Black Arrow Cyber Threat Briefing 09 August 2024
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Business Struggling to Prioritise Cyber Security Needs
UK businesses are increasingly struggling to meet cyber security demands due to insufficient technology, expertise, and funding. Over 80% of organisations report a significant cyber skills gap, with six in 10 CISOs citing underfunded security budgets. Insider threats, particularly those involving AI tools like ChatGPT, are identified as the biggest risk, yet nearly two-thirds of organisations lack the technology to combat these threats. While 85% have turned to automation to bolster defences, experts caution against overreliance on AI, stressing the need for skilled personnel. Simultaneously, 86% of cyber security professionals now rank unknown threats as their top concern, driving nearly 99% of organisations to plan outsourcing segments of their cyber risk management to third-party providers within the next two years. This trend underscores the importance of improved network visibility and the critical role of managed detection and response (MDR) services, which depend heavily on accurate data and human analysis.
The C-Suite Conundrum: Are Senior Executives the Achilles’ Heel of Cyber Security?
A recent analysis highlights the heightened risk facing C-suite executives, who are increasingly targeted by sophisticated spear phishing and whaling attacks due to their access to valuable corporate data and decision-making authority. CEOs are the primary targets, receiving 23% of phishing emails, followed closely by chief people officers (21%) and chief finance officers (19%). The human element remains a significant vulnerability, with 74% of breaches linked to human error, including misdirected emails. To mitigate these risks, organisations should provide tailored security training for executives and enhance their email security with integrated cloud solutions to prevent advanced threats and outbound data loss.
Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication
Ransomware attacks are escalating in 2024, with over 2,500 incidents recorded in the first half of the year, averaging more than 14 attacks daily. The rise in double extortion tactics is evident, with postings on leak sites increasing from 24 per month in early 2023 to 40 per month in 2024. Despite this growing sophistication, many organisations still neglect basic cyber hygiene, leaving vulnerabilities in RDP, VPNs, and the absence of multi-factor authentication as key entry points for attackers. A separate report by Sophos X-Ops highlights the increasing psychological tactics of ransomware gangs, who now aim to inflict emotional and reputational harm on victims. The Monti gang, for example, threatened to expose an employee's falsely accused browser history, while other groups have doxed (leaked personal information online) business owners, revealing personal and financial details. Ransomware operators also leverage media pressure and new regulations, threatening to report breaches to regulatory bodies if victims fail to comply. This shift underscores the intensified psychological warfare being waged by ransomware groups against targeted organisations.
Malware-as-a-Service and Ransomware-as-a-Service Lower Barriers for Cyber Criminals
A recent report highlights the increasing sophistication of cyber threats, with cyber crime-as-a-service models such as Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) lowering the barrier to entry for attackers. Notably, information-stealing malware accounted for 29% of early investigations, while phishing remains a significant concern, with 17.8 million phishing emails detected between December 2023 and July 2024. The report underscores the need for more proactive or anticipatory security measures as traditional reactive defences struggle to keep pace with evolving tactics, techniques, and procedures (TTPs) used by cyber criminals.
How the Theft of 40M UK Voter Register Records was Entirely Preventable
The UK’s Information Commissioner’s Office (ICO) has revealed that the massive data breach affecting 40 million UK voters was entirely preventable. The breach, which went undetected for over a year, was attributed to the Electoral Commission's failure to patch known vulnerabilities in its self-hosted Microsoft Exchange server. The ICO criticised the Commission for inadequate security measures, including poor password management, and noted that these basic lapses allowed hackers to steal voter information. Despite the severity of the breach, the ICO did not impose a fine, citing the absence of evidence that the stolen data was misused.
18-Year-Old Security Flaw in Firefox and Chrome Exploited in Attacks
A recently highlighted vulnerability, known as "0.0.0.0 Day", has persisted for 18 years and affects Linux and macOS devices, allowing malicious websites to bypass security in Chrome, Firefox, and Safari. This flaw enables attackers to interact with local network services, potentially changing settings or accessing protected information, and in some cases, executing remote code. Despite being reported in 2008, the vulnerability remains unresolved, with browsers acknowledging the issue and working towards a fix. The flaw exploits inconsistencies in browser security mechanisms like Cross-Origin Resource Sharing (CORS) and Private Network Access (PNA), making it a significant ongoing risk.
