Black Arrow Cyber Threat Intelligence Briefing 08 November 2024
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Fake Copyright Infringement Emails Spread Rhadamanthys Malware
Check Point Research has identified a widespread phishing campaign targeting hundreds of organisations globally with fake copyright infringement emails. These emails deploy Rhadamanthys, a sophisticated cyber security threat that steals sensitive data, including cryptocurrency wallet information. The attackers impersonate brands mainly from the technology and media sectors, with nearly 70% of fake emails appearing to come from these industries. They exploit fears of copyright violation to prompt downloads of malicious files. The malware uses advanced techniques, such as embedding itself in large files to evade detection. Organisations are advised to strengthen phishing defences and monitor for unusual file downloads to mitigate this risk.
Use Public Wi-Fi? You Might Not Want to After You Read This
A recent survey found that nearly half of internet users connect to public Wi-Fi networks without verifying their legitimacy, with one in four experiencing security issues as a result. Cyber criminals exploit these unsecured networks to steal sensitive data like passwords and banking information. Experts highlight that despite warnings, convenience often outweighs caution, putting both individuals and organisations at risk of data breaches and identity theft. The report underscores the need for businesses to educate employees on the dangers of public Wi-Fi and to adopt secure practices such as using VPNs to protect sensitive information.
New MacOS Malware Linked to North Korean Hackers
Security researchers have identified new macOS malware linked to a North Korean hacking group targeting cryptocurrency businesses. The malware, named "Hidden Risk", is distributed through phishing emails masquerading as cryptocurrency news articles. Recipients are tricked into downloading a malicious program that runs on both Intel and Apple silicon Macs. The program was mistakenly notarised by Apple, allowing it to bypass security measures, but this approval has since been revoked. The malware creates a backdoor into the system, enabling hackers to execute commands and install additional payloads. The campaign is believed to have started in July and is attributed to the BlueNoroff group.
Disaster Recovery Planning is Key in the Modern-Day Business Environment
A recent survey has found that 78% of senior IT professionals reported data loss due to system failure, human error, or cyber attack in the past year, highlighting that protective measures are often breached. Yet only 54% are confident in their ability to recover data and minimise downtime after a disaster. Nearly 40% cite a lack of in-house technical expertise, 29% point to insufficient investment, and 28% note a lack of senior support as barriers to recovery planning. With incidents including a recent global outage costing businesses up to $1.5 billion, prioritising disaster recovery planning is critical for organisational resilience.
The Biggest Underestimated Security Threat of Today? Advanced Persistent Teenagers
Security experts have identified that financially motivated teenage hackers, termed "advanced persistent teenagers", are emerging as a significant cyber security threat. Organisations have suffered major data breaches and paid substantial ransoms due to these attacks, which often exploit social engineering tactics like phishing emails and impersonating helpdesk staff. Despite their youth, these hackers demonstrate capabilities once limited to nation states. Experts emphasise that insider threats and identity-related vulnerabilities are now among the biggest concerns, highlighting the need for improved identity and access management and a better understanding of the human element in cyber security.
Ransomware Attacks Hit Record Levels in 2024 Despite Law Enforcement Crackdowns
A cyber security expert noted that this year saw four eight-figure payments due to successful ransomware attacks, including a $22 million payment by a major health tech company. Data-theft-only attacks have risen by 30%, as some threat actors decide to not encrypt their victim’s systems and instead focus only on data theft. While authorities have disrupted significant ransomware operations, active groups have increased by 30% year-over-year, with 31 new groups emerging. There is a growing debate on banning ransom payments to deter these escalating cyber attacks.
The West Must Respond to Russia’s Rapidly Escalating Hybrid Warfare
Recent reports reveal that Russia is intensifying its hybrid warfare against the West. NATO Secretary General Mark Rutte highlighted a surge in cyber attacks, disinformation campaigns, and industrial sabotage across allied territories. These threats have expanded beyond Ukraine, affecting Western Europe and even the Arctic region. Despite reduced reliance on Russian energy, several EU countries remain vulnerable due to ongoing dependencies. The Kremlin is also exploiting non-traditional media and supporting populist movements to destabilise democracies. This escalating situation underscores the urgent need for Western governments and security services to collaborate in countering these multifaceted threats.
China’s Elite Hackers Expand Target List to European Union
Cyber security software provider ESET reports that China's elite government-backed hackers are expanding their targets to include the European Union. The report highlights that groups like MirrorFace, traditionally focused on Japan, are now targeting EU organisations. Despite this shift, motivations may remain Japan-centric, as spearphishing emails relate to events like EXPO 2025 in Osaka. The use of legitimate tools such as SoftEther VPN by these hackers is a growing concern, allowing them to blend into normal network traffic. ESET advises organisations to treat unexpected deployments of such tools as suspicious, emphasising the need for heightened vigilance.
How Early-Stage Companies Can Go Beyond Cyber Security Basics
Businesses are confronting increasingly sophisticated cyber threats, with phishing scams, zero-day vulnerabilities, and ransomware attacks on the rise. While compliance frameworks like GDPR and PCIDSS provide a foundation, they are insufficient alone as they may not keep pace with evolving cyber criminal tactics. Many organisations risk a false sense of security by focusing solely on compliance, often engaging in procedural tick-box exercises rather than enhancing their security posture. To mitigate risks, organisations must adopt proactive, dynamic, risk-based security strategies, including layered defences, employee training, and robust incident response plans.
How AI Will Shape the Next Generation of Cyber Threats
Advancements in AI are significantly lowering the barrier to entry for cyber attackers. As AI-powered attack tools become accessible and packaged as user-friendly products on the dark web, even those without technical expertise can launch sophisticated cyber attacks. This shift greatly widens the pool of potential attackers beyond traditional threats, and highlights that organisations must adopt AI-powered defences to stay ahead. Ethical concerns also arise in deploying AI for cyber security, especially regarding data privacy and automated responses. Over the next five to ten years, AI-driven threats are expected to evolve significantly, introducing entirely new types of attacks.
Cyber Security Trends and Tips for Small and Medium Businesses to Stay Protected
Microsoft highlights that cyber attacks are increasingly affecting SMBs, with 31% having experienced incidents like ransomware and phishing. These attacks cost SMBs up to $7 million, impacting finances and reputation. 94% recognise cyber security’s importance, and over 70% work with specialists to manage their security. AI’s rise increases security needs, with 81% of SMBs acknowledging this. Many SMBs plan to boost cyber security spending; hybrid work also poses challenges, with 68% finding secure data access difficult for remote workers.
What are the key Threats to Global National Security?
A recent analysis identifies cyber security threats as the foremost concern for nations leveraging digital technologies, with cyber attacks increasingly targeting critical infrastructure. Climate change is another pressing issue, causing resource shortages and contributing to conflicts, with over two in five regions facing climate-induced migration. Bioterrorism also poses significant risks, yet nearly a third of countries have not invested adequately in public health preparedness. Economic espionage is impacting key sectors like technology and defence, and the ongoing threat of nuclear proliferation remains a major global security challenge.
Sources:
https://inews.co.uk/inews-lifestyle/public-wifi-wont-want-to-read-3348687
https://uk.pcmag.com/security/155250/new-macos-malware-linked-to-north-korean-hackers
https://www.techspot.com/news/105399-ransomware-attacks-set-rise-record-levels-2024-despite.html
https://cyberscoop.com/china-apt-eset-target-typhoon-mirrorface/
https://cyberscoop.com/cybersecurity-for-startups-early-stage-companies/
https://www.helpnetsecurity.com/2024/11/07/buzz-hillestad-prismatic-ai-driven-attacks/
https://www.itsecurityguru.org/2024/11/01/what-are-the-key-threats-to-global-national-security/
Governance, Risk and Compliance
7 cyber security trends for small and medium businesses | Microsoft Security Blog
CISO Top 10 Priorities for Q3 2024: Navigating Cyber Security's Evolving Challenges | SC Media
Disaster recovery planning is key in the modern-day business environment
Cyber security in crisis: Are we ready for what's coming? - Help Net Security
IT Security Centralization Makes Industrial Spies Profitable
How Cyber Security Training Must Adapt to a New Era of Threats - Security Boulevard
Chief risk storyteller: How CISOs are developing yet another skill | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Cyber insurers would not welcome ban on ransomware payments :: Insurance Day
GoZone ransomware accuses and threatens victims - Help Net Security
RansomHub dethrones LockBit as top ransomware cartel | Cybernews
Iranian Threat Actors Ramp Up Ransomware, Cyber Activity
Ransomware attacks caused prolonged disruptions in October | TechTarget
Police Doxing of Criminals Raising Ransomware-Attack Stakes
Meet Interlock — The new ransomware targeting FreeBSD servers
Cyber attack disrupts classes at Irish technology university
Ransomware Victims
Devon school 'blackmailed' by hackers in cyber-attack - BBC News
Schneider Electric attackers demand ransom paid in baguettes • The Register
Ransomware Group Demands Payment in French Baguettes
Ransomware Attack Disrupts Georgia Hospital's Access to Health Records - SecurityWeek
Hacker Claims to Leak Nokia Source Code - InfoRiskToday
California court suffering from tech outages after cyber attack
Ransomware attack costs Microchip Technology over $21M | SC Media
Phishing & Email Based Attacks
Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign - SecurityWeek
Dangerous new phishing campaign infects Windows devices with malicious Linux VM | TechRadar
Beware of phishing emails delivering backdoored Linux VMs! - Help Net Security
Fake Copyright Infringement Emails Spread Rhadamanthys
US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing - SecurityWeek
DocuSign's Envelopes API abused to send realistic fake invoices
Cyber Criminals Exploit DocuSign APIs to Send Fake Invoices - Infosecurity Magazine
Large-Scale Phishing Campaign Exposed Using New Version Of Rhadamanthys Malware
Phishing Emails and Spam Are Similar, but There Are 5 Key Differences
Gmail Users Beware—Link Hovering Attacks On The Up
Gmail 2FA Cyber Attacks—Open Another Account Before It’s Too Late
Scammers Target Starlink Users With Elaborate Phishing Scheme
Other Social Engineering
LastPass warns of fake support centers trying to steal customer data
Fake Copyright Infringement Emails Spread Rhadamanthys
Malware operators use copyright notices to lure in businesses | SC Media
Advanced Variant Of FakeCall Malware Targets Mobile Users
FBI recovers just $8M after crypto scam crashes Kansas bank • The Register
Things you should know about ‘digital arrest’ scams! - The Hindu BusinessLine
Artificial Intelligence
The deepfake threat to CEOs | Fortune
How AI will shape the next generation of cyber threats - Help Net Security
Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign - SecurityWeek
Experts warn some ChatGPT models can be hacked to launch deepfake scams | TechRadar
ChatGPT-4o can be used for autonomous voice-based scams
AI threats dictate a return to Human Intelligence | Cybernews
Defenders Outpace Attackers in AI Adoption - Infosecurity Magazine
OWASP Releases AI Security Guidance
Why Cyber Criminals Are Not Necessarily Embracing AI | HackerNoon
Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare
Trump plans to dismantle Biden AI safeguards after victory - Ars Technica
2FA/MFA
Google Cloud to Mandate Multifactor Authentication by 2025 - Infosecurity Magazine
Gmail 2FA Cyber Attacks—Open Another Account Before It’s Too Late
Malware
New Malware Campaign Targets Windows Users Through Gaming Apps
Hackers increasingly use Winos4.0 post-exploitation kit in attacks
Industrial companies in Europe targeted with GuLoader - Help Net Security
5 Most Common Malware Techniques in 2024
MacOS under attack by crypto thieves: malicious app disguises itself as PDF | Cybernews
New SteelFox malware hijacks Windows PCs using vulnerable driver
New MacOS Malware Linked to North Korean Hackers
Microsoft services exploited for stealthy malware deployment | SC Media
Large-Scale Phishing Campaign Exposed Using New Version Of Rhadamanthys Malware
Typosquat campaign impersonates 287+ popular npm packages • The Register
Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT - Check Point Research
Bots/Botnets
Microsoft reveals major Chinese botnet is attacking users across the world | TechRadar
Microsoft credentials pilfered by APT Storm via botnet spray-and-pray router attack | SC Media
Organisations are fighting a losing battle against advanced bots | TechRadar
Mobile
Advanced Variant Of FakeCall Malware Targets Mobile Users
New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers
Dangerous Android banking malware looks to trick victims with fake money transfers | TechRadar
Here's What I Do Whenever I Receive a Scam Message on WhatsApp
What Telegram’s recent policy shift means for cyber crime
Mobile & IoT Security Requires More Industry Attention
How I Spot Smishing Texts Easily (and You Can, Too)
Denial of Service/DoS/DDoS
UK Council Sites Recover Following Russian DDoS Blitz - Infosecurity Magazine
DDoS site Dstat.cc seized and two suspects arrested in Germany
UK councils bat away DDoS barrage from Putin fanboys • The Register
Cyber attack disrupts classes at Irish technology university
Internet of Things – IoT
IoT Security Failures Can Be Sh*tty - Security Boulevard
Iranian APT Targets IP Cameras, Extends Attacks Beyond Israel
Chinese Air Fryers May Be Spying on Consumers, Which? Warns - Infosecurity Magazine
Mobile & IoT Security Requires More Industry Attention
Data Breaches/Leaks
Recovering From a Breach: 4 Steps Every Organisation Should Take - Security Boulevard
Telecoms company Magnet+ investigating possible cyber attack – The Irish Times
Identity-related data breaches cost more than average incidents - Help Net Security
Nokia investigates breach after hacker claims to steal source code
Scissor-maker Fiskars sliced by hackers | Cybernews
Domestic abuse victim’s home address leaked to ex-partner after data breach | The Independent
210,000 Impacted by Saint Xavier University Data Breach - SecurityWeek
Organised Crime & Criminal Actors
Operation Synergia II sees Interpol swoop on cyber crims • The Register
Massive Nigerian Cyber Crime Bust Sees 130 Arrested - Infosecurity Magazine
Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs
Cyber Threats Increase as Russia, China Train New Criminals - Africa Defense Forum
The biggest underestimated security threat of today? Advanced persistent teenagers | TechCrunch
Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies | WIRED
Hacker Said to Be Behind Breach of Snowflake (SNOW) Customers Arrested - Bloomberg
How to Defend Against Alleged Snowflake Attacker… | Intel 471
What Telegram’s recent policy shift means for cyber crime
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
MacOS under attack by crypto thieves: malicious app disguises itself as PDF | Cybernews
FBI recovers just $8M after crypto scam crashes Kansas bank • The Register
Insider Risk and Insider Threats
FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info
Oh, the Humanity! How to Make Humans Part of Cyber Security
Insurance
Cyber insurers would not welcome ban on ransomware payments :: Insurance Day
Supply Chain and Third Parties
Banks urged to improve resilience to IT meltdowns • The Register
Supply Chain Attack Uses Smart Contracts for C2 Ops - Infosecurity Magazine
New Report from BlueVoyant Shows Progress in Third-Party Cyber Risk Management, But Breaches Persist
The State of Supply Chain Defence in 2024 Report
Serco, DHL among firms affected by Microlise cyber attack | ITPro
Cloud/SaaS
The future of cloud computing: Top trends and predictions | TechTarget
5 SaaS Misconfigurations Leading to Major Fu*%@ Ups
Google Cloud to Mandate Multifactor Authentication by 2025 - Infosecurity Magazine
Microsoft 365 security blind spots: Is your business exposed? - Partner Content - Security - iTnews
Outages
Banks urged to improve resilience to IT meltdowns • The Register
Identity and Access Management
Identity-related data breaches cost more than average incidents - Help Net Security
Encryption
“Q Day” Is Coming: Is the World Prepared? - Centre for International Governance Innovation
Quantum Has Landed, So Now What?
Linux and Open Source
Dangerous new phishing campaign infects Windows devices with malicious Linux VM | TechRadar
Beware of phishing emails delivering backdoored Linux VMs! - Help Net Security
Meet Interlock — The new ransomware targeting FreeBSD servers
Passwords, Credential Stuffing & Brute Force Attacks
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft
Microsoft credentials pilfered by APT Storm via botnet spray-and-pray router attack | SC Media
A Hacker's Guide to Password Cracking
Okta’s ‘secure by design’ pledge suffers a buggy setback | CSO Online
Social Media
South Korea fines Meta about $15 mln over collection of user data | Reuters
Canada Orders TikTok to Shut Down Canadian Operations Over Security Concerns
Malvertising
NCSC Publishes Tips to Tackle Malvertising Threat - Infosecurity Magazine
Training, Education and Awareness
How Cyber Security Training Must Adapt to a New Era of Threats - Security Boulevard
Regulations, Fines and Legislation
Banks urged to improve resilience to IT meltdowns • The Register
The NIS 2 Era Is Here: Are You Compliance-Ready? | Goodwin - JDSupra
Government-backed cyber security has a long way to go, warns Arctic Wolf
Apple could face EU's first-ever DMA fine as soon as this month - 9to5Mac
Exploring DORA: How to manage ICT incidents and minimize cyber threat risks
HIPAA Not ‘Strong Enough’ for Health Care’s Cyber Security Needs
South Korea fines Meta about $15 mln over collection of user data | Reuters
Biden administration prepares second executive order on cyber security | SC Media
Germany drafts law to protect researchers who find security flaws
Trump plans to dismantle Biden AI safeguards after victory - Ars Technica
Combating Cyber Crime: What to Expect From Trump Presidency?
Models, Frameworks and Standards
The NIS 2 Era Is Here: Are You Compliance-Ready? | Goodwin - JDSupra
Exploring DORA: How to manage ICT incidents and minimize cyber threat risks
OWASP Releases AI Security Guidance
NIST CSF 2.0 Critical - Security Boulevard
Data Protection
Consumer privacy risks of data aggregation: What should organisations do? - Help Net Security
South Korea fines Meta about $15 mln over collection of user data | Reuters
Careers, Working in Cyber and Information Security
24% of CISOs actively looking to leave their jobs | CSO Online
A grassroots movement to tackle cyber skills gap | Professional Security Magazine
UK Cyber Security Wages Soar Above Inflation as Stress Levels Rise - Infosecurity Magazine
Proactive Ways To Bridge The Cyber Security Talent Gap
How Playing Cyber Games Can Help You Get Hired
Keep Learning or Keep Losing: There's No Finish Line
US Coast Guard's New Cyber Units: A Game Changer for National Security - ClearanceJobs
Want to attract diverse cyber talent? Go beyond the same-old recruiting techniques | SC Media
MoD seeks leader for ‘defensive cyber operations’ – PublicTechnology
How CISOs can turn around low-performing cyber pros | CSO Online
Law Enforcement Action and Take Downs
FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info
Operation Synergia II sees Interpol swoop on cyber crims • The Register
Massive Nigerian Cyber Crime Bust Sees 130 Arrested - Infosecurity Magazine
Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs
DDoS site Dstat.cc seized and two suspects arrested in Germany
FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions
Hacker Said to Be Behind Breach of Snowflake (SNOW) Customers Arrested - Bloomberg
How to Defend Against Alleged Snowflake Attacker… | Intel 471
Gov't IT contractors arrested for defrauding the feds • The Register
US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing - SecurityWeek
FBI recovers just $8M after crypto scam crashes Kansas bank • The Register
Police Doxing of Criminals Raising Ransomware-Attack Stakes
Misinformation, Disinformation and Propaganda
Russian disinformation campaign active ahead of 2024 US election
US Says Russia Behind Fake Haitian Voters Video - Infosecurity Magazine
CISA: U.S. election disinformation peddled at massive scale | TechTarget
Misinformation is Ruining our Elections. Here’s How we can Rescue Them. - Security Boulevard
US warns of Russia and Iran’s disinformation campaigns as election day unfolds
False bomb threats only blemish on Election Day voting process
Russian Fake News and Bomb Threats Target Election Day Votes
Here are the post-election disinfo threats experts are watching for
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
IT Security Centralization Makes Industrial Spies Profitable
The West must respond to Russia’s rapidly escalating hybrid warfare - Atlantic Council
What are the key Threats to Global National Security? - IT Security Guru
Lord Harries links nuclear to cyber threats
Nation State Actors
Cyber Threats Increase as Russia, China Train New Criminals - Africa Defense Forum
China
Microsoft reveals major Chinese botnet is attacking users across the world | TechRadar
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft
Chinese APTs Cash In on Years of Edge Device Attacks
Thousands of hacked TP-Link routers used in years-long account takeover attacks - Ars Technica
Sophos Warns Chinese Hackers Are Becoming Stealthier - Infosecurity Magazine
NCSC Details ‘Pygmy Goat’ Backdoor Planted on Hacked Sophos Firewall Devices - SecurityWeek
Microsoft credentials pilfered by APT Storm via botnet spray-and-pray router attack | SC Media
China's elite hackers expand target list to European Union | CyberScoop
China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait
Misinformation is Ruining our Elections. Here’s How we can Rescue Them. - Security Boulevard
China's Volt Typhoon breached Singtel, reports say • The Register
Chinese Group Accused of Hacking Singtel in Telecom Attacks - Bloomberg
FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions
Chinese Air Fryers May Be Spying on Consumers, Which? Warns - Infosecurity Magazine
Canada Orders TikTok to Shut Down Canadian Operations Over Security Concerns
Russia
The West must respond to Russia’s rapidly escalating hybrid warfare - Atlantic Council
N Korea may receive tech in exchange for military support • The Register
CISA: US election disinformation peddled at massive scale | TechTarget
Misinformation is Ruining our Elections. Here’s How we can Rescue Them. - Security Boulevard
Cyber attack sparks extra security at Portsmouth council - BBC News
UK Council Sites Recover Following Russian DDoS Blitz - Infosecurity Magazine
Russian disinformation campaign active ahead of 2024 US election
US Says Russia Behind Fake Haitian Voters Video - Infosecurity Magazine
False bomb threats only blemish on Election Day voting process
Russian Fake News and Bomb Threats Target Election Day Votes
Here are the post-election disinfo threats experts are watching for
Cyber Threats Increase as Russia, China Train New Criminals - Africa Defense Forum
1 Million Cyber Attacks Made On Montco Election, Mainly From Russia | Norristown, PA Patch
Iran
CISA: U.S. election disinformation peddled at massive scale | TechTarget
Misinformation is Ruining our Elections. Here’s How we can Rescue Them. - Security Boulevard
Iranian Threat Actors Ramp Up Ransomware, Cyber Activity
Iranian APT Targets IP Cameras, Extends Attacks Beyond Israel
Here are the post-election disinfo threats experts are watching for
Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare
North Korea
N Korea may receive tech in exchange for military support • The Register
Tools and Controls
Banks urged to improve resilience to IT meltdowns • The Register
Disaster recovery planning is key in the modern-day business environment
AI threats dictate a return to Human Intelligence | Cybernews
What is Unified Threat Management (UTM)? | Definition from TechTarget
Recovering From a Breach: 4 Steps Every Organisation Should Take - Security Boulevard
Google Says Its AI Found SQLite Vulnerability That Fuzzing Missed - SecurityWeek
Google Cloud to Mandate Multifactor Authentication by 2025 - Infosecurity Magazine
New cyber security advisory highlights defence-in-depth strategies
Oh, the Humanity! How to Make Humans Part of Cyber Security
How to Win at Cyber by Influencing People
Security Assessment Reports: A Complete Overview - Security Boulevard
The human factor in cyber resilience | UKAuthority
Typosquat campaign impersonates 287+ popular npm packages • The Register
Scotland’s Digital Office highlights tabletop cyber security exercises | UKAuthority
Defenders Outpace Attackers in AI Adoption - Infosecurity Magazine
4 Main API Security Risks Organisations Need to Address
The ins and outs of threat emulation | TechRadar
Navigating the evolving landscape of cyber risk management
Germany drafts law to protect researchers who find security flaws
What is a Cyber Range? - Security Boulevard
Okta’s ‘secure by design’ pledge suffers a buggy setback | CSO Online
Effective Phishing Exercises: How To Plan, Execute And Follow Up
Microsoft 365 security blind spots: Is your business exposed? - Partner Content - Security - iTnews
Other News
Cyber security in crisis: Are we ready for what's coming? - Help Net Security
CISO Top 10 Priorities for Q3 2024: Navigating Cyber Security's Evolving Challenges | SC Media
The ironic vulnerability: why insurers are prime targets for cyber attacks
Cyber attack disrupts classes at Irish technology university
Public sector cyber break-ins: Our money, our right to know • The Register
'Unauthorized activity' downs Washington's court systems • The Register
The Internet's Defenders Are Running Out of Money—And We're All at Risk | IBTimes
How to Win at Cyber by Influencing People
Scotland’s Digital Office highlights tabletop cyber security exercises | UKAuthority
How early-stage companies can go beyond cyber security basics | CyberScoop
How to Outsmart Stealthy E-Crime and Nation-State Threats
Cyber Trends: Keep an Eye on Critical Infrastructure Sectors
Five ways cyber criminals target healthcare and how to stop them | ITPro
JPMorgan CISO says three trends play a role in how he protects the banking giant | Fortune
Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems
Don't search for information on cats at work — you could be at risk of being hacked | TechRadar
Combating Cyber Crime: What to Expect From Trump Presidency?
Facing Growing Threats, Space Industry Expands Its Cyber Warning Center
Governments are facing a huge surge in cyber attacks | TechRadar
Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)
Cyber attack on American Water: A warning to critical infrastructure
Vulnerability Management
Vulnerabilities
Microsoft SharePoint RCE bug exploited to breach corporate network
Worrying WordPress plugin security flaw could let hackers hijack your site | TechRadar
Okta vulnerability allowed accounts with long usernames to log in without a password
New SteelFox malware hijacks Windows PCs using vulnerable driver
Sophos Firewall hack on government network used an all-new custom malware | TechRadar
Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw • The Register
CISA warns of critical Palo Alto Networks bug exploited in attacks
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack | WIRED
PfSense Stored XSS Vulnerability Leads To RCE Attacks, PoC Published
Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks - SecurityWeek
Okta’s ‘secure by design’ pledge suffers a buggy setback | CSO Online
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.