Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Active Phishing Campaigns Targeting Office 365, Another Forcing Remote Management Software Downloads

Proofpoint have released an alert relating to an active hacking operation in which cyber criminals are employing phishing traps and shared Office 365 documents to steal credentials. Hackers have been threading together credential phishing and account takeover (ATO) tactics to gain access to enterprise resources, with multiple organisations already hit. One of the identified methods in use involves attackers inserting links that direct users to click to view a document. This subsequently links them to a phishing page controlled by the attacker.

In another currently active phishing campaign, threat actors are targeting potential victims via email and SMS, with personalised content to match victim roles within their organisation. But instead of phishing for information directly, they are convincing victims to download remote monitoring and management software. Victims were directed to newly registered websites mimicking various financial institutions and asked to download a “live chat application”, which turned out to be an old version of AnyDesk. Once downloaded, the software would then allow full access to victim’s machine and network resources.

Sources: [Verdict] [Help Net Security]

Cyber Security is Your Defensive Strategy, Cyber Resilience is Your Business

A cyber attack is a matter of when, not if, and as such businesses must prepare for such an event happening to them. Whilst cyber security aims to defend the organisation, cyber resilience is about ensuring that your digital operations, which are the heart of your organisation, can withstand and quickly recover from any cyber attack, technical malfunction, or even deliberate tampering. If we think back to Covid, a lot of organisations suddenly had to adapt, to ensure that they could function as close to normal as possible. How many have tested their organisation’s ability to continue work since, or prepared for a loss of access to critical systems for an extended period of time? It’s the cyber resilient organisations that know they’ve made the right investments to significantly reduce the risk of their operations grinding to a halt.

Source: [Security Brief]

Leveraging Threat Intelligence for Regulatory Compliance

The collective improvement of cyber security is a high international priority and a wealth of EU legislation, such as NIS2 and the Digital Operational Resilience Act (DORA) is in the pipeline, to oblige organisations to understand and manage their cyber risks appropriately. As part of these regulations, threat intelligence is often a feature that can be leveraged to improve cyber resilience.

Threat intelligence can be collected from a variety of sources such as governmental advisories, dark web monitoring, private sector feeds, intelligence-sharing communities and open source information. The key for organisations is to be able to digest this, and apply it accordingly to their specific organisation, to improve their cyber resilience efforts.

Black Arrow provides weekly threat intelligence free of charge through our online blog and weekly subscription summary email. To sign up, visit https://www.blackarrowcyber.com/subscribe

Source: [BetaNews]

The Risks of Quishing and How Enterprises Can Stay Secure

QR codes have surged in popularity in the past two years, mainly due to their convenient and touchless features that streamline daily transactions, making it easy for users to scan and access information quickly. However, this surge in popularity has also caught the attention of cyber criminals, who exploit QR codes to perpetrate phishing attacks, known as "quishing." Attackers use tactics, such as disguising malicious QR codes in seemingly legitimate contexts; these pose substantial risks, leading to compromised personal and corporate data, financial loss, and reputational damage. Organisations must prioritise understanding and fortifying defences against quishing, as these attacks pose significant risks to both individuals and organisations. By educating employees on discerning phishing attempts, enforcing device security measures, and leveraging specialised solutions, organisations can bolster their resilience against QR code-based cyber threats and safeguard their digital assets effectively.

Source: [Zimperium]

Phishing Attacks Increased 106% Year Over Year as 91% of Organisations Impacted by AI-enhanced Phishing Attacks

A recent report found that phishing attempts increased 106% year on year, with malware detections up 40%. In a separate report on phishing, it was found that 91% of organisation were impacted by AI-enhanced phishing attacks. Such numbers reinforce the reason for organisations to implement effective phishing training, and this should include training regarding AI-enhanced phishing emails.

Sources: [The Fintech Times] [Security Magazine]

Microsoft and OpenAI Warn State-backed Threat Actors are Using AI En Masse to Wage Cyber Attacks

Microsoft has released a report detailing how prominent state-linked actors are using generative AI to enhance their attack methods. Russian, North Korean, Iranian, and Chinese-backed threat actors are attempting to use generative AI to inform, enhance, and refine their attacks, according to the report. It’s clear that AI is a double-edged sword, and organisations must implement processes to reduce their risk and increase their resilience to it.

Source: [ITPro]

Cyber Risk Management: Bring Security to the Boardroom

Organisations are facing the dual challenge of managing business risk and aligning with ever-expanding cyber security goals; as such, the need for a robust cyber risk management strategy is more critical than ever. This calls for organisations to effectively communicate their security posture to the board with relevant metrics.

Engaging the board requires a strategic approach, emphasising clear communication and contextual visibility. Board members are already increasingly recognising the impact of poor security on an organisation’s reputation, budget, and overall well-being; it is essential to translate security concerns into tangible metrics that resonate with the board. Real-time metrics, alignment with business goals, and educating the board on cyber security nuances can help build the foundation for such a strategy.

Source: [Trend Micro]

Trustees Open to Cyber Risks by Not Responding to NCSC Reporting Changes

Recent changes in the National Cyber Security Centre's (NCSC) threat reporting framework have prompted a call to action for pension scheme advisors.

Cyber security has fast become one of the biggest threats to pension schemes. Data breeches, scamming, ransomware, fraud: these have all become the stuff of trustee nightmares. And the sophistication of those threats is evolving rapidly, so it is important that schemes stay as far ahead of them as possible with comprehensive and proactive defence measures. It’s also imperative to check-in regularly with advisors that their measures are robust, and ensure that reports are undertaken frequently to demonstrate progression of mitigation of all vulnerabilities. A onetime spot check is simply not enough in this environment.

Source: [The HR Director]

Nation State Actors Intensify Focus on NATO Member States

The head of threat research and analysis at Google Cloud has highlighted that nation state actors consider cyber warfare as another tool in their box, noting the current ongoing cyber warfare between Russia and Ukraine. Separate reports have found that the cyber war has extended to NATO member states, with initial access brokers (individuals who sell credentials to organisations) increasingly targeting entities within NATO member states.

Sources: [Help Net Security] [World Economic Forum ] [Inforisktoday] [Help Net Security]

Governance, Risk and Compliance

• The ROI of Investing in Cyber Security - Security Boulevard

• Leveraging threat intelligence for regulatory compliance (betanews.com)

• Getting a grip on cyber resilience – PublicTechnology

• It's Time to Rethink Third-Party Risk Assessment (darkreading.com)

• Cyber Risk Management: Bring Security to the Boardroom (trendmicro.com)

• A changing world requires CISOs to rethink cyber preparedness | CSO Online

• Cyber Security teams recognized as key enablers of business goals - Help Net Security

• 26 Cyber Security Stats Every User Should Be Aware Of in 2024 (securityaffairs.com)

• Cyber Security's Transformative Shift (darkreading.com)

• Fortifying Businesses Against Modern Information Threats (forbes.com)

• Executives must face down state-sponsored hacking groups targeting firmware | Computer Weekly

• Do you have a cyber security comms plan? | PR Week

• Cyber Security is your defensive strategy, cyber resilience is your business (securitybrief.co.nz)

• Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• New macOS Backdoor Linked to Prominent Ransomware Groups - SecurityWeek

• Ransomware tactics evolve, become scrappier - Help Net Security

• Rhysida Ransomware Cracked, Free Decryption Tool Released (thehackernews.com)

• Resiliency to ransomware | Professional Security

• Dual Ransomware Attacks: A Quicker Route to Extortion - Security Boulevard

• How To Prepare For A Ransomware Attack (forbes.com)

• 2023 Ransomware Attack Report - Security Boulevard

• The State of Ransomware in 2023 | BlackFog

• Cyber Security firm Check Point reports an increase in wiper-ware attacks amid geopolitical uncertainty - The Economic Times (indiatimes.com)

Ransomware Victims

• Ransomware Groups Claim Hits on Hyundai Motor Europe and a California Union (darkreading.com)

• Cyber Attack hits Swedish cloud provider Advania, healthcare services impacted | Cybernews