99% of Global 2000 Companies Directly Connected to a Supply Chain Breach
SecurityScorecard and The Cyentia Institute has revealed that 99% of Global 2000 companies are directly connected to vendors that have experienced recent breaches, underscoring the escalating risk of supply chain cyber attacks. These interconnected businesses face severe cyber risks, with supply chain incidents costing 17 times more to manage than first-party breaches. The report estimates that losses from Global 2000 breaches over 15 months ranged between $20 billion and $80 billion, with 90% of these companies acting as vendors to each other.
Email Attacks Skyrocket 293%
Acronis reveals a 293% surge in email attacks during the first half of 2024 compared to the same period in 2023, with ransomware detections also rising by 32% from Q4 2023 to Q1 2024. The report highlights that SMBs in government and healthcare are particularly vulnerable, with new ransomware groups accounting for 84 global attacks. The growing use of AI in cyber attacks, including social engineering and automation, is emphasised as a significant emerging threat. It is recommended that MSPs adopt a comprehensive security strategies, including advanced endpoint protection and security awareness training, to combat these evolving risks.
Police Recover Over $40m Headed to BEC Scammers
A Singaporean commodity firm narrowly avoided a significant loss after falling victim to a business email compromise (BEC) scam, transferring $42.3m to fraudsters in Timor Leste. Fortunately, the Singapore Police Force, utilising Interpol's Global Rapid Intervention of Payments (I-GRIP) mechanism, managed to recover $41m within ten days of the incident. This case underscores the effectiveness of rapid international cooperation in combating financial cyber crime. BEC scams continue to be a major threat, with the FBI reporting over $2.9bn lost to such attacks in 2023 alone.
Russia's Priorities in Prisoner Swap Suggest Cyber Focus
A recent prisoner exchange between the United States and Russia involved the release of eight convicted Russian nationals, including cyber criminals Vladislav Klyushin and Roman Seleznev, in return for 16 imprisoned Americans and Europeans. Klyushin, involved in a $93 million "hack-to-trade" scheme, and Seleznev, who ran a large-scale credit card fraud operation, highlight Russia's emphasis on cyber activities. Despite concerns about the implications of such exchanges, experts suggest that this historic swap, supported by five allied nations, is unlikely to alter how law enforcement approaches cyber crime prosecution.
Point of Entry: Why Hackers Target Stolen Credentials for Initial Access
ENISA, the European Union Agency for Cybersecurity, has highlighted the growing threat posed by stolen credentials, now the leading cause of data breaches, accounting for 24% of incidents. The Initial Access Broker (IAB) market has seen significant growth, with cyber criminals using malware such as Redline and Raccoon Stealer to harvest and sell credentials. Despite advancements in security measures, including multi-factor authentication (MFA), attackers continue to find ways to bypass defences. The report underscores the critical need for organisations to enforce strong password policies and continuously monitor for compromised credentials to mitigate this evolving threat.
FBI: BlackSuit Ransomware Behind Over $500 Million in Ransom Demands
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI has confirmed that the ransomware group previously known as Royal has rebranded as BlackSuit, demanding over $500 million in ransoms since its emergence. Active since September 2022, BlackSuit is believed to be the direct successor of the Conti syndicate, responsible for attacks on over 350 organisations and linked to major incidents like the CDK Global IT outage. Ransom demands typically range from $1 million to $10 million, with a peak demand of $60 million. The rebranding follows the deployment of a new encryptor, marking an evolution in the group's tactics and capabilities.
Survey: 78% of Ransomware Victims Paid and 74% Suffered Multiple Strikes
According to a recent survey conducted among nearly 1,000 IT and security professionals, it was found that 74% of respondents had experienced multiple ransomware attacks within the past year. Among those targeted, 78% ended up paying the ransom. Even more concerning is that out of those who paid, 72% did so on more than one occasion. Notably, 33% reported paying the ransom as many as four times or more. Despite these payments, 87% of attacks led to significant business disruption, including data loss, and 35% of victims did not receive functional decryption keys. Recovery was slow, with nearly half taking up to seven days to restore minimal IT functionality. This comes as another report highlights the rising threat, with security leaders facing an average of eight attacks per year, leading to nearly $2.5 million in ransom payments.
Finance Should Pay Much More Attention to Undersea Cables Risk
A recent analysis has highlighted the critical yet overlooked risk posed by undersea cables, which carry over 99% of global internet traffic, including $10 trillion in daily financial transactions. A new Rogucci report warns that while previous threats were mainly local sabotage, the current danger stems from state-sponsored hostile acts, with nations like Russia posing significant risks. The report calls for a $5 billion investment to triple the repair fleet and establish a centralised command to ensure network resilience. Without immediate action, the world’s financial infrastructure remains highly vulnerable to catastrophic disruption.
Sources:
https://www.scmagazine.com/news/most-companies-are-afraid-of-unseen-cybersecurity-threats
https://www.scmagazine.com/news/ransomware-gangs-leverage-new-tactics-to-pressure-victims-to-pay-up
https://www.helpnetsecurity.com/2024/08/09/maas-threat-landscape/
https://www.helpnetsecurity.com/2024/08/06/email-attacks-h1-2024/
https://www.infosecurity-magazine.com/news/police-recover-40m-bec-scammers/
https://www.darkreading.com/cyber-risk/russias-priorities-in-prisoner-swap-suggest-cyber-focus
https://www.insurancejournal.com/news/national/2024/08/08/787480.htm
https://www.ft.com/content/ab0e00b3-ce0a-4b44-a694-d398d67f64cc
Governance, Risk and Compliance
How C-Suite Leaders Can Set The Cyber Security Tone (forbes.com)
UK business struggling to prioritise cyber security needs, report reveals (holyrood.com)
CISOs don't feel supported at board level (betanews.com)
Boardroom Defence: Questions About Cyber Security (forbes.com)
Microsoft on CISOs: Thriving Community Means Stronger Security (darkreading.com)
Cyber resilience and the C-Suite navigating innovation and risk | SC Media (scmagazine.com)
Executives Beware: Understanding the Risk of Targeted Cyber Attacks - Security Boulevard
Effective Board Communication: Lessons from CrowdStrike for CISOs | UpGuard
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware groups develop more sophisticated business models (betanews.com)
Fighting Back Against Multi-Staged Ransomware Attacks Crippling Businesses - Security Week
Survey: 78% of Ransomware Victims Paid and 74% Suffered Multiple Strikes (insurancejournal.com)
Ransomware gangs leverage new tactics to pressure victims to pay up | SC Media (scmagazine.com)
Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication - Security Week
Ransomware attacks expected to worsen this year | SC Media (scmagazine.com)
Organisations face an average of 8 ransomware incidents per year | Security Magazine
FBI: BlackSuit ransomware made over $500 million in ransom demands (bleepingcomputer.com)
Soft ransomware targets, a new top emerging risk for enterprises: Gartner - Reinsurance News
Intelligence bill would elevate ransomware to a terrorist threat | CyberScoop
Should Organisations Pay Ransom Demands? (securityaffairs.com)
Royal ransomware crew puts on a BlackSuit in rebrand | Computer Weekly
Proton ransomware continues evolution with latest Zola variant | SC Media (scmagazine.com)
Ransomware gang targets IT workers with new RAT masquerading as IP scanner - Help Net Security
Ransomware Victims
UK IT provider faces $7.7 million fine for 2022 ransomware breach (bleepingcomputer.com)
French Museums Hit By Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)
Surge in Magniber ransomware attacks impact home users worldwide (bleepingcomputer.com)
Watchdog set to fine NHS IT firm after medical records hack - BBC News
Ransomware attack paralyzes milking robots — cow dead | CSO Online
Ransomware Attack Cost Keytronic Over $17 Million - Security Week
Phishing & Email Based Attacks
The Alarming Surge Of Lateral Phishing – Are We All Just Sitting Ducks? | HackerNoon
Police Recover Over $40m Headed to BEC Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Forty percent of business email compromise (BEC) are AI-generated (thehrdirector.com)
62 percent of phishing emails pass DMARC checks (betanews.com)
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
Email attacks skyrocket 293% - Help Net Security
Microsoft 365 anti-phishing alert "erased" with one simple trick - Help Net Security
Darktrace report: 56% of phishing emails bypass security checks (securitybrief.co.nz)
