Infusion Pump Flaws

Vulnerabilities

• F5 Bug Could Lead To Complete System Takeover

• Multiple Products Impacted By OpenSSL RCE vulnerability

• Microsoft Breaks Silence On Barrage of ProxyShell Attacks

• Atlassian Warns Of Critical Confluence Flaw

• VMware Issues Patches To Fix New Flaws Affecting Multiple Products

• Critical Flaw Discovered In Cisco APIC for Switches — Patch Released

• New Ryzen Chipset Driver Patches Security Vulnerabilities

• CISA Warns Admins To Urgently Patch Exchange ProxyShell Bugs

• Attackers Actively Exploiting Realtek SDK Flaws

• Google Issues Warning For 2 Billion Chrome Users

Data Breaches/Leaks

• Guernsey Data Authority Imposed Sanctions On 11 Firms For Breaches Last Year

• Data Leak Exposed 38 Million Records, Including COVID-19 Vaccination Statuses

• Nokia Subsidiary Discloses Data Breach After Conti Ransomware Attack

• T-Mobile Breach Hits 53 Million Customers As Probe Finds Wider Impact

Organised Crime & Criminal Actors

• Infamous Hacker Group Claims To Be Selling Data From Over 70 Million AT&T Customers, According To A Privacy Group 

Cryptocurrency/Cryptojacking

• Man Sues Parents Of Teens Who Hijacked Nearly $1M In Bitcoin

• Coinbase Accounts Hacked As Bitcoin Hovers Near $50k

Insider Threats

• Employees Participating In Unethical Behaviours To Help An Organisation Actually Harm Themselves

DoS/DDoS

• Cloudflare says it stopped the largest DDoS attack ever reported

• Botnet Generates One Of The Largest DDoS Attacks On Record

OT, ICS, IIoT and SCADA

• ICS Vulnerabilities Disclosed In H1 2021 Rose By 41%

Nation State Actors

• Spies for Hire: China’s New Breed Of Hackers Blends Espionage And Entrepreneurship

• InkySquid State Actor Exploiting Known IE Bugs

• US Media, Retailers Targeted By New SparklingGoblin APT

Cloud

• 40% of SaaS (Cloud) Assets Are Unmanaged, Putting Companies At Risk For Data Leaks

Privacy

• Phones Of Nine Bahraini Activists Found To Have Been Hacked With NSO Spyware

Other News

• Razer bug lets you become a Windows 10 admin by plugging in a mouse

• Cyber Security Market Soaring As Threats Target Commercial And Govt Organisations

• UK to overhaul privacy rules in post-Brexit departure from GDPR

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.