Black Arrow Cyber Threat Briefing 9th June 2023
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
74% of Breaches Involve Human Element- Make Employees Your Best Asset
Verizon’s recent data breach report analysed 16,312 security incidents and 5,199 breaches. A total of 74% of breaches involved a human element, highlighting the role of employees in achieving good cyber resilience. Organisations looking to improve their resilience should therefore consider how well and how frequently they train their users. In a recent report, Fortinet found that 90% of leaders believed that increasing their employee cyber security awareness would help decrease the occurrence of cyber attacks. Worryingly, despite 85% of leaders having an awareness and training programme in place, 50% believed their employees still lacked cyber security knowledge.
With an effective training programme, organisations can increase their employees’ cyber risk awareness and empower them in defending the organisation, laying the foundation for a strong cyber security culture.
https://www.helpnetsecurity.com/2023/06/06/verizon-data-breach-investigations-report-2023-dbir/
https://www.helpnetsecurity.com/2023/06/09/employees-cybersecurity-knowledge/
Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC
The recent cyber attacks on file transfer software MOVEit have impacted a number of major companies through their supply chain. The attack, which hit UK-based HR and payroll provider Zellis has had a huge knock-on effect, with major companies such as British Airways, Boots and the BBC suffering as a result of using Zellis in their supply chain. The UK’s National Cyber Security Centre (NCSC) has emphasised the need for organisations to exercise heightened vigilance.
Organisations must be aware of supply chain risks, and how an attack on a supplier or service provider can impact their own organisation. It is important for organisations to manage supply chain security, assess third party risks, communicate with suppliers and keep on top of emerging threats; it’s no simple task.
https://www.securityweek.com/several-major-organizations-confirm-being-impacted-by-moveit-attack/
CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom
Nearly three-quarters of data breaches include an element of human failure, and senior business leaders were particularly at risk, according to a recent report. Not only do business leaders possess the most sensitive information, but they are often the least protected, with many organisations making security protocol exemptions for them. Such factors have pushed the boardroom into the spotlight more.
In another report, it was found that only 28% of IT professionals were confident in their executives’ ability to recognise a phishing email. The report found that as many as 71% of executives were reusing compromised passwords from personal accounts inside the company. Technology alone won’t solve the problem: user awareness training is required and this includes the boardroom.
Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise
A recent study has found that only 1 in 10 chief information security officers (CISOs) have all the key traits thought to be crucial for success on a corporate board, with many lacking governance skills and experience and other attributes needed for board readiness. Worryingly, nearly half of the 1,000 companies in the study lacked at least one director with cyber security expertise. This is concerning as good cyber security starts from the board: the board is responsible for understanding the business risks of a cyber incident and for endorsing whether the cyber controls in place have reduced those risks to a level that the board is happy with. Similarly, the board would not sign off financial risks without ensuring they had someone with financial experience and qualifications present. The Black Arrow vCISO service is ideal for organisations that need expertise in assessing and managing cyber risks, underpinned by governance reporting and metrics presented to enable the board to make educated and informed decisions.
https://www.csoonline.com/article/3698291/only-one-in-10-cisos-today-are-board-ready-study-says
BEC Volumes and Ransomware Costs Double in a Year
The number of recorded business email compromise (BEC) attacks doubled over the past year, with the threat comprising nearly 60% of social engineering incidents studied by Verizon for its 2023 Data Breach Investigations Report. The report this year was based on analysis of 16,312 security incidents and 5,199 breaches over the past year.
