Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK Cyber Breaches Survey Finds Business Falling Short on Cyber, as Half Suffer Breach and Many Fail to Report

Half of UK businesses experienced a cyber breach last year, according to a survey by the UK Government. The figure could be much higher however, as the survey found only 34% report breaches externally.

It is said that a cyber incident is a matter of when, not if. Nonetheless, 78% of organisations lack a dedicated response plan outlining actions to be taken in the event of a cyber incident and only 11% review their immediate suppliers for risks. To improve cyber resilience, there needs to be a paradigm shift.

Sources: [Computer Weekly] [Computing] [Infosecurity Magazine] [Info Risk Today]

Cyber Attacks Cost Financial Firms $12bn Says IMF

A recent International Monetary Fund (IMF) report has highlighted significant financial losses in the financial services sector, totalling $12 billion over the last two decades due to cyber attacks, with losses accelerating post-pandemic. The number of incidents and the scale of extreme losses have sharply increased, prompting the IMF to urge enhanced cross-border cooperation to uphold the stability of the global financial system.

The report underscores the critical threat that cyber attacks pose to financial stability, particularly for banks in advanced economies which are more exposed to such risks. With major institutions like JP Morgan facing up to 45 billion cyber threats daily, the IMF emphasises the need for international collaboration to effectively manage and mitigate these risks.

Source: [Finextra]

The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realise

A critical security breach was narrowly avoided when a Microsoft developer detected suspicious activity in XZ Utils, an open-source library crucial to internet infrastructure. This discovery revealed that a new developer had implanted a sophisticated backdoor in the software, potentially giving unauthorised access to millions of servers worldwide. This incident has intensified scrutiny on the vulnerabilities of open-source software, which is largely maintained by unpaid or underfunded volunteers and serves as a backbone for the internet economy. The situation has prompted discussions among government officials and cyber security experts about enhancing the protection of open-source environments. This close call, described by some as a moment of "unreasonable luck," underscores the pressing need for sustainable support and rigorous security measures in the open-source community.

Source: [Inc.com]

UK Government Urged to Get on ‘Front Foot’ with Ransomware Instead of ‘Absorbing the Punches’

Amidst a rising tide of ransomware attacks affecting wide range of UK services, officials in Westminster are being pressured to enhance funding for operations aimed at disrupting ransomware gangs. The current strategy focuses on bolstering organisational cyber security and recovery preparedness, a stance under the second pillar of the UK's National Cyber Strategy known as resilience. However, this approach has not curbed the frequency of incidents, which have steadily increased over the past five years, impacting sectors including the NHS and local governments. In contrast to the proactive disruption efforts seen in the US, the UK has yet to allocate new funds for such measures, despite successful disruptions like the recent takedown of the LockBit gang by the US National Crime Agency, which underscored the potential benefits of increased resources for cyber crime disruption.

Source: [The Record Media]

74% of Employees Falling Victim to Phishing Attacks Hit with Disciplinary Actions

The Egress 'Email Threat Landscape 2024' report reveals a surge in phishing attacks, with 94% of companies falling victim to this type of crime in this past year alone, leading to increasingly complex cyber security challenges. According to the report, 96% of these companies suffered significant repercussions, including operational disruption and data breaches, with common attack vectors being malicious URLs, and malware or ransomware attachments.

The human cost is also notable, with 74 per cent of employees involved in attacks having faced disciplinary actions, dismissals, or voluntary departures, underscoring the severity of the issue and the heightened vigilance among companies in addressing the phishing threat. Financial losses primarily stem from customer churn, which accounts for nearly half of the total impact. Amidst rising attacks through compromised third-party accounts, Egress advocates for stronger monitoring and defence strategies to protect critical data and reduce organisational and individual hardships.

Source: [The Fintech Times]

Why Are Many Businesses Turning to Third-Party Security Partners?

In 2023, 71% of organisations reported being impacted by a cyber security skills shortage, leading many to scale back their cyber security initiatives amid escalating threats. To bridge the gap, businesses are increasingly turning to third-party security partnerships, reflecting a shift towards outsourcing crucial cyber security operations to handle complex challenges more efficiently. This approach is driven by the need to fill technical and resource gaps in the face of a severe workforce shortfall, with an estimated 600,000 unfilled security positions in the US alone. Moreover, these strategic partnerships allow organisations to leverage external expertise for scalable and effective security solutions, alleviating the burden of staying updated with the rapidly evolving threat landscape.

Source: [Help Net Security]

74% of Businesses with up to 500 Employees are Concerned About Cyber Security as Attacks Rise

According to a recent poll by the US Chamber of Commerce, 60% of small businesses expressed concerns about threats, with 58% concerned about a supply chain breakdown. The highest concern came from businesses with 20-500 employees (74%). Despite such concern, only 49% had trained staff on cyber security. When it came to the impact of a cyber event, 27% of respondents say they are one disaster or threat away from shutting down their business.

Sources: [Malwcv arebytes][Marketplace] [US Chamber]

LastPass: Hackers Targeted Employee in Failed Deepfake CEO Call

LastPass recently reported a thwarted voice phishing attack targeting one of its employees using deepfake audio technology to impersonate CEO Karim Toubba. The attack, conducted via WhatsApp, was identified by the employee as suspicious due to the unusual communication channel and clear signs of social engineering, such as forced urgency. Despite the failure of this particular attempt, LastPass has shared the incident publicly to highlight the growing use of AI-generated deepfakes in executive impersonation schemes. This incident underscores a broader trend, as indicated by alerts from both the US Department of Health and Human Services and the FBI, pointing to an increase in sophisticated cyber attacks employing deepfake technology for fraud, social engineering, and potential influence operations.