KnowBe4 Releases Q2 Quarterly Phishing Test Results | Business Wire
HR emails top phishing tactics in KnowBe4's Q2 2024 report (securitybrief.co.nz)
Phishers have figured out that everyone is afraid of HR | CSO Online
BEC
Police Recover Over $40m Headed to BEC Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Forty percent of business email compromise (BEC) are AI-generated (thehrdirector.com)
Email attacks skyrocket 293% - Help Net Security
Other Social Engineering
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
Artificial Intelligence
Forty percent of business email compromise (BEC) are AI-generated (thehrdirector.com)
Auditors fear AI will ‘turbocharge’ cyber crime - CIR Magazine
AI in the Enterprise: Cutting Through the Hype and Assessing Real Risks - Security Week
Do you know what's in the new AI Cyber Code? - Accountancy Age
ACCA welcomes gov’s proposed AI cyber security code | Accountancy Today
Tech giants reveal plans to combat AI-fueled election antics | CyberScoop
Security industry braces for Democracy’s biggest test yet | SC Media (scmagazine.com)
Disinformation may 'go nuclear' rather than 'go viral,' researchers say | TechCrunch
Securing against GenAI weaponization - Help Net Security
AI-obsessed company leaders can't ignore cyber security, says Palo Alto's CEO | Fortune
UK cyber spies plan AI lab to counter hostile state threats (cryptopolitan.com)
The dangers of voice deepfakes in the November election | TechTarget
AI PCs bring new security protections and risks. Here's what users need to know | ZDNET
What Does the EU AI Act Mean for Cyber Security? - Silicon UK Expert Advice
European IT Professionals Want Training on AI, Poll Finds - IT Security Guru
2FA/MFA
Implement MFA or Risk Non-Compliance With GDPR - Security Week
Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out | CSO Online
Malware
Hackers breach ISP to poison software updates with malware (bleepingcomputer.com)
Google Ads used to spread Mac malware disguised as 'Loom' (appleinsider.com)
Malware goes undetected by hiding malicious code in uncommon MS Access format - VMRay
Sneaky SnakeKeylogger slithers into Windows email inboxes • The Register
North Korean hackers exploit VPN update flaw to install malware (bleepingcomputer.com)
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
Chameleon Banking Trojan Makes a Comeback Cloaked as CRM App (darkreading.com)
New CMoon USB worm targets Russians in data theft attacks (bleepingcomputer.com)
Bad apps bypass Windows alerts for six years using LNK files • The Register
Ransomware gang targets IT workers with new RAT masquerading as IP scanner - Help Net Security
Mobile
Cyber Security is Not Complete Without EDR for Mobile | MSSP Alert
New LianSpy malware hides by blocking Android security feature (bleepingcomputer.com)
Extensive capabilities of new BlankBot Android trojan detailed | SC Media (scmagazine.com)
Google Patches New Android Kernel Vulnerability Exploited in the Wild (thehackernews.com)
Flaw in 5G phones exposes millions of users to spying (newsbytesapp.com)
Denial of Service/DoS/DDOS
Gaming Industry Faces 94% Surge in DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft Azure Attack Shows Persistence of Blunt Hacking Tool (claimsjournal.com)
How to recover from a DDoS attack – and what they can teach businesses | ITPro
Port of Tyne website hit by cyber attack - BBC News
Internet of Things – IoT
20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers (darkreading.com)
As use of IoT devices grows, so do the associated security risks | ZDNET
Next-Gen Vehicle Technologies Poses Challenges For Cyber Security Pros (informationsecuritybuzz.com)
With Most Modern Cars Locked Down, Hackers Turn to EV Chargers (pcmag.com)
Data Breaches/Leaks
How the theft of 40M UK voter register records was entirely preventable | TechCrunch
Personal Data of 3 Billion People Stolen in Hack, Suit Says (bloomberglaw.com)
Florida firm sued over theft of 2.9B personal records • The Register
ADT confirms data breach after customer info leaked on hacking forum (bleepingcomputer.com)
Tech Contractor Exposes Data Of 4.6 Million US Voters (informationsecuritybuzz.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Billion-dollar bust as cops op shutters Cryptonator wallet • The Register
Airbnb host adds ‘no crypto mining’ rule after tenant installs 10 rigs
How blockchain can support third-party risk management | TechTarget
Insider Risk and Insider Threats
Suspicious Minds: Insider Threats in The SaaS World (thehackernews.com)
Stopping cyber attackers from targeting the weakest links in security | ITPro
Insurance
CrowdStrike Outage Caused Billions in Damages That Will Go Uninsured - Bloomberg
Supply Chain and Third Parties
CrowdStrike Outage Caused Billions in Damages That Will Go Uninsured - Bloomberg
99% of Global 2000 Companies Directly Connected to a Supply Chain Breach | Business Wire
Investors sued CrowdStrike over false claims about its Falcon platform (securityaffairs.com)
CrowdStrike: Delta Rejected Our Help in Wake of Windows Crash (pcmag.com)
Microsoft Azure outage takes down services across North America (bleepingcomputer.com)
Lessons unlearned -- the cyber security industry is stuck in the past (betanews.com)
Tech Contractor Exposes Data Of 4.6 Million US Voters (informationsecuritybuzz.com)
Sports venues must vet their vendors to maintain security - Help Net Security
Cloud/SaaS
Microsoft Azure outage takes down services across North America (bleepingcomputer.com)
Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins (darkreading.com)
Suspicious Minds: Insider Threats in The SaaS World (thehackernews.com)
Inherent disadvantage: Why attackers have the upper hand in the cloud | SC Media (scmagazine.com)
Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds - Security Week
Outages
CrowdStrike Outage Caused Billions in Damages That Will Go Uninsured - Bloomberg
Investors sued CrowdStrike over false claims about its Falcon platform (securityaffairs.com)
Microsoft Azure outage takes down services across North America (bleepingcomputer.com)
Delta: CrowdStrike’s offer for help too little, too late • The Register
Lessons unlearned -- the cyber security industry is stuck in the past (betanews.com)
Encryption
The looming threat of Q-day and how CFOs should prepare | Fortune
Preparing for the Future of Post-Quantum Cryptography (darkreading.com)
US nears milestone in race to prevent quantum hacking (ft.com)
Linux and Open Source
Linux kernel impacted by new SLUBStick cross-cache attack (bleepingcomputer.com)
0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Point of entry: Why hackers target stolen credentials for initial access (bleepingcomputer.com)
Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds - Security Week
Social Media
US sued TikTok and ByteDance for violating children’s privacy laws - Security Affairs
Many dating apps a matchmaker for cyber criminals, study finds | Premium | Compliance Week
Online platforms told they risk stirring up hate and violence - BBC News
Malvertising
Google Ads used to spread Mac malware disguised as 'Loom' (appleinsider.com)
You’re telling me that ad was fake? Malvertising is sneakier than ever (securitybrief.co.nz)
Training, Education and Awareness
Stopping cyber attackers from targeting the weakest links in security | ITPro
European IT Professionals Want Training on AI, Poll Finds - IT Security Guru
Regulations, Fines and Legislation
UK IT provider faces $7.7 million fine for 2022 ransomware breach (bleepingcomputer.com)
US sued TikTok and ByteDance for violating children’s privacy laws - Security Affairs
Implement MFA or Risk Non-Compliance With GDPR - Security Week
Florida firm sued over theft of 2.9B personal records • The Register
Watchdog set to fine NHS IT firm after medical records hack - BBC News
Do you know what's in the new AI Cyber Code? - Accountancy Age
ACCA welcomes gov’s proposed AI cyber security code | Accountancy Today
SEC ends probe into MOVEit attacks impacting 95 million people (bleepingcomputer.com)
Intelligence bill would elevate ransomware to a terrorist threat | CyberScoop
Unraveling the ‘Materiality’ Mystery of SEC Compliance (informationweek.com)
NIS2 Directive in the EU: An imminent deadline, insufficient preparation - IT Security Guru
What Does the EU AI Act Mean for Cyber Security? - Silicon UK Expert Advice
Cyber Security and Resilience Bill good news for business and insurers (emergingrisks.co.uk)
Models, Frameworks and Standards
Download: CIS Critical Security Controls v8.1 - Help Net Security
NIS2 Directive in the EU: An imminent deadline, insufficient preparation - IT Security Guru
Backup and Recovery
What's the best way to protect against HDD failure? | TechTarget
Careers, Working in Cyber and Information Security
How to start your cyber security career: Expert tips and guidance - Help Net Security
What cyber security pros can learn from first responders (securityintelligence.com)
Law Enforcement Action and Take Downs
Police Recover Over $40m Headed to BEC Scammers - Infosecurity Magazine (infosecurity-magazine.com)
Billion-dollar bust as cops op shutters Cryptonator wallet • The Register
Nashville man arrested for aiding North Korean remote IT worker fraud | CyberScoop
US dismantles laptop farm used by undercover North Korean IT workers (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Tech giants reveal plans to combat AI-fueled election antics | CyberScoop
Security industry braces for Democracy’s biggest test yet | SC Media (scmagazine.com)
Disinformation may 'go nuclear' rather than 'go viral,' researchers say | TechCrunch
The dangers of voice deepfakes in the November election | TechTarget
Microsoft: Iran makes late play to meddle in US elections | CyberScoop
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
UK cyber spies plan AI lab to counter hostile state threats (cryptopolitan.com)
How Africa became the testing ground for cyber warfare | ITPro
Microsoft Graph API Exploitation in State-Backed Espionage on the Rise | MSSP Alert
Nation State Actors
China
How the theft of 40M UK voter register records was entirely preventable | TechCrunch
Easterly: Potential Chinese cyber attack could unfold like CrowdStrike error | CyberScoop
Hackers breach ISP to poison software updates with malware (bleepingcomputer.com)
Chinese cyber attack sparks alert over six year old MS vuln | Computer Weekly
Fears of war with China grow but Labour is intent on a relationship with Beijing (inews.co.uk)
China's APT41 Targets Taiwan Research Institute for Cyber Espionage (darkreading.com)
Microsoft Graph API Exploitation in State-Backed Espionage on the Rise | MSSP Alert
Russia
Russia's Priorities in Prisoner Swap Suggest Cyber Focus (darkreading.com)
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure (thehackernews.com)
New CMoon USB worm targets Russians in data theft attacks (bleepingcomputer.com)
Iran
Microsoft: Iran makes late play to meddle in US elections | CyberScoop
Israeli hacktivist group claims it took down Iran's internet • The Register
North Korea
North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry (thehackernews.com)
North Korean hackers exploit VPN update flaw to install malware (bleepingcomputer.com)
Nashville man arrested for aiding North Korean remote IT worker fraud | CyberScoop
US dismantles laptop farm used by undercover North Korean IT workers (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Israeli hacktivist group claims it took down Iran's internet • The Register
Tools and Controls
62 percent of phishing emails pass DMARC checks (betanews.com)
Cyber Security is Not Complete Without EDR for Mobile | MSSP Alert
Security teams failing to manage Apple devices effectively (betanews.com)
Why every modern SOC needs a dedicated Vulnerability Operations Center (VOC) | TechRadar
Investors sued CrowdStrike over false claims about its Falcon platform (securityaffairs.com)
AI in the Enterprise: Cutting Through the Hype and Assessing Real Risks - Security Week
The Potential Pitfalls Of Cyber Security Platformisation (forbes.com)
Securing from Active Directory Attacks - Security Boulevard
Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) released - Help Net Security
The API Security Crisis: Why Your Company Could Be Next (darkreading.com)
How to recover from a DDoS attack – and what they can teach businesses | ITPro
12 types of endpoint security | TechTarget
Building an Effective Strategy to Manage AI Risks (darkreading.com)
Microsoft 365 anti-phishing alert "erased" with one simple trick - Help Net Security
After the Dust Settles: Post-Incident Actions - Security Week
Cyber Security and Resilience Bill good news for business and insurers (emergingrisks.co.uk)
Stopping cyber attackers from targeting the weakest links in security | ITPro
How Situational Awareness Enhances the Security of Your Facility - Security Boulevard
Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year - Security Week
Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out | CSO Online
AI PCs bring new security protections and risks. Here's what users need to know | ZDNET
Microsoft Graph API Exploitation in State-Backed Espionage on the Rise | MSSP Alert
Where internal audit teams are spending most of their time - Help Net Security
Effective Board Communication: Lessons from CrowdStrike for CISOs | UpGuard
Other News
Most companies are afraid of unseen cyber security threats | SC Media (scmagazine.com)
Finance should pay much more attention to undersea cables risk (ft.com)
Mobile device management vendor Mobile Guardian attacked • The Register
Every Microsoft employee is now being judged on their security work - The Verge
How Cyber Criminals Are Weaponizing Sound Waves | HackerNoon
Report: Myths about tech still plaguing the IT world • The Register
UK under threat from exposed industrial systems – Censys (datacentrenews.uk)
How I got ‘hacked’ and what that says about the banking system (ft.com)
Attackers Use Multiple Techniques to Bypass Reputation-Based Security (darkreading.com)
Is the US Federal Government Increasing Cyber Risk Through Monoculture? (darkreading.com)
Over 40,000 Internet-Exposed ICS Devices Found in US: Censys - Security Week
Vulnerability Management
CVEs Surge 30% in 2024, Only 0.91% Weaponized - Infosecurity Magazine (infosecurity-magazine.com)
Why every modern SOC needs a dedicated Vulnerability Operations Center (VOC) | TechRadar
Best Practices for Effective Vulnerability Management | MSSP Alert
Monitoring KEV List for Changes Can Guide Security Teams (darkreading.com)
Vulnerabilities
Windows Update downgrade attack "unpatches" fully-updated systems (bleepingcomputer.com)
18-year-old security flaw in Firefox and Chrome exploited in attacks (bleepingcomputer.com)
Bitdefender Vulnerability Let Attackers Trigger SSRF Attacks (cybersecuritynews.com)
Microsoft Edge Vulnerability Let Attackers Execute Arbitrary Code (cybersecuritynews.com)
12 wide-impact firmware vulnerabilities and threats | CSO Online
Linux kernel impacted by new SLUBStick cross-cache attack (bleepingcomputer.com)
Google Patches New Android Kernel Vulnerability Exploited in the Wild (thehackernews.com)
20K Ubiquiti IoT Cameras & Routers Are Sitting Ducks for Hackers (darkreading.com)
Windows Smart App Control has a worrying security bug that hackers exploited for years | TechRadar
Microsoft Update Warning—70% Of All Windows Users Now At Risk (forbes.com)
Chrome, Firefox Updates Patch Serious Vulnerabilities - Security Week
Apple to Address '0.0.0.0' Security Vulnerability in Safari 18 - MacRumors
Critical Progress WhatsUp RCE flaw now under active exploitation (bleepingcomputer.com)
Windows Update Flaws Allow Undetectable Downgrade Attacks - Security Week
Hackers Exploited An 18-Year-Old Loophole In Safari, Chrome And Firefox (forbes.com)
Download iOS 17.6.1 Now to Ensure This Feature Is Working Correctly - CNET
Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins (darkreading.com)
GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU - Security Week
Chinese cyber attack sparks alert over six year old MS vuln | Computer Weekly
BIND Vulnerabilities: Urgent Security Updates Released - Security Boulevard
AWS Patches Vulnerabilities Potentially Allowing Account Takeovers - Security Week
0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices (thehackernews.com)
Cisco warns of critical RCE zero-days in end of life IP phones (bleepingcomputer.com)
Exploit released for Cisco SSM bug allowing admin password changes (bleepingcomputer.com)
CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature (thehackernews.com)
European IT Professionals Want Training on AI, Poll Finds - IT Security Guru
Flaw in 5G phones exposes millions of users to spying (newsbytesapp.com)
Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year - Security Week
1Password vulnerability lets attackers steal Vault items • The Register
Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out | CSO Online
Microsoft: Exchange 2016 reaches extended end of support in October (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.