• Ransomware Attack Takes 100 Hospitals Offline (forbes.com)

• PR industry affected as media monitoring firm Onclusive hit by cyber attack | PR Week

• German battery maker Varta says five plants hit by cyber attack - CNA (channelnewsasia.com)

• UK utility giant Southern Water says hackers stole personal data of hundreds of thousands of customers | TechCrunch

• The Southern Water cyber attack highlights the wave of threats faced by utilities companies | ITPro

Phishing & Email Based Attacks

• 91.1% of Organisations Impacted by AI-Enhanced Phishing Attacks, Acronis Reports | The Fintech Times

• VIPRE Security Group's Annual Email Threat Landscape Shows Advanced Methods Needed for Security (prnewswire.com)

• Corporate users getting tricked into downloading AnyDesk - Help Net Security

• Phishing attacks increased 106% year over year | Security Magazine

• Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge - Help Net Security

• Remote Monitoring & Management software used in phishing attacks | Malwarebytes

• What Is Phishing? Understanding Cyber Attacks (forbes.com)

• How are attackers using QR codes in phishing emails and lure documents? (talosintelligence.com)

• Threat actors in phishing campaign targeted at Office 365 (verdict.co.uk)

• 2023 Year in Review: Phishing Attacks and Trends (vadesecure.com)

• London police block 43 crypto phishing web domains (cointelegraph.com)

• This new Android feature could help save you from phishing and malware – here's how | TechRadar

Other Social Engineering

• The War for Headspace: NextGen cyberattacks aim to manipulate people’s minds  | SC Media (scmagazine.com)

• 4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)

• QR code attacks target organizations in ways they least expect - Help Net Security

• QR Phishing. Fact or Fiction? | Pen Test Partners

• The Risks of Quishing and How Enterprises Can Stay Secure - Zimperium

Artificial Intelligence

• Deepfake CFO Video Calls Result in $25MM in Damages (trendmicro.com)

• 91.1% of Organisations Impacted by AI-Enhanced Phishing Attacks, Acronis Reports | The Fintech Times

• Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)

• Microsoft and OpenAI warn state-backed threat actors are using generative AI en masse to wage cyber attacks | ITPro

• 55% of Generative AI Inputs Include Sensitive Data: Menlo Security - Security Boulevard

• We're at a Pivotal Moment for AI and Cyber Security (darkreading.com)

• Deepfake Democracy: AI Technology Complicates Election Security (darkreading.com)

• Tech Companies Turned Ukraine Into an AI War Lab | TIME

• Deepfake threats are on the rise - new research shows worrying rise in dangerous new scams | TechRadar

• Cyber criminals get productivity boost with AI - Help Net Security

• Stolen Face ID scans used to break into bank accounts • The Register

• AI outsourcing: A strategic guide to managing third-party risks - Help Net Security

• The Coming End of Biometrics Hastens AI-Driven Security - Security Boulevard

• Rental scams could soar as AI spreads, warns industry... (lettingagenttoday.co.uk)

• Cyber Security Threats: How To Fight AI With AI (forbes.com)

• The rise of AI threats and cyber security: predictions for 2024 | World Economic Forum (weforum.org)

2FA/MFA

• MFA isn't always keeping businesses safe from cyber attack | TechRadar

• 4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)

• Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA | Ars Technica

Malware

• RustDoor malware targets macOS users by posing as a Visual Studio Update - gHacks Tech News

• Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea (thehackernews.com)

• VexTrio network of hijacked websites used to spread malware • The Register

• Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks (darkreading.com)

• Suspected Warzone RAT hackers arrested | SC Media (scmagazine.com)

• From Cracked to Hacked: Malware Spread via YouTube Videos (cybereason.com)

• Apple Mac computers are not virus proof: The myth (qz.com)

• Bumblebee malware attacks are back after 4-month break (bleepingcomputer.com)

• Hackers used new Windows Defender zero-day to drop DarkMe malware (bleepingcomputer.com)

• Glupteba Botnet Adds UEFI Bootkit to Cyber Attack Toolbox (darkreading.com)

• Understanding the tactics of stealthy hunter-killer malware - Help Net Security

• Water Hydra’s Zero-Day Attack Chain Targets Financial Traders - Infosecurity Magazine (infosecurity-magazine.com)

• Miscreants turn to ad tech to measure malware metrics • The Register

• New Qbot malware variant uses fake Adobe installer popup for evasion (bleepingcomputer.com)

• “TicTacToe Dropper” Malware Distribution Tactics Revealed - Infosecurity Magazine (infosecurity-magazine.com)

• This new Android feature could help save you from phishing and malware – here's how | TechRadar

Mobile

• Stolen Face ID scans used to break into bank accounts • The Register

• Google Chrome Warning Suddenly Issued For All Android Users (forbes.com)

• Russian banks beat App Store Review using fake apps (appleinsider.com)

• Meta brushes off risk of account theft via number recycling • The Register

• This new Android feature could help save you from phishing and malware – here's how | TechRadar

Denial of Service/DoS/DDOS

• Cyber Security sectors adjust as DDoS attacks reach new heights - Help Net Security

• How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack | Google Cloud Blog

• Telecoms was the most targeted sector for DDoS attacks in 2023

• Average DDoS Attack Cost Businesses Nearly Half a Million Dollars in 2023, According to New Zayo Data | Business Wire

• DDoS Hacktivism is Back With a Geopolitical Vengeance - SecurityWeek

Internet of Things – IoT

• Canada to ban the Flipper Zero to stop surge in car thefts (bleepingcomputer.com)

• How secure is your security camera? Hackers can spy on cameras through walls, new research finds (techxplore.com)

Data Breaches/Leaks

• Bank of America warns customers of data breach after vendor hack (bleepingcomputer.com)

• Caravan club admits members' personal data possibly accessed • The Register

• DOD notifying people who may be impacted by a year-old data breach | DefenseScoop

• Southern Water Notifies Customers and Employees of Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• The Southern Water cyber attack highlights the wave of threats faced by utilities companies | ITPro

• 200,000 Facebook Marketplace user records leaked on hacking forum (bleepingcomputer.com)

• Prudential says hackers gained access to its computer systems | The Star

• Verizon Breach – Malicious Insider or Innocuous Click? - IT Security Guru

• Thousands of DoD personnel may have had their private data leaked — US government admits 20,000 could be affected | TechRadar

• Hackers got nearly 7 million people’s data from 23andMe. The firm blamed users in ‘very dumb’ move | Hacking | The Guardian

• DNA testing: What happens if your genetic data is hacked? - BBC Future

• BMW security error left valuable private company data exposed online | TechRadar

Organised Crime & Criminal Actors

• 5 Things Movies Always Get Wrong About Computer Hackers (slashgear.com)

• 9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data (securityaffairs.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• London police block 43 crypto phishing web domains (cointelegraph.com)

Insider Risk and Insider Threats

• Verizon Breach – Malicious Insider or Innocuous Click? - IT Security Guru

• Insider threat greatest mid-market cyber security concern - CIR Magazine

Supply Chain and Third Parties

• Bank of America warns customers of data breach after vendor hack (bleepingcomputer.com)

• It's Time to Rethink Third-Party Risk Assessment (darkreading.com)

• Jet engine dealer to major airlines discloses cyber snafu • The Register

• AI outsourcing: A strategic guide to managing third-party risks - Help Net Security

• 6 best practices for third-party risk management | CSO Online

• Software security debt piles up for organisations even as critical flaws drop | CSO Online

Cloud/SaaS

• Threat actors in phishing campaign targeted at Office 365 (verdict.co.uk)

• Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA | Ars Technica

• Benefits and challenges of managed cloud security services | TechTarget

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (thehackernews.com)

Encryption

• Beating Bitlocker In 43 Seconds | Hackaday

Social Media

• Inside X's content moderation dilemma | Fortune

• 20 Years of Facebook, but Trust in Social Media Remains Rock Bottom - Infosecurity Magazine (infosecurity-magazine.com)

• Meta brushes off risk of account theft via number recycling • The Register

• 200,000 Facebook Marketplace user records leaked on hacking forum (bleepingcomputer.com)