Source: [Bleepingcomputer]

Most Cyber Criminal Threats are Concentrated in Just a Few Countries

Oxford researchers have developed the world's first cyber crime index to identify global hotspots of cyber criminal activity, ranking countries based on the prevalence and sophistication of cyber threats. The index reveals that a significant portion of cyber threats is concentrated in a few countries, with Russia and Ukraine positioned at the top, with the USA and the UK also ranking prominently. The results indicate that countries like China, Russia, Ukraine, the US, Romania, and Nigeria are among the top hubs for activities ranging from technical services to money laundering. This tool aims to refine the focus for cyber crime research and prevention efforts, although the study acknowledges the need for a broader and more representative sample of expert opinions to enhance the accuracy and applicability of the findings. The index underscores that while cyber crime may appear globally fluid, it has pronounced local concentrations.

Sources: [ThisisOxfordshire] [Phys Org]

Why Incident Response is the Best Cyber Security ROI

The Microsoft Incident Response Reference Guide predicts that most organisations will encounter one or more major security incidents where attackers gain administrative control over crucial IT systems and data. While complete prevention of cyber attacks may not be feasible, prompt and effective incident response is essential to mitigate damage and protect reputations. However, many organisations may not be adequately budgeting for incident response, and the recent UK Government report found that 78% of organisations do not have formalised incident response plans, risking prolonged recovery and increased costs. Cyber crime damages hit $23b in 2023, but the true costs of incidents includes non-financial damage such as reputational harm. If a cyber incident is a matter of when, not if, then a prepared incident response plan is the best cyber security ROI.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [CSO Online]

Ransomware Attacks are the Canaries in the Cyber Coal Mine

A recent report has found that ransomware attacks were up 110% compared to the prior month, stating that unreported attacks were up to 6 times higher. The report found that tactics are increasingly using data extortion, with 92% of attacks utilising this method.

Sources: [Silicon Republic] [The Hill]

Cyber Security is Crucial, but What is Risk and How do You Assess it?

Cyber security is an increasingly sophisticated game of cat and mouse, where the landscape is constantly shifting. Your cyber risk is the probability of negative impacts stemming from a cyber incident, but how do you assess risk?

One thing to understand is that there are a multitude of risks: risks from phishing, risks from insiders, risks from network attacks, risks of supply chain compromise, and of course, nation states. To understand risk, an organisation must first identify the information that it needs to protect, to avoid only learning of the information asset’s existence from a successful attacker. Once all assets are identified, then organisations should conduct risk assessments to identify threats and an evaluation the potential damage that can be done.

Sources: [Security Boulevard] [International Banker]

Governance, Risk and Compliance

• Cyber attacks cost financial firms $12bn says IMF (finextra.com)

• UK business falling short on cybersecurity warns government report (computing.co.uk)

• Half of UK Businesses Hit by Cyber Incident in Past Year - Infosecurity Magazine (infosecurity-magazine.com)

• 60% of small businesses are concerned about cyber security threats | Malwarebytes

• Cyber attacks on small businesses are on the rise - Marketplace

• What is cyber security risk & how to assess - Security Boulevard

• Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)

• Why Cyber Security Is More Crucial Today Than Ever Before (internationalbanker.com)

• Large cyber attack could cause 'cyber run' or market sell-offs, warns IMF - FStech Financial Sector Technology

• Why are many businesses turning to third-party security partners? - Help Net Security

• CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)

• Why incident response is the best cyber security ROI | CSO Online

• Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defence Program -  Security Week

• Privacy Versus Cyber – What is the Bigger Risk? | Jackson Lewis P.C. - JDSupra

• Large businesses struggle to tackle cyber threats (betanews.com)

• Resilience And Antifragility Are The Best Strategies For 2024 (forbes.com)

• The state of secrets security: 7 action items for better managing risk - Security Boulevard

• Board Oversight and Cyber Breach Response: What Involvement Strikes the Right Balance? | Alston & Bird - JDSupra

• Compliance & Cyber Security – Working and Worrying Together About the Intersection of People and Technology | NAVEX - JDSupra

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• Why cyberpsychology is such an important part of effective cyber security | CSO Online

• Cyber Security in the Evolving Threat Landscape (securityaffairs.com)

• How CISOs can make themselves ready to serve on the board | CSO Online

• CISOs Need A Data-Driven Approach To Offensive Security (forbes.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware surged 110pc last month, report claims (siliconrepublic.com)

• UK government urged to get on ‘forward foot’ with ransomware instead of ‘absorbing the punches’ (therecord.media)

• Ransomware attacks are the canaries in the cyber coal mine | The Hill

• Ransomware gang’s new extortion trick? Calling the front desk | TechCrunch

• Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware (darkreading.com)

• Ransomware group maturity should influence ransom payment decision - Help Net Security

• Proactive and Reactive Ransomware Protection Strategies - Security Boulevard

• How can the energy sector bolster its resilience to ransomware attacks? - Help Net Security

• CL0P's Ransomware Rampage - Security Measures for 2024 (thehackernews.com)

• Should You Pay a Ransomware Attacker? - Security Boulevard

• LockBit struggles to maintain relevance amid rise of impersonators and new ransomware groups - SiliconANGLE

• DragonForce Ransomware - What You Need To Know | Tripwire

• LockBit copycat DarkVault spurs rebranding rumour | SC Media (scmagazine.com)

• Ransomware payouts hit all-time high, but that’s not the whole story (securityintelligence.com)

Ransomware Victims

• Vet chain CVS hit by cyber attack | Evening Standard

• Second ransomware gang says it’s extorting Change Healthcare • The Register

• Targus says it is facing major cyber attack, global operations hit | TechRadar

• Optics giant Hoya hit with $10 million ransomware demand (bleepingcomputer.com)

• Panera Bread week-long IT outage caused by ransomware attack (bleepingcomputer.com)

Phishing & Email Based Attacks

• Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing (thehackernews.com)

• 74% of Employees Falling Victim to Phishing Attacks Hit With Disciplinary Actions; Egress Reveals | The Fintech Times

• Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)

• How malicious email campaigns continue to slip through the cracks - Help Net Security

• TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)

• Cyber Criminals Invade Inboxes: What Small Businesses Can Do (pymnts.com)

• Phishing Detection and Response: What You Need to Know - Security Boulevard

Other Social Engineering

• Cyber Criminals Target Victims Using Social Engineering Techniques (ic3.gov)

• Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)

• LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)

Artificial Intelligence

• UK Warned Of AI Misinformation Targeting 2024 Polls, Nation-State Hackers Raise Stakes - Microsoft (NASDAQ:MSFT) - Benzinga

• China is using generative AI to carry out influence operations (securityaffairs.com)

• What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru

• AI risks under the auditor's lens more than ever - Help Net Security

• Speed of AI development is outpacing risk assessment | Ars Technica

• AI and GDPR: How is AI being regulated? | TechTarget

• Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)

• LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)

• AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)

• How Artificial Intelligence Is Fuelling Incel Communities (yahoo.com)

2FA/MFA

• How Hackers Can Hijack 2FA Calls with Sneaky Call Forwarding (404media.co)

Malware

• Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing (thehackernews.com)

• From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware (thehackernews.com)

• Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)

• 1.2 million people fooled by fake MidJourney Facebook page used to spread malware — don’t fall for this | Tom's Guide (tomsguide.com)

• Sophisticated Latrodectus Malware Linked to 2017 Strain (inforisktoday.com)

• Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)

• Famous YouTube Channels Hacked to Distribute Infostealers - Infosecurity Magazine (infosecurity-magazine.com)

• Bing ad posing as NordVPN aims to spread SecTopRAT malware | SC Media (scmagazine.com)

• ScrubCrypt used to drop VenomRAT along with many malicious plugins (securityaffairs.com)

• Hackers Use Malware to Hunt Software Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Unit 42: Malware-initiated scanning attacks on the rise | TechTarget

• RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)

• Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files (thehackernews.com)

• Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)

• TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)

Mobile

• Our phones are under threat more than ever — but many of us still don't have mobile security protection | TechRadar

• Apple Warns of iPhone "Mercenary Attack" Across 92 Countries (cnet.com)

• The next wave of mobile threats - Help Net Security

Denial of Service/DoS/DDOS

• How Nation-State DDoS Attacks Impact Us All (darkreading.com)

• DDoS Protection Needs Detective and Preventive Controls (darkreading.com)

• French cities knocked offline by 'large-scale cyber attack' • The Register

Internet of Things – IoT

• Amazon Removes a Feature From Fire TVs Over Security Concerns | Cord Cutters News

• Over 90,000 LG Smart TVs may be exposed to remote attacks (bleepingcomputer.com)

• EV Charging Stations Still Riddled With Cyber Security Vulnerabilities (darkreading.com)

• UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO

• Hotel check-in terminal leaks rafts of guests' room codes • The Register

Data Breaches/Leaks

• Many of the world's biggest companies reported data breaches last year | TechRadar

• US Data Breach Reports Surge 90% Annually in Q1 - Infosecurity Magazine (infosecurity-magazine.com)

• 37% of publicly shared files expose personal information - Help Net Security

• Acuity confirms hackers stole non-sensitive govt data from GitHub repos (bleepingcomputer.com)

• Home Depot confirms third-party data breach exposed employee info (bleepingcomputer.com)

• AT&T now says data breach impacted 51 million customers (bleepingcomputer.com)

• DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)

• Taxi software vendor exposes personal details of nearly 300K • The Register

• Employee credentials leaked in Microsoft security lapse (techmonitor.ai)

Organised Crime & Criminal Actors

• Russia ranked biggest cyber crime threat to rest of the world | Tech News | Metro News

• Oxford research uncovers world cyber crime hotspots | thisisoxfordshire

• Cyber crooks poison GitHub search to fool developers | Computer Weekly

• Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Google sues crypto investment app makers over alleged massive "pig butchering" scam (bitdefender.com)

• Fugitive CEO at the center of 2022 crypto crash found liable for fraud | Cryptocurrencies | The Guardian

• Hackers deploy crypto drainers on thousands of WordPress sites (bleepingcomputer.com)

• RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)

Insider Risk and Insider Threats

• 74% of Employees Falling Victim to Phishing Attacks Hit With Disciplinary Actions; Egress Reveals | The Fintech Times

• Microsoft employees exposed internal passwords in security lapse | TechCrunch

• Insider Threats Surge Amid Growing Foreign Interference - Security Boulevard

Insurance

• US insurers using drones to deny home insurance policies • The Register

• Cyber Insurance: Sexy? No. Important? Critically yes. - Security Boulevard

Supply Chain and Third Parties

• Why a near-miss cyber attack put US officials and the tech industry on edge - The Japan Times

• DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)

