Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable

The best defence against a ransomware attack is assuming it will happen before it does.  Research by Visa Inc found that ransomware continues to rapidly rise. One of the main factors is the use of AI services to mass produce highly personalised and plausible emails. The second is the proliferation of highly professional do-it-yourself ransomware kits, which frequently come with 24/7 tech support. These two factors drastically lower the skill level required for cyber criminals to successfully pull off an attack.

Another new ransomware trend is “dual ransomware attacks”. This is where criminals carry out two or more attacks in close proximity of each other, ranging between 48 hours to a maximum of 10 days. With an 80% chance of re-attack, small and medium sized businesses in hard-hit industries including healthcare and manufacturing are primary targets; organisations must be extra vigilant as the holidays approach because this is when cyber criminals are most likely to attack.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [Venture Beat] [SC Media] [Help Net Security] [Infosecurity Magazine] [Help Net Security] [Tech Crunch]

Are You and Your Clients Soft Targets?

Cyber attacks are not a matter of "if" but "when," and the question you need to ask yourself is, ‘Are you a soft target?’. A soft target is a network or organisation that is relatively unprotected or vulnerable to cyber attacks.

You may feel confident in your ability to recover from an attack, but if you've never thoroughly tested your backup and recovery procedures, and when the time comes you find that it does not work, the result will leave you more likely to pay a ransom in an encryption based ransomware scenario. Reliance on legacy antivirus, which often fails to detect modern threats, can also render your network a soft target. Additionally, the absence of a rigorous vulnerability scanning and patching process leaves vulnerabilities undiscovered, and attackers are quick to exploit them. If you rely solely on prevention measures like firewalls and endpoint protection platforms, you are making yourself an appealing soft target for cyber criminals.

No organisation is entirely immune to cyber attacks. The key to defending you and your client's information effectively is to anticipate attacks, understand your security posture, recognise potential adversaries, and recover correctly in the event of an attack.

Source: [MSSP Alert]

Cyber Attacks Cause Revenue Losses in 42% of Small Businesses

Small businesses may be discouraged from investing in preventive cyber security measures due to the expense involved and the mistaken belief that only larger companies are the target of cyber crimes. However, according to a recent report nearly 8 in 10 small business leaders admit they are anxious about the safety of their company’s sensitive data and information. The report found that employee and customer data continue to be the most impacted categories of information in data breaches with 42% of small businesses losing revenue due to a cyber event.

The widespread use of internet-connected devices has given rise to a substantial surge in threat actors targeting small and medium-sized businesses, with malware, phishing and botnets being the most common threats. Daily malware activity has doubled year over year, and peaks in holiday seasons.

Sources: [Help Net Security] [Security Magazine] [Help Net Security] [JDSupra]

Executives May be The Biggest Risk to Your Business as One in Five Share Work Passwords Outside the Company

According to a recent report, nearly half (49%) of C-level executives have requested to bypass one or more security measures in the past year, highlighting a concerning disparity between what business leaders say about cyber and what they do. The research reported one in five sharing their work password with someone outside the company, 77% using easy-to-remember passwords including birth dates, and a third admitting to accessing unauthorised files and data with nearly two-thirds having the ability to edit those files/data.

Additionally, the C-suite was found to be more than three times as likely than regular users to share work devices with unauthorised users. An essential approach to reducing the risks is a tailored training programme that enables all users, including the C-suite, to understand the objective of security controls and the risks caused by bypassing them. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.

Sources: [Infosecurity Magazine] [Tech Radar] [Security Magazine] [Help Net Security]

Organisations Can Only Stop 57 Percent of Cyber Attacks

According to a report from Tenable, over the last two years, the average organisation's cyber security program was prepared to preventatively defend against, or block, just 57 percent of the cyber attacks it encountered. The report found that 58% of respondents focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. This is put down largely to a struggle to obtain an accurate picture of their attack surface. When it came to risks, 75% viewed cloud infrastructure as the greatest source of exposure risk in their organisation.

Source: [Beta News]

Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT

Generative AI has revolutionised many aspects of life, offering new opportunities that have also greatly benefited malicious actors. A report has found that since the launch of ChatGPT, phishing attacks have increased by 1,265%. A separate report found that many businesses remain unprepared for the impact of AI, with just 16% of respondents satisfied in their organisation’s understanding of these AI tools.

Sources: [Decrypt] [Infosecurity Magazine] [Emerging Risks]

Business Email Compromise is Most Common Entry Point for Cyber Attack

According to cyber insurance provider Hiscox, almost half of UK businesses have experienced a cyber attack in the last year, an increase of 9% from the previous year. Business email compromise was recorded as the most common point of entry, mentioned by 35% of companies who suffered an attack.

The report found that 20% of attacked organisations received a ransomware demand, slightly up from 19% the previous year. The proportion paying the ransom fell from 66% to 63%, but the median ransom rose 13%.

Sources: [Hiscox] [Digital Journal]

US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures

The US Securities and Exchange Commission (SEC) announced plans to charge a Chief Information Security Officer (CISO) with fraud for their role in allegedly lying to investors, overstating cyber security practices, and understating or failing to disclose known risks. A key piece of evidence presented by the SEC involved a presentation that was shared with the CISO, detailing a lack of security in the CISO employer’s setup. The presentation highlighted how exploitation could lead to major reputational and financial loss.

The case represents a larger shift in the dynamics and corporate reporting of security issues and within this, lies the professionalism of the CISO role. It is likely that this incident could become the start of something larger.

Sources: [The Record] [Security Week ] [Forbes]

Companies Scramble to Integrate Immediate Recovery into Ransomware Plans

A survey found that 66% of companies are reevaluating their data protection and cyber resilience strategies. Despite this, 35% are not prioritising recovery and only half (56.6%) focused on both recovery and prevention.

Whilst it is important to prevent attacks, nothing is 100% secure and organisations need to ensure that their ransomware plans include recovery as a part of this. If, or when, you experience an attack, you will not want to improvise your recovery.

Source: [Help Net Security]

Your End-Users are Reusing Passwords: That’s a Big Problem

Password reuse is a difficult vulnerability for IT teams to get full visibility over. The danger is often hidden until it turns up in the form of hackers using compromised credentials as an initial access vector. A recent survey revealed that 53% of people admit to reusing passwords, making it easier for attackers to gain access to multiple applications with a single compromised password.

While it is difficult for organisations to maintain visibility over who is reusing passwords, especially if employees are reusing passwords outside of the organisation, there are still ways to combat this. Implementing tools that can check for compromised passwords, using multi-factor authentication and ensuring all employees carry out cyber security and awareness training are a few methods to help combat password re-use.

Source: [Bleeping Computer]

Cyber Workforce Demand is Outpacing Supply

A study by ISC2 stated that we would need to double the cyber workforce to adequately protect organisations and their critical assets. The study found that the gap between the demand and supply grew 12.6%. For organisations, this can mean a struggle in hiring cyber expertise.

To address the challenge of attracting and retaining quality senior security professionals, Black Arrow offers a fractional CISO service that gives flexible access to a whole team of specialists with wide expertise, experience and backgrounds in technology, governance and transformation, for less than the cost of hiring one individual.

Source: [Cyber Scoop]

What the Boardroom Is Missing: CISOs

According to a new study only 12% of S&P 500 companies have board directors with relevant cyber credentials, highlighting a major gap in expertise needed to keep organisations secure. As most organisations shift to digital and cloud-first strategies, businesses of all shapes and sizes must protect their assets. Unfortunately, there's a considerable gap between security leaders and the board directors responsible for managing businesses. A recent Harvard Business Review survey revealed just 47% regularly interact with their company's Chief Information Security Officer (CISO). That's a severe knowledge gap for a company's security and business leaders.

Introducing CISOs to the boardroom is not just about compliance, it's also about ensuring transparency and accountability. CISOs are already building security programs from the ground up. They provide business compliance, hire the right people, and find the right technology to supplement their team's efforts. Security posture is critical to an enterprise's future success, and having a CISO on the board that speaks the language can help a board understand if their business is making suitable security investments.

Source: [Dark Reading]

Top Cyber Stories of the Last Week

Governance, Risk and Compliance

• SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek

• SolarWinds Is A Game Changer - You Cannot Sugarcoat Cyber security (forbes.com)

• Part of an executive team? You might be the biggest security risk to your business | TechRadar

• One in five executives have shared work passwords outside the company | Security Magazine

• Half of Execs Request Security Bypass Over Past Year - Infosecurity Magazine (infosecurity-magazine.com)

• Organisations can only stop 57 percent of cyber attacks (betanews.com)

• Cyber attacks cause revenue losses in 42% of small businesses - Help Net Security

• Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger

• Only 1 in 5 Business Leaders 'Extremely Prepared' to Manage Cyber security Threats at Workplace: Survey Report, Business News - AsiaOne

• 'Are we adversary aligned?' is the new 'Are we secure?' (betanews.com)

• Cyber security habits and behaviours executives need to be aware of - Help Net Security

• The hidden costs of data breaches for small businesses - Help Net Security

• Cyber workforce demand is outpacing supply, survey finds | CyberScoop

• How Do We Truly Make Security 'Everyone's Responsibility'? (darkreading.com)

• Why lack of training can put cyber security at risk [Q&A] (betanews.com)

• Cyber security Awareness Month Series: Cyber security is Important for Small Business Too. | Jackson Lewis P.C. - JDSupra

• Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)

• Are startups underestimating their cyber vulnerability? | Insurance Business America (insurancebusinessmag.com)

• The CISO’s toolkit must include political capital within the C-suite | CSO Online

• Do You Really Need a CISO? (securityintelligence.com)

• CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)

• What the Boardroom Is Missing: CISOs (darkreading.com)

• Is it time to merge your fraud and cyber teams? - Raconteur

• OODA Loop - Deciphering the CISO Accountability Landscape: A Comparative Analysis with the AML Officer's Evolution

• Why there’s no one-size-fits all solution to security maturity | TechRadar

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Never Sleeps - But It Strikes Whilst You Do - Infosecurity Magazine (infosecurity-magazine.com)

• Ransom Groups Threaten Physical Violence as Social Engineering Tactic (darkreading.com)

• Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security

• Surviving a ransomware attack begins by acknowledging it's inevitable | VentureBeat

• Mass exploitation of CitrixBleed vulnerability, including a ransomware group | by Kevin Beaumont | Oct, 2023 | DoublePulsar

• The dangers of dual ransomware attacks - Help Net Security

• Do government sanctions against ransomware groups work? | TechCrunch

• Why rookie hackers are capitalizing on ransomware | SC Media (scmagazine.com)

• Experts Reconsider Banning Ransom Payments as Ransomware Attacks Surge (pymnts.com)

• Why ransomware victims can’t stop paying off hackers | TechCrunch

• Key Learnings from “Big Game” Ransomware Campaigns - SecurityWeek

• New Hunters International ransomware possible rebrand of Hive (bleepingcomputer.com)

• SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)

• One of the most dangerous ransomware kits around might have just gotten a rebrand | TechRadar

• Forty Countries Agree Not to Pay Cyber crime Ransoms - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks set to break records in 2023 - Help Net Security

• Know When and How to Stop Ransomware Attacks (finextra.com)

• HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)

• Data Encrypted in 75% of Ransomware Attacks on Healthcare Organisation - Infosecurity Magazine (infosecurity-magazine.com)

Ransomware Victims

• Boeing Confirms Cyber Attack, System Compromise (darkreading.com)

• CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch

• Stanford University investigating security incident • The Register

• Clop group obtained access to the email addresses of about 632,000 US federal employees (securityaffairs.com)

• Massive ransomware attack hinders services in 70 German municipalities (therecord.media)

• Medical research exec hit in SIM-swap attack by Alphv gang • The Register

• Caesars Hackers Accessed Customer Data; Costs to Be Determined (bloomberglaw.com)

• Mortgage and loan giant Mr. Cooper blames cyber attack for ongoing outage | TechCrunch

• Ransomware attack shuts down Central Florida radiology imager sites (wmfe.org)

• British, Toronto Libraries Struggle After Cyber Incidents (darkreading.com)

• Ace Hardware says 1,202 devices were hit during cyber attack (bleepingcomputer.com)

Phishing & Email Based Attacks

• Report Links ChatGPT to 1,265% Rise in Phishing Emails - Infosecurity Magazine (infosecurity-magazine.com)

• McAfee Celebrity Hot List 2023 - gHacks Tech News

• Phishing Scams, Bad Actors Bedevil Military Mass Tort Settlements (bloomberglaw.com)

Artificial Intelligence

• Email Phishing Attacks Up 1,265% Since ChatGPT Launched: SlashNext - Decrypt

• AI poses new cyber threats with many businesses unprepared (emergingrisks.co.uk)

• AI is making cyber attacks even smarter and more dangerous | TechRadar

• The People Hacker: AI a Game-Changer in Social Engineering Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Risk managers beware – generative AI spells serious concerns for security | Insurance Business America (insurancebusinessmag.com)

• 28 Countries Sign Bletchley Declaration on Responsible AI - Infosecurity Magazine (infosecurity-magazine.com)

• Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)

• UK AI Safety Summit is targeting evil sentience, but there are bigger problems to solve | Tom's Guide

• AI Safety Summit: OWASP Urges Governments to Agree on AI Standards - Infosecurity Magazine (infosecurity-magazine.com)

• Enterprise AI applications are threatening security | TechRadar

• What Lurks in the Dark: Taking Aim at Shadow AI (darkreading.com)

• ChatGPT, Bard, lack effective defences against fraudsters, Which? warns | Computer Weekly

• Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger

• The future of AIs fighting AIs is already here - POLITICO

• AI promises incredible benefits, but also terrible risks. It’s not luddism to rein it in | Sonia Sodha | The Guardian

Malware

• Over a million Windows and Linux systems infected by this tricky new malware | TechRadar

• DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)

• Daily malware activity doubled year over year for small businesses | Security Magazine

• Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)

• Malvertising via Dynamic Search Ads delivers malware bonanza (malwarebytes.com)

• Windows PCs are being targeted with a nasty new malware - here's what you need to know | TechRadar

• Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware (thehackernews.com)

• These Seemingly Innocent Search Terms Could Lead Kids to Malware-Filled Websites (pcmag.com)

• Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks (darkreading.com)

• Arid Viper Camouflages Malware in Knockoff Dating App (darkreading.com)

• Scarred Manticore Targets Middle East With Advanced Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Ghostpulse Malware Targets Windows PCs With Fake App Installers (pcmag.com)

• Latest RAT attack surge bypasses Microsoft's XLL block • The Register

• Mozi malware botnet goes dark after mysterious use of kill-switch (bleepingcomputer.com)

• Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek

• Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection (thehackernews.com)

Mobile

• 16 more infected Android apps you need to delete ASAP (bgr.com)

• iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld

• Android 14’s user-profile data bug seems indistinguishable from ransomware | Ars Technica

• New banking scams delivered instantly via WhatsApp - F-Secure Blog

• Every day, half a million malware apps are created for scamming. Who’s behind them? - CNA (channelnewsasia.com)

• Security Expert: Apple's Lockdown Mode Still Defeats Commercial Spyware | PCMag

• Google One data breach: Dark web report at your hand - gHacks Tech News

• SIM swapping crypto crook jailed, ordered to pay $945,833 • The Register

• SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)

• Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)

Denial of Service/DoS/DDOS

• DDoS attacks are getting bigger and more powerful, and that's a really bad thing | TechRadar

• Why Does "Anonymous" Launch DDoS Cyber Attacks? (makeuseof.com)

Internet of Things – IoT

• IoT's convenience comes with cyber security challenges - Help Net Security

• RCE exploit for Wyze Cam v3 publicly released, patch now (bleepingcomputer.com)

Data Breaches/Leaks

• CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch

• Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)

• ServiceNow Data Exposure: A Wake-Up Call for Companies (thehackernews.com)

• LastPass breach linked to theft of $4.4 million in crypto (bleepingcomputer.com)

• Public exposure of data breaches is becoming inevitable – Help Net Security

• Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)

• Seiged Sec Breach Top Israeli Telecom, Leak Customers Data (dailydot.com)

Organised Crime & Criminal Actors

• ‘Prolific Puma’ Hacker Gives Cyber criminals Access to .us Domains (darkreading.com)

• Two Russians indicted for hacking JFK taxi dispatch system • The Register

• How cyber criminals adapt and thrive amidst changing consumer trends – Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto thief steals $4.4M in a day as toll rises from LastPass breach (cointelegraph.com)

• UK's National Crime Agency Establishes Crypto Investigative Team (mpost.io)

• Sam Bankman-Fried found guilty of defrauding FTX customers out of billions | Sam Bankman-Fried | The Guardian

Insider Risk and Insider Threats

• How human behaviour research informs security strategies - Help Net Security

Insurance

• The rise of the cyber security insurance market | CSO Online

• Cyber insurance: why it pays to be responsible | TechRadar

Supply Chain and Third Parties

• N. Korean Lazarus Group Targets Software Vendor Using Known Flaws (thehackernews.com)

• North Korean Hackers Are Trying to Stage Another Supply Chain Hack (pcmag.com)

• Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)

Cloud/SaaS

• Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cyber securitynews.com)

• Cryptojackers steal AWS credentials from GitHub in 5 minutes • The Register

• Microsoft is Getting Serious About Security. Again. - Thurrott.com

• Microsoft is overhauling its software security after major Azure cloud attacks - The Verge

Identity and Access Management

• Identity-based security threats are growing rapidly: report | CSO Online

Encryption

• UK Banks Warn Quantum Will Imperil Entire Payment System - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Your end-users are reusing passwords – that’s a big problem (bleepingcomputer.com)

• One in five executives have shared work passwords outside the company | Security Magazine

• Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cybersecuritynews.com)

• Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)

Social Media

• DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)

• Russian hacking tool floods social networks with bots, researchers say (therecord.media)

Malvertising

• Malvertising via Dynamic Search Ads delivers malware bonanza (malwarebytes.com)

Training, Education and Awareness

• Finding the right approach to security awareness - Help Net Security

• Why lack of training can put cyber security at risk [Q&A] (betanews.com)

Regulations, Fines and Legislation

• FTC orders non-bank financial firms to report breaches in 30 days (bleepingcomputer.com)

• SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek

• Why The SEC Cyber Security Disclosure Rules Will Improve Cybersecurity (forbes.com)

• The UK Online Safety Bill Becomes Law, What Does It Mean? | Hackaday

• Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)

• Setting the standard for cyber security across the EU | Business Post

Models, Frameworks and Standards

• Top 12 IT security frameworks and standards explained | TechTarget

• MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile  - SecurityWeek

Careers, Working in Cyber and Information Security

• UK cyber skills gap grows 29% despite record hiring (computing.co.uk)

• Cyber workforce demand is outpacing supply, survey finds | CyberScoop

• Cyber security workforce shortages: 67% report people deficits - Help Net Security

• CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)

• What the Boardroom Is Missing: CISOs (darkreading.com)

Law Enforcement Action and Take Downs

• Pirate IPTV network in Austria dismantled and $1.74 million seized (bleepingcomputer.com)

• SIM swapping crypto crook jailed, ordered to pay $945,833 • The Register

• UK's National Crime Agency Establishes Crypto Investigative Team (mpost.io)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Misc Nation State/Cyber Warfare/Cyber Espionage

• Cyber War: Power, Prestige, International Governance, and Strategy in the Age of Global Polycrisis

Geopolitical Threats/Activity

• Hacktivist Activity Related to Gaza Conflict Dwindles (darkreading.com)

• New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks (bleepingcomputer.com)

• Scarred Manticore Targets Middle East With Advanced Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)

China

• Spies and Lies: China’s Cyber Espionage Is on an Unprecedented Level | Mind Matters

• Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop

Russia

• Boeing. ‘Sensitive Data’ Reportedly Stolen by Ransomware Group Linked to Russia - The Messenger

• IT Army of Ukraine disrupted internet providers in territories occupied by Russia (securityaffairs.com)

• Russian hacking tool floods social networks with bots, researchers say (therecord.media)

• Palo Alto Reveals New Features in Russian APT Turla's Kazuar Backdoor - Infosecurity Magazine (infosecurity-magazine.com)

• FSB arrests Russian hackers working for Ukrainian cyber forces (bleepingcomputer.com)

• Russia to launch its own version of VirusTotal due to US snooping fears (therecord.media)

• A Ukrainian Company Shares Lessons in Wartime Resilience (darkreading.com)

• Two Russians indicted for hacking JFK taxi dispatch system • The Register

Iran

• Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)

• Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek

• In Cyber attacks, Iran Shows Signs of Improved Hacking Capabilities - The New York Times (nytimes.com)

• New Iranian state-sponsored hacking campaign uncovered - SiliconANGLE

• FBI Director Warns of Increased Iranian Attacks (darkreading.com)

• Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign (thehackernews.com)

• 'Scarred Manticore' Unleashes the Most Advanced Iranian Cyber Espionage Yet (darkreading.com)

North Korea

• North Korean Hackers Are Trying to Stage Another Supply Chain Hack (pcmag.com)

• Lazarus Group Looking for Unpatched Software Vulnerabilities (databreachtoday.co.uk)

• North Korean Hackers Target macOS Crypto Engineers With Kandykorn - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Lazarus Group Looking for Unpatched Software Vulnerabilities (databreachtoday.co.uk)

• 20 Years Later, Is Patch Tuesday Enough? (darkreading.com)

• CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT | SC Media (scmagazine.com)

• Vulnerability management metrics: How to measure success - Help Net Security

• From Windows 9x to 11: Tracing Microsoft's security evolution - Help Net Security

• It's Cheap to Exploit Software — and That's a Major Security Problem (darkreading.com)

Vulnerabilities

• Exploit released for critical Cisco IOS XE flaw, many hosts still hacked (bleepingcomputer.com)

• F5 fixes BIG-IP auth bypass allowing remote code execution attacks (bleepingcomputer.com)

• Mass exploitation of CitrixBleed vulnerability, including a ransomware group | by Kevin Beaumont | Oct, 2023 | DoublePulsar

• Hackers use Citrix Bleed flaw in attacks on govt networks worldwide (bleepingcomputer.com)

• Cisco Patches 27 Vulnerabilities in Network Security Products - SecurityWeek

• Chrome 119 Patches 15 Vulnerabilities - SecurityWeek

• Atlassian warns users: patch critical Confluence flaw ASAP • The Register

• Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover (thehackernews.com)

• Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes (thehackernews.com)

• D-LINK SQL Injection Vulnerability Let Attacker Escalate Privileges (gbhackers.com)

• 3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (bleepingcomputer.com)

• More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library (darkreading.com)

• No patches yet for Apple iLeakage side-channel attack | TechTarget

• HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)

• iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld

Tools and Controls

• Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security

• Vulnerability management metrics: How to measure success - Help Net Security

• 6 steps to accelerate cyber security incident response | SC Media (scmagazine.com)

• Ethical hackers are helping more and more business stay safe | TechRadar

• Getting Smart With Cyber security: AI Can Help the Good Guys, Too (darkreading.com)

• Massive cyber crime URL shortening service uncovered via DNS data (bleepingcomputer.com)

• The state of API security in 2023 | InfoWorld

• Is There a Silver Bullet in Threat Detection? | MSSP Alert

• Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger

• Defence in depth: Layering your security coverage (securityintelligence.com)

• Finding the right approach to security awareness - Help Net Security

• Is state intervention needed for cyber insurance? (ft.com)

• CISA Announces New Release of Logging Made Easy | CISA

• Security Advice For Virtualization: Protecting Information And Programs (informationsecuritybuzz.com)

• Mainframes are around to stay, it’s time to protect them - Help Net Security

• Responsible Cyber Operations: From Theory to Reality - Infosecurity Magazine (infosecurity-magazine.com)

Reports Published in the Last Week

Cyber Readiness Report 2023 UK - Hiscox

Other News

• Are You and Your Clients Soft Targets? | MSSP Alert

• Four Under-The-Radar Security Risks That Can Endanger Your Business (forbes.com)

• ING CISO says data sharing is key to financial cyber security (finextra.com)

• Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)

• F5 Labs Report Reveals Rise in Malicious Automation | The Fintech Times

• Microsoft Vows to Revamp Security Products After Repeated Hacks - Bloomberg

• Microsoft launches Secure Future Initiative to bolster security | TechTarget

• The 5 Cs of effective cyber defence: Beyond traditional technical skills | SC Media (scmagazine.com)

• 9 Innovative Ways to Boost Security Hygiene for Cyber Awareness Month (darkreading.com)

• How governments can keep data secure in a digital age - New Statesman

• Are startups underestimating their cyber vulnerability? | Insurance Business America (insurancebusinessmag.com)

• Preventing and preparing for law firm cyber security attacks is fundamental to success | Casetext - JDSupra

• Cyber security insights for secure manufacturing - Aerospace Manufacturing and Design

• Demystifying the top five OT security myths | Computer Weekly

• 20 scary cyber security facts and figures for a haunting Halloween (welivesecurity.com)

• Construction among industries most at risk from cyber attacks, insurer warns | News | Building

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.