Pretexting, which is commonly using in BEC attacks, is now more common than phishing in social engineering incidents, although the latter is still more prevalent in breaches, the report noted. The median amount stolen in pretexting attacks now stands at $50,000. The vast majority of attacks (97%) over the past year were motivated by financial gain rather than espionage.
https://www.infosecurity-magazine.com/news/bec-volumes-ransomware-costs/
Hackers are Targeting C-Suite Executives Through Their Personal Email
As companies rely on chief financial officers (CFOs) to mitigate risk, cyber attacks and the costs associated with them are a major concern. Now there is also a growing trend of cyber criminals targeting C-suite executives in their personal lives, where it is easier to pull off a breach as there are fewer, if any, protections, instead of targeting them through their business accounts. Once attackers have access, they then try to use this to gain entry to the corporate systems. The report found that 42% of companies have experienced cyber criminal attacks on their senior-level corporate executives, which can compromise sensitive business data. The report found that 58% of respondents stated that cyber threat prevention for executives and their digital assets are not covered in their cyber, IT and physical securities strategies and budgets.
https://fortune.com/2023/06/08/hackers-targeting-c-suite-executives-personal-email-cybersecurity
Proactive Detection is Crucial as Organisations Lack Effective Threat Research
In a recent study, it was found that CISOs are spending significantly less time on threat research and awareness, despite 58% having an increase in their budget for cyber security; the same number reported that their team is so busy, they may not detect an attack. In a different report, keeping up with threat intelligence was identified as one of the biggest challenges faced.
https://www.helpnetsecurity.com/2023/06/06/cisos-cybersecurity-spending/
Number of Vulnerabilities Exploited Rose by 55%
A recent report from Palo Alto Networks’ Unit 42 found that the number of vulnerabilities that attackers are exploiting has grown by 55% compared to 2021, with most of the increase resulting from supply chain vulnerabilities; along with this was a 25% rise in the number of CVE’s, the term used for identified vulnerabilities. Worryingly ChatGPT scams saw a 910% increase in monthly domain registrations, pointing to an exponential growth in fraudulent activities taking advantage of the widespread usage and popularity of AI-powered chatbots.
Such growth puts further strain on cyber security staff, making it even harder for organisations to keep up. A strong threat management programme is needed, to help organisations prioritise threats and use organisational resources effectively to address said threats.
https://www.infosecurity-magazine.com/news/exploitation-vulnerabilities-grew/
https://www.infosecurity-magazine.com/news/cves-surge-25-2022-another-record/
Ransomware Behind Most Cyber Attacks, with Record-breaking May
2022 saw ransomware account for nearly one in four (24%) cyber attacks, with 95% of events resulting in a loss costing upwards of $2.25 million during 2021-2022. Ransomware remains a significant threat as evidenced by a different report, which stated that May 2023 saw a 154% spike in ransomware compared to May 2022. Other key findings include unreported attacks being five times more likely than reported attacks.
4 Areas of Cyber Risk That Boards Need to Address
As technological innovations such as cloud computing, the Internet of Things, robotic process automation, and predictive analytics are integrated into organisations, it makes them increasingly susceptible to cyber threats. This means that governing and assessing cyber risks becomes a prerequisite for successful business performance. This need for transparency has been recognised by the regulators and facilitated by the new cyber security rules to ensure companies maintain adequate cyber security controls and appropriately disclose cyber-related risks and incidents.
To ensure they fulfil the requirements, organisations should focus on the following areas: position security as a strategic business enabler; continuously monitor the cyber risk capability performance; align cyber risk management with business needs through policies and standards; and proactively anticipate the changing threat landscape by utilising threat intelligence sources for emerging threats.
https://hbr.org/2023/06/4-areas-of-cyber-risk-that-boards-need-to-address
North Korea Makes 50% of Income from Cyber Attacks
The North Korean regime makes around half of its income from cyber attacks on cryptocurrency and other targets. A 2019 UN estimate claimed North Korea had amassed as much as $2bn through historic attacks on crypto firms and traditional banks.
North Korean hackers have been blamed for some of the biggest ever heists of cryptocurrency, including the $620m stolen from Sky Mavis’ Ronin Network last year and the $281m taken from KuCoin in 2020 and $35m from Atomic Wallet just this last weekend.