Malvertising

• Hackers Exploit Ad Tools to Track Victims, Boosting Scam Efforts (bloomberglaw.com)

Training, Education and Awareness

• The importance of security training in the zero trust era (betanews.com)

Regulations, Fines and Legislation

• Security experts: Investigatory powers plans will delay security updates | Computer Weekly

• FCC orders telecom carriers to report PII data breaches within 30 days (bleepingcomputer.com)

• When it comes to the new SEC ‘materiality’ rules, assume that OT and IoT breaches qualify | SC Media (scmagazine.com)

• A Quick Roadmap to NIS2 Directives - Security Boulevard

Models, Frameworks and Standards

• Benefits And Cautions Of Aligning With Cyber Security Frameworks (forbes.com)

• Key strategies for ISO 27001 compliance adoption - Help Net Security

• A Quick Roadmap to NIS2 Directives - Security Boulevard

Data Protection

• PII Input Sparks Cyber Security Alarm in 55% of DLP Events - Infosecurity Magazine (infosecurity-magazine.com)

• How companies are misjudging their data privacy preparedness - Help Net Security

Careers, Working in Cyber and Information Security

• UK cyber skills gap risk to businesses and national security | TechRadar

• Higher education offers limited benefit to many infosec pros | SC Media (scmagazine.com)

• We can’t risk losing staff to alert fatigue - Help Net Security

Law Enforcement Action and Take Downs

• London Underground Is Testing Real-Time AI Surveillance Tools to Spot Crime | WIRED

Misinformation, Disinformation and Propaganda

• Why we fall for fake news and how can we change that? - Help Net Security

• France uncovers a vast Russian disinformation campaign in Europe (economist.com)

• Deepfake Democracy: AI Technology Complicates Election Security (darkreading.com)

• Kremlin dismisses Europe's warnings about 'Russian propaganda' | Reuters

• Cyber threats cast shadow over 2024 elections - Help Net Security

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)

• Microsoft and OpenAI warn state-backed threat actors are using generative AI en masse to wage cyber attacks | ITPro

• Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years - SecurityWeek

• Cyber Arms Control and Global Security (greydynamics.com)

• Rise in cyberwarfare tactics fueled by geopolitical tensions - Help Net Security

• Threat actors intensify focus on NATO member states - Help Net Security

Nation State Actors

China

• Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)

• Ukraine claims Russia uses its cooperation with China to carry out cyber attacks | International | EL PAÍS English (elpais.com)

• Microsoft and OpenAI warn state-backed threat actors are using generative AI en masse to wage cyber attacks | ITPro

• US Official Warns of China’s Growing Offensive Cyber Power – The Diplomat

• China Targets US Hacking Ops in Media Offensive - Infosecurity Magazine (infosecurity-magazine.com)

• Explainer: what is Volt Typhoon and why is it the ‘defining threat of our generation’? | Hacking | The Guardian

• Hackers are lying low in networks to wage critical infrastructure attacks - here’s how they do it | ITPro

• Threat actors intensify focus on NATO member states - Help Net Security

• Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years - SecurityWeek

• Top US Venture Firms Funded Blacklisted Chinese Companies, House Committee Says | Mint

Russia

• Microsoft and OpenAI thwart AI use by state-affiliated hackers (geekwire.com)

• Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)

• Russia Continues to Focus on Cyber Operations and Espionage (inforisktoday.com)

• Russian banks beat App Store Review using fake apps (appleinsider.com)

• Ukraine claims Russia uses its cooperation with China to carry out cyber attacks | International | EL PAÍS English (elpais.com)

• France uncovers a vast Russian disinformation campaign in Europe (economist.com)

• Kremlin dismisses Europe's warnings about 'Russian propaganda' | Reuters

• The methods of Russian interference in Scottish politics (ukdefencejournal.org.uk)

• Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor (thehackernews.com)

• Tech Companies Turned Ukraine Into an AI War Lab | TIME

Iran

• How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)

• Iranian cyber attacks targeting US and Israeli entities | TechTarget

North Korea

• How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)

• Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea (thehackernews.com)

• North Korea turns to designing gambling websites for cash • The Register

• North Korea successfully hacks email of South Korean President's aide, gains access to sensitive information (bitdefender.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Striking the Right Balance: How to Publicly Attribute a Cyber Operation to Another State | directions blog

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (thehackernews.com)

Vulnerability Management

• Security experts: Investigatory powers plans will delay security updates | Computer Weekly

• Seeing is Believing… and Securing - SecurityWeek

• Three critical application security flaws scanners can’t detect (bleepingcomputer.com)

Vulnerabilities

• Over 13,000 Ivanti gateways vulnerable to actively exploited bugs (bleepingcomputer.com)

• Zoom stomps critical privilege escalation bug, 6 other flaws • The Register

• Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS Devices (thehackernews.com)

• Some Canon printers have seven critical security vulnerabilities — i-Sensys printer vulns rank at 9.8 severity | Tom's Hardware (tomshardware.com)

• Hackers used new Windows Defender zero-day to drop DarkMe malware (bleepingcomputer.com)

• ESET Patches High-Severity Privilege Escalation Vulnerability - SecurityWeek

• CISA: Roundcube email server bug now exploited in attacks (bleepingcomputer.com)

• Urgent patches available for QNAP vulnerabilities, one 0-day • The Register

Tools and Controls

• The ROI of Investing in Cyber Security - Security Boulevard

• Leveraging threat intelligence for regulatory compliance (betanews.com)

• Serious Vulnerability in the Internet Infrastructure / Fundamental design flaw in DNSSEC discovered (prleap.com)

• Remote Monitoring & Management software used in phishing attacks | Malwarebytes

• Getting a grip on cyber resilience – PublicTechnology

• It's Time to Rethink Third-Party Risk Assessment (darkreading.com)

• Do you have a cyber security comms plan? | PR Week

• MFA isn't always keeping businesses safe from cyber attack | TechRadar

• Understand the pros and cons of enterprise password managers | TechTarget

• Beating Bitlocker In 43 Seconds | Hackaday

• 4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)

• This botched migration shows why you need to deal with legacy tech | ZDNET

• How purple teaming enhances inter-team collaboration and effectiveness in cyber security - Help Net Security

• Benefits and challenges of managed cloud security services | TechTarget

• PII Input Sparks Cyber Security Alarm in 55% of DLP Events - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Steps to Improve Your Security Posture in Microsoft Teams (bleepingcomputer.com)

• No Security Scrutiny for Half of Major Code Changes: AppSec Survey - SecurityWeek

• 10 Security Metrics Categories CISOs Should Present to the Board (darkreading.com)

• Three critical application security flaws scanners can’t detect (bleepingcomputer.com)

• What is Threat Detection and Incident Response? - Security Boulevard

Reports Published in the Last Week

• VIPRE Security Group’s Annual Email Threat Landscape Research Shines Light on the Advanced Methods Needed to Secure Corporate Email Environment in 2024 - VIPRE

• 2023 Year in Review: Phishing Attacks and Trends (vadesecure.com)

• HP Wolf Security Threat Insights Report Q4 2023 | HP Wolf Security

• The State of Ransomware in 2023 | BlackFog

Other News

• Trustees open to cyber risks by not responding to NCSC reporting changes | theHRD (thehrdirector.com)

• Top 5 Cyber security Concerns for HR Professionals: How to Safeguard Your Organisation | The HR World

• This botched migration shows why you need to deal with legacy tech | ZDNET

• Cyber attacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn - SecurityWeek

• What is Threat Detection and Incident Response? - Security Boulevard

• Hackers are lying low in networks to wage critical infrastructure attacks - here’s how they do it | ITPro

• How Non-Profits and NGOs Deal with Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Here's how we get young people to rally for cyber security | World Economic Forum (weforum.org)

• Types of Cyber security Threats and Vulnerabilities - Security Boulevard

• Hacking the flow: The consequences of compromised water systems - Help Net Security

• Dutch insurers still requiring nudes from cancer patients • The Register

• Cyber threats to marketing | Kaspersky official blog

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling·        

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.