• Combatting Supply Chain Cyber Threats: Safeguarding Data and Protecting Digital Supply Chains | Foley & Lardner LLP - JDSupra

Encryption

• How cryptographers finally cracked one of the Zodiac Killer’s hardest codes | Popular Science (popsci.com)

Linux and Open Source

• The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realize | Inc.com

• Supply chain attack sends shockwaves through open-source community | CyberScoop

• German state ditches Microsoft for Linux and LibreOffice | ZDNET

• Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch

• Who’s the bigger cyber security risk – Microsoft or open source? (reason.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Reusing passwords: The hidden cost of convenience (bleepingcomputer.com)

• Microsoft employees exposed internal passwords in security lapse | TechCrunch

• CISA says Sisense hack impacts critical infrastructure orgs (bleepingcomputer.com)

Social Media

• A TikTok Whistleblower Got DC’s Attention. Do His Claims Add Up? | WIRED

• 1.2 million people fooled by fake MidJourney Facebook page used to spread malware — don’t fall for this | Tom's Guide (tomsguide.com)

• Famous YouTube Channels Hacked to Distribute Infostealers - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)

• Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch

• Understanding CISA’s New Draft Rules for Cyber Attack Reporting | Morgan Lewis - Tech & Sourcing - JDSupra

• Spy Law Needs Fixing Now to Stop Overreach—Not a Backdoor Boost (bloomberglaw.com)

• AI and GDPR: How is AI being regulated? | TechTarget

• CISA: 300,000+ Small Entities Covered By Proposed Cyber Reporting Regs | MSSP Alert

• CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)

Models, Frameworks and Standards

• HIPAA Fundamentals for Providers | Tucker Arensberg, P.C. - JDSupra

• Process and Control Today | NIS2 – cyber security directive from the EU. Get ready! (pandct.com)

• DORA Compliance Checklist | UpGuard

Backup and Recovery

• Seven ways to be sure you can restore from backup | Computer Weekly

Data Protection

• 37% of publicly shared files expose personal information - Help Net Security

Careers, Working in Cyber and Information Security

• Want to make cyber security much stronger? Become a mentor | CSO Online

Law Enforcement Action and Take Downs

• Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)

Misinformation, Disinformation and Propaganda

• UK Warned Of AI Misinformation Targeting 2024 Polls, Nation-State Hackers Raise Stakes - Microsoft (NASDAQ:MSFT) - Benzinga

• State-backed cyber attacks, AI deepfakes: Top UK election cyber risks (cnbc.com)

• China is using generative AI to carry out influence operations (securityaffairs.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

• How Nation-State DDoS Attacks Impact Us All (darkreading.com)

• Foreign Interference Drives Record Surge in IP Theft - Infosecurity Magazine (infosecurity-magazine.com)

China

• A TikTok Whistleblower Got DC’s Attention. Do His Claims Add Up? | WIRED

• Chinese Groups Deploy New TTPs to Exploit Ivanti Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• China is using generative AI to carry out influence operations (securityaffairs.com)

• Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)

• Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)

• How China is Hacking America (newsweek.com)

• UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO

• China flooding Britain with fake stamps in act of 'economic warfare' (telegraph.co.uk)

Russia

• Germany to launch cyber military branch to combat Russian threats (therecord.media)

• US says Russian hackers stole federal government emails during Microsoft cyber attack | TechCrunch

• Macron: Russia will target Paris Olympics (insidethegames.biz)

• Cyber attack on TV channel BabyTV: Toddlers suddenly exposed to Russian propaganda | NL Times

• Czechia explains how Russia is trying to arrange sabotage on European railways | European Pravda (eurointegration.com.ua)

• Cyber security in 2023: Estonia's year of advanced threats (e-estonia.com)

• Oxford research uncovers world cyber crime hotspots | thisisoxfordshire

• Most cyber criminal threats are concentrated in just a few countries, new index shows (phys.org)

• Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Top Israeli spy chief exposes his true identity in online security lapse | Israel | The Guardian

• Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)

• Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (thehackernews.com)

• Apple mercenary spyware attack: Exclusive: Apple warns users of "mercenary spyware" attack; India, 91 other countries impacted - The Economic Times (indiatimes.com)

• Apple Warns of iPhone "Mercenary Attack" Across 92 Countries (cnet.com)

Vulnerability Management

• Zero-Day Attacks on the Rise: Google Reports 50% Increase in 2023 - Security Boulevard

• How exposure management elevates cyber resilience - Help Net Security

• Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits -  Security Week

• Hackers Use Malware to Hunt Software Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Unit 42: Malware-initiated scanning attacks on the rise | TechTarget

Vulnerabilities

• Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (thehackernews.com)

• Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products -  Security Week

• Chinese Groups Deploy New TTPs to Exploit Ivanti Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• SAP's April 2024 Updates Patch High-Severity Vulnerabilities -  Security Week

• Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers -  Security Week

• Two new bugs can bypass detection and steal SharePoint data | SC Media (scmagazine.com)

• New SharePoint flaws help hackers evade detection when stealing files (bleepingcomputer.com)

• Hackers Claiming of Working Windows 0-Day LPE Exploit (cybersecuritynews.com)

• Microsoft fixes five security vulnerabilities in Edge 123 - Neowin

• Cisco Warns of Vulnerability in Discontinued Small Business Routers -  Security Week

• Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)

• +16K Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 (securityaffairs.com)

• Over 92,000 exposed D-Link NAS devices have a backdoor account (bleepingcomputer.com)

• Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits -  Security Week

• Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (thehackernews.com)

• Intel and Lenovo servers impacted by 6-year-old BMC flaw (bleepingcomputer.com)

• Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)

• Fortinet Patches Critical RCE Vulnerability in FortiClientLinux -  Security Week

• Researchers Resurrect Spectre v2 Attack Against Intel CPUs -  Security Week

• AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)

• Severe Vulnerabilities Discovered in Software to Protect Internet Routing (prleap.com)

Tools and Controls

• Seven ways to be sure you can restore from backup | Computer Weekly

• Why incident response is the best cyber security ROI | CSO Online

• Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defence Program -  Security Week

• Improving Dark Web Investigations with Threat Intelligence | Recorded Future

• What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru

• What is cyber security risk & how to assess - Security Boulevard

• Your Guide to Threat Detection and Response - Security Boulevard

• Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)

• How exposure management elevates cyber resilience - Help Net Security

• Phishing Detection and Response: What You Need to Know - Security Boulevard

• The state of secrets security: 7 action items for better managing risk - Security Boulevard

• How Red Team Exercises Increases Your Cyber Health | Trend Micro (US)

• How Google’s 90-day TLS certificate validity proposal will affect enterprises - Help Net Security

Reports Published in the Last Week

• Cyber security breaches survey 2024 - GOV.UK (www.gov.uk)

Other News

• Third of charities experienced a cyber breach last year, government reports (civilsociety.co.uk)

• Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (thehackernews.com)

• OODA Loop - The Water Sector Is Being Threatened.  That Should Worry Everyone

• Anticipated Cyber Threats During the 2024 Olympics & How to Proactively Secure Your Business - Security Boulevard

• France Bracing for Cyber Attacks During Summer Olympics - The New York Times (nytimes.com)

• Risk & Repeat: Cyber Safety Review Board takes Microsoft to task | TechTarget

• The Baltimore Bridge Collapse Is a Warning | Proceedings - April 2024 Vol. 150/4/1,454 (usni.org)

• Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)

• Scandal and cyber security in Westminster | Crooked Media

• Financial sector cyber security at the helm of investor protection | Mint (livemint.com)

• US Health Dept warns hospitals of hackers targeting IT help desks (bleepingcomputer.com)

• Only 1% Singapore companies are “mature” in cyber threat readiness but 99% plan to increase their cyber security budget in the next 12 months - Singapore News (theindependent.sg)

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• Software-Defined Vehicle Fleets Face a Twisty Road on Cyber Security (darkreading.com)

• Independent Pharmacies Must Prioritize Cyber Security (drugtopics.com)

• Devious 'man in the middle' hacks on the rise: How to stay safe | PCWorld

• Top 10 Attacker Techniques: What do They Mean for MSSPs? | MSSP Alert

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Sharp Rise in SMB Cyber Attacks by Russia and China

SaaS Alerts, a cloud security company, unveiled the findings of its latest report which analysed approximately 136 million security events across 2,100 small and medium businesses (SMBs) globally and identified cyber trends negatively impacting businesses.

The findings of the report take into account security events occurring across more than 120,000 user accounts during the period of January 1st to December 31st, 2021 and shows that the vast majority of attacks on top SaaS platforms such as Microsoft 365, Google Workspace, Slack and Dropbox are originating from Russia and China. The data set is statistically significant and enables solution providers managing a portfolio of SaaS applications with pertinent data and trends to support defensive IT security re-alignments as required.

https://www.helpnetsecurity.com/2022/03/09/saas-security-events-smbs/

We're Seeing An 800% Increase in Cyber Attacks, Says One Managed Service Provider

Revenge and inflation are believed to be key drivers behind an 800 percent increase in cyber attacks seen by a single managed services provider since the days before the onset of Russia's invasion of Ukraine last month.

The attacks are coming not only from groups inside of Russia but also from elsewhere within the region as well from Russia allies like North Korea and Iran, historically sources of global cyber-threats.

The MSP serves about 2,400 companies around the world, most of them small businesses and midsize enterprises and most in North America. The MSP said it has seen the spike in cyber attacks throughout its customer base.

The sharp rise has been attributed to pro-Russian cyber criminal groups linked to nation states lashing out at countries – first Ukraine and then Western countries – angry at the sanctions being levelled against Russia. At the same time, the sharp inflation that is spreading around the world is also hitting hackers, who need to make money to keep up with rising costs.

https://www.theregister.com/2022/03/11/russia-invasion-cyber-war-rages/

Internet Warfare: How the Russians Could Paralyse Britain

The collapse of critical national infrastructure is a science fiction staple. Fifty years ago, actively switching off a country’s water and power networks would have required huge physical damage to power stations and the sources of those services. Today, however, many of the tools we use every day are connected to the internet.

All of those things now have remote access — and therefore, all of them could be vulnerable.

Ukraine has been blitzed by cyber attacks since the annexation of Crimea in 2014 and they have increased in the lead-up to the invasion. As Russia marched into Ukraine, British officials were concerned about “spillover” from any cyber offensives targeted thousands of miles away.

In today’s interconnected digital world, the reality is that distance from the conflict zone makes no difference.

As the West fears a cyber-reprisal, what would a successful attack look like in Britain — and how likely is a complete “network failure”?

https://www.thetimes.co.uk/article/russia-cyberattack-uk-what-would-happen-l3dt98dmb

Just 3% Of Employees Cause 92% Of Malware Events

A small group of employees is typically responsible for most of the digital risk in an organisation, according to new research.

The report, from cybersecurity company Elevate Security and cyber security research organisation Cyentia, also found that those putting their companies at risk from phishing, malware, and insecure browsing are often repeat offenders.

The research found that 4% of employees clicked 80% of phishing links, and 3% were responsible for 92% of malware events.

Four in five employees have never clicked on a phishing email, according to the research. In fact, it asserts that half of them never see one, highlighting the need to focus anti-phishing efforts on at-risk workers.

The malware that phishing and other attack vectors deliver also affects a small group of employees. The research found that 96% of users have never suffered from a malware event. Most malware events revolve around the 3% of users who suffered from two malware events or more, reinforcing the notion that security awareness messages just aren't getting through to some.

https://www.itpro.co.uk/security/malware/366011/just-3-of-employees-cause-92-of-malware-events

70% Of Breached Passwords Are Still in Use

A new report examines trends related to exposed data. Researchers identified 1.7 billion exposed credentials, a 15% increase from 2020, and 13.8 billion recaptured Personally Identifiable Information (PII) records obtained from breaches in 2021.

Through its analysis of this data, it was found that despite increasingly sophisticated and targeted cyber attacks, consumers continue to engage in poor cyber practices regarding passwords, including the use of similar passwords for multiple accounts, weak or common passwords and passwords containing easy-to-guess words or phrases connected to pop culture.

https://www.helpnetsecurity.com/2022/03/08/exposed-data-trends/

Organisations Taking Nearly Two Months to Remediate Critical Risk Vulnerabilities

Edgescan announces the findings of a report which offers a comprehensive view of the state of vulnerability management globally. This year’s report takes a more granular look at the trends by industry, and provides details on which of the known, patchable vulnerabilities are currently being exploited by threat actors.

The report reveals that organisations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time to remediate (MTTR) across the full stack set at 60 days.

High rates of “known” (i.e. patchable) vulnerabilities which have working exploits in the wild, used by known nation state and cybercriminal groups are not uncommon.

Crucially, 57% of all observed vulnerabilities are more than two years old, with as many as 17% being more than five years old. These are all vulnerabilities that have working exploits in the wild, used by known nation state and cybercriminal groups. Edgescan also observed a concerning 1.5% of known, unpatched vulnerabilities that are over 20 years old, dating back to 1999.

https://www.helpnetsecurity.com/2022/03/10/state-of-vulnerability-management/

Android Malware Escobar Steals Your Google Authenticator MFA Codes

The Aberebot Android banking trojan has returned under the name 'Escobar' with new features, including stealing Google Authenticator multi-factor authentication codes.

The new features in the latest Aberebot version also include taking control of the infected Android devices using VNC, recording audio, and taking photos, while also expanding the set of targeted apps for credential theft.

The main goal of the trojan is to steal enough information to allow the threat actors to take over victims' bank accounts, siphon available balances, and perform unauthorised transactions.

Like most banking trojans, Escobar displays overlay login forms to hijack user interactions with e-banking apps and websites and steal credentials from victims.

The malware also packs several other features that make it potent against any Android version, even if the overlay injections are blocked in some manner.

The authors have expanded the set of targeted banks and financial institutions to a whopping 190 entities from 18 countries in the latest version.

https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/

Smartphone Malware Is on The Rise - Here's How to Stay Safe

The volume of malware attacks targeting mobile devices has skyrocketed so far this year, cyber security researchers are saying.

A new report from security company Proofpoint claims that the number of detected mobile malware attacks has spiked 500% in the first few months of 2022, with peaks at the beginning and end of February.

Much of this malware aims to steal usernames and passwords from mobile banking applications, Proofpoint says. But some strains are even more sinister, recording audio and video from infected devices, tracking the victim's location, or exfiltrating and deleting data.

https://www.techradar.com/nz/news/smartphone-malware-is-coming-for-more-and-more-of-us

Russia May Use Ransomware Payouts to Avoid Sanctions’ Financial Harm

FinCEN warns financial institutions to be wary of unusual cryptocurrency payments or illegal transactions Russia may use to ease financial hurt from Ukraine-linked sanctions.

Russia may ramp up ransomware attacks against the United States as a way to ease the financial hurt it’s under due to sanctions, U.S. federal authorities are warning. Those sanctions have been levied against the nation and Vladimir Putin’s government due to its invasion of Ukraine.

The Financial Crimes Enforcement Network (FinCEN) issued a FinCEN Alert (PDF) on Wednesday advising all financial institutions to remain vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions related to the current conflict. One way this may be done is to move cryptocurrency funds through ransomware payments collected after Russian state-sponsored actors carry out cyberattacks.

“In the face of mounting economic pressure on Russia, it is vitally important for financial institutions to be vigilant about potential Russian sanctions evasion, including by both state actors and oligarchs,” said FinCEN Acting Director Him Das in a press statement.

https://threatpost.com/russia-ransomware-payouts-avoid-sanctions/178854/

How An 8-Character Password Could Be Cracked in Less Than an Hour

Security experts keep advising us to create strong and complex passwords to protect our online accounts and data from savvy cybercriminals. And “complex” typically means using lowercase and uppercase characters, numbers and even special symbols. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems.

As described in a recent report, Hive found that an 8-character complex password could be cracked in just 39 minutes if the attacker were to take advantage of the latest graphics processing technology. A seven-character complex password could be cracked in 31 seconds, while one with six or fewer characters could be cracked instantly. Shorter passwords with only one or two character types, such as only numbers or lowercase letters, or only numbers and letters, would take just minutes to crack.

https://www.techrepublic.com/article/how-an-8-character-password-could-be-cracked-in-less-than-an-hour/

Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance

Cyber insurance is a significant industry and growing fast — according to GlobalData, it was worth $7 billion in gross written premiums in 2020. The cyber-insurance market is expected to reach $20.6 billion by 2025. Over the past few years, the cyber-insurance market was competitive, so premiums were low and policies were comprehensive. Over the past year, that has changed — the volume of claims has gone up and led to more payouts, which affected the insurance companies' profitability.

The recent Log4j issue will affect how insurance and reinsurance companies write their policies in future. Already, we're seeing discussions about Log4j-related issues being excluded from reinsurance policies in 2022, as many policies came up for renewal on Dec. 31, 2021. This will affect the policies that insurance companies can offer to their customers.

What does this mean for IT security teams? For practitioners, it will make their work more important than before, as preventing possible issues would be more valuable to the business. Carrying out standard security practices like asset inventory and vulnerability management will be needed, while examining software bills of materials for those same issues will help on the software supply chain security side. These practices will also need to be highly automated, as business must be able to gain accurate insights within hours, not months, to deal with future threats while reducing the cost impact.

For those responsible for wider business risk, these developments around cyber insurance will present a more significant problem. Cyber-insurance policies will still be available — and necessary where needed — but the policies themselves will cover less ground. While the past few years had pretty wide-ranging policies that would pay out on a range of issues, future policies will deliver less coverage.

https://www.darkreading.com/risk/cyber-insurance-and-business-risk-how-the-relationship-is-changing-reinsurance-policy-guidance-

Security Teams Prep Too Slowly for Cyber Attacks

Attackers typically take days or weeks to exploit new vulnerabilities, but defenders are slow to learn about critical issues and take action, requiring 96 days on average to learn to identify and block current cyber threats, according to a new report analysing training and crisis scenarios.

The report, Cyber Workforce Benchmark 2022, found that cybersecurity professionals are much more likely to focus on vulnerabilities that have garnered media attention, such as Log4j, than more understated issues, and that different industries develop their security capabilities at widely different rates. Security professionals in some of the most crucial industries, such as transport and critical infrastructure, are twice as slow to learn skills compare to their colleagues in the leisure, entertainment, and retail sectors.

The amount of time it takes for security professionals to get up to speed on new threats matters. CISA says that patches should be applied within 15 days, sooner than that if the vulnerability is being exploited, says Kevin Breen, director of cyber threat research at Immersive Labs.

https://www.darkreading.com/risk/security-teams-prep-too-slowly-for-cyberattacks

Threats

Ransomware

• Inside Conti leaks: The Panama Papers of Ransomware - The Record by Recorded Future

• Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up... Sort Of - Check Point Research

• Oh, The Irony! Conti Ransomware Gang, Which Leaked Ransomware Victims’ Data, Has Its Own Data Leaked (grahamcluley.com)

• CISA Added 98 Domains To The Joint Alert Related To Conti Ransomware Gang - Security Affairs

• Ragnar Locker Ransomware - What You Need To Know (tripwire.com)

• Conti Ransomware Group Spent Millions In 2021 - IT Security Guru

• Ragnar Locker Ransomware Hits Critical Infrastructure • The Register

• Ukrainian Man Arrested for Alleged Role in Ransomware Attack on Kaseya, Others (darkreading.com)

• FBI: Ransomware Gang Breached 52 US Critical Infrastructure Orgs (bleepingcomputer.com)

• Alleged REvil Ransomware Hacker Extradited And Arraigned In Texas | CSO Online

• Bridgestone Americas Confirms Ransomware Attack, LockBit Leaks Data (bleepingcomputer.com)

Phishing & Email

• How Phishing Email Are Evading Email Security - MSSP Alert

• Watch Out For This Phishing Attack That Hijacks Your Email Chats To Spread Malware | ZDNet

• The Most Impersonated Brands In Phishing Attacks - Help Net Security

Malware

• Nvidia's Stolen Data Is Being Used To Disguise Malware As GPU Drivers | PC Gamer

• Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads | Threatpost

• Emotet Botnet Is Rapidly Growing, +130K Bots Spread Across 179 Countries - Security Affairs

• Raccoon Stealer Crawls Into Telegram | Threatpost

• All About the Bots: What Botnet Trends Portend for Security Pros | SecurityWeek.Com

Mobile

• Smartphone malware is on the rise, here's what to watch out for | ZDNet

• Samsung Confirms Hackers Stole Galaxy Devices Source Code (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Cyber Criminals Are Posing As Ukraine Fundraisers To Steal Cryptocurrency - CyberScoop

• Cyber Criminals Compromise Users With Malware Disguised As Pro-Ukraine Cyber Tools - Cisco Talos Intelligence Group

Cryptocurrency/Cryptomining/Cryptojacking

• Russians Liquidating Crypto In The UAE As They Seek Safe Havens | Reuters

Fraud, Scams & Financial Crime

• Consumers Worried About Digital Banking Security - Infosecurity Magazine (infosecurity-magazine.com)

• Shipping Fraud Quickly Emerging As One Of The Top Fraud Types - Help Net Security

Insurance

• The Cyber Insurance Market Needs More Money (hbr.org)

Supply Chain

• Major Tech Firms Launch Security First Initiative To Combat Third-Party Data Breaches - Help Net Security

DoS/DDoS

• Mitel VoIP Systems Used In Staggering DDoS Attacks • The Register

• In-The-Wild DDoS Attack Can Be Launched From A Single Packet To Create Terabytes Of Traffic | ZDNet

• Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers | Threatpost

• The Fight Against the Hydra: New DDoS Report from Link11 (darkreading.com)

• Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks (thehackernews.com)

Parental Controls and Child Safety

• Still Too Many Parents Don't Monitor Their Children's Online Activity - Help Net Security

Spyware, Espionage & Cyber Warfare

• ‘We are not ready’: a Cyber Expert on US Vulnerability to a Russian Attack | Cyberwar | The Guardian

• China-Aligned APT Renews Cyber Attack On European Diplomats, As War Rages | CSO Online

• European Lawmakers Launch Investigation Into Use Of Pegasus Spyware By EU States | TechCrunch

Nation State Actors

Nation State Actors - Russia

• Jump In Cyber Attacks Since Start Of Ukraine Invasion (rte.ie)

• Will Russian Oil Ban Spur Increased Cyber-Attacks (trendmicro.com)

• Russia to Create Its Own Security Certificate Authority, Alarming Experts - CyberScoop

• Russian APTs Furiously Phish Ukraine – Google | Threatpost

• Russia Mulls Legalizing Software Piracy As It’s Cut Off From Western Tech | Ars Technica

• Ukrainian IT Army Hijacked by Infostealing Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks (thehackernews.com)

• French Bank Denies Access to Russian Workforce - Infosecurity Magazine (infosecurity-magazine.com)

• New RURansom Wiper Targets Russia (trendmicro.com)

• Anonymous & its Affiliates Hacked 90% of Russian Misconfigured Databases (hackread.com)

• Anonymous Claims to Have Leaked Over 360,000 Files From Russian Federal Agency - Infosecurity Magazine

Nation State Actors - China

• Chinese Phishing Actors Consistently Targeting EU Diplomats (bleepingcomputer.com)

• Comment: Chinese Spies Hacked A Livestock App To Breach US State Networks - Information Security Buzz

• Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant (thehackernews.com)

Nation State Actors – North Korea

• Targeted APT Activity: BABYSHARK Is Out for Blood - MSSP Alert

Nation State Actors - Iran

• Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign (thehackernews.com)

Vulnerabilities

• Linux Has Been Bitten By Its Most High-Severity Vulnerability In Years | Ars Technica

• High Rates Of Known, Exploitable Vulnerabilities Still Found In The Wild, Report Reveals - IT Security Guru

• Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday | Threatpost

• New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs (thehackernews.com)

• Google Attempts to Explain Surge in Chrome Zero-Day Exploitation | SecurityWeek.Com

• “Dirty Pipe” Linux Kernel Bug Lets Anyone Write To Any File – Naked Security (sophos.com)

• Microsoft Azure Flaw Allowed Unauthorized Account Access • The Register

• Intel, AMD, Arm Warn Of New Speculative Execution CPU Bugs (bleepingcomputer.com)

• Adobe Patches 'Critical' Security Flaws in Illustrator, After Effects | SecurityWeek.Com

• Up to 30% of WordPress Plugin Bugs Don't Get Patched - IT Security Guru

• Within Hours of the Log4j Flaw Being Revealed, These Hackers Were Using It | ZDNet

• Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape | Threatpost

• Microsoft Warns of Spoofing Vulnerability in Defender for Endpoint | SecurityWeek.Com

• Microsoft Fixes Critical Azure Bug That Exposed Customer Data (bleepingcomputer.com)

• Researchers Disclose New Spectre V2 Vulnerabilities (techtarget.com)

• Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices (thehackernews.com)

• Over 40% of Log4j Downloads Are Vulnerable Versions of the Software (darkreading.com)

• HP Patches 16 UEFI Firmware Bugs Allowing Stealthy Malware Infections (bleepingcomputer.com)

• Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses (thehackernews.com)

Sector Specific

Health/Medical/Pharma Sector

• Medical and IoT Devices From More Than 100 Vendors Vulnerable to Attack (darkreading.com)

• Oklahoma Hospital Data Breach Impacts 92,000 People - Infosecurity Magazine

Transport and Aviation

• Finnish Govt Agency Warns Of Unusual Aircraft GPS Interference (bleepingcomputer.com)

Automotive

• Small Business Owners Worried About The Cyber Security Of Their Commercial Vehicles - Help Net Security

CNI, OT, ICS, IIoT and SCADA

• ICS Vulnerability Disclosures Surge 110% Over The Last Four Years - Help Net Security

• New Security Threats Target Industrial Control And OT Environments - CyberScoop

Reports Published in the Last Week

• 2022 Vulnerability Statistics Report - Edgescan

• Pinpoint the Origins of Workforce Risk - Elevate Security

Other News

• Why You Should Be Using CISA's Catalog of Exploited Vulns (darkreading.com)

• How Attackers Sidestep The Cyber Kill Chain | CSO Online

• How to Combat the No. 1 Cause of Security Breaches: Complexity (darkreading.com)

• Every Business Is A Cyber Security Business - Help Net Security

• Operationalising a “Think Like The Enemy” Strategy | CSO Online

• SpaceX Shifts Resources To Cyber Security To Address Starlink Jamming - SpaceNews

• Report: Cyber Security Teams Need Nearly 100 Days To Develop Threat Defenses | VentureBeat

• 6 Potential Enterprise Security Risks With NFC Technology (techtarget.com)

• BBC Targeted With 383,278 Spam, Phishing And Malware Attacks Every Day - Help Net Security

• Ubisoft Says It Experienced A ‘Cyber Security Incident’, And The Purported Nvidia Hackers Are Taking Credit - The Verge

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.