They are using increasingly sophisticated techniques to get what they want. The 3CX supply chain attacks, in which backdoor malware was implanted into a legitimate-looking software update from the eponymous comms provider, is thought to have been a targeted attempt at hitting crypto exchanges.
https://www.infosecurity-magazine.com/news/north-korea-makes-50-income/
Going Beyond “Next Generation” Network Security
Over a decade ago, the phrase “next generation” was used in the network security space to describe the introduction of application-layer controls with firewalls. It was a pivotal moment for the space, setting a new standard for how we protected the perimeter. A lot has happened in the last decade though, most notably, the rapid adoption of cloud and multicloud architectures and the loss of the “perimeter.” Today, 82% of IT leaders have adopted hybrid cloud architectures, and 58% of organisations use between two and three public Infrastructure as a Service (IaaS) clouds. On top of that, 95% of web traffic is encrypted which limits visibility. Applications are everywhere, access privileges are unstructured, increasing the attack surface, and businesses expect near-perfect availability and resilience. To make things more complicated, enterprises have tried to solve these challenges with disparate solutions, leading to vendor sprawl among security stacks and operational inefficiency. What was once considered “next-generation” network security no longer cuts it.
Worldwide 2022 Email Phishing Statistics and Examples
Remote and hybrid work environments have become the new norm. The fact that email has become increasingly integral to business operations, has led malicious actors to favour email as an attack vector. According to a report by security company Egress, 92% of organisations have fallen victim to phishing attacks in 2022, a 29% increase in phishing incidents from 2021. Phishing attacks aimed at stealing info and data, also known as credential phishing, saw a 4% growth in 2022, with nearly 7 million detections. Rather worryingly, there was a 35% increase in the number of detections that related to business email compromise (BEC); these attacks mostly impersonated executives or high-ranking management personnel. With the increase in AI tools, it is expected that cyber criminals will be better able to create and deploy more sophisticated phishing attacks.
https://www.trendmicro.com/en_us/ciso/23/e/worldwide-email-phishing-stats-examples-2023.html
Governance, Risk and Compliance
CISOs, IT lack confidence in executives’ cyber-defence knowledge | CSO Online
Cyber spotlight falls on boardroom ‘privilege’ as incidents soar | Computer Weekly
CISOs focus more on business strategy than threat research - Help Net Security
Only one in 10 CISOs today are board-ready, study says | CSO Online
Employee cyber security awareness takes centre stage in defence strategies - Help Net Security
The Importance of Managing Your Data Security Posture (thehackernews.com)
How CISOs Can Manage the Intersection of Security, Privacy, And Trust (darkreading.com)
Why Companies Should Consider Developing A Chief Security Officer Position (forbes.com)
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
VeeamON 2023: When Your Nightmare Comes True - The New Stack
Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)
UK Organisations lack clear path to achieve threat intelligence - IT Security Guru
CIOs prioritize new technologies over tech stack optimization - Help Net Security
Top factors driving enterprise demand for new cyber security technology - Help Net Security
Factors influencing IT security spending - Help Net Security
How to Boost Cyber Security Through Better Communication (securityintelligence.com)
Generative AI's influence on data governance and compliance - Help Net Security
Essential Cyber security Compliance Standards (trendmicro.com)
Threats
Ransomware, Extortion and Destructive Attacks
Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)
Ransomware Behind Most Cyber Attacks, Verizon Business Reports - MSSP Alert
Ransomware Hit New Attack Highs in May 2023, BlackFog Report Says - MSSP Alert
Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg
Clop ransomware likely testing MOVEit zero-day since 2021 (bleepingcomputer.com)
Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online
New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal (thehackernews.com)
Cyclops Ransomware group offers a multiplatform Info StealerSecurity Affairs
Royal ransomware gang adds BlackSuit encryptor to their arsenal (bleepingcomputer.com)
Ransomware Victims
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
Ransomware takes down multiple municipalities in May | TechTarget
Several Major Organisations Confirm Being Impacted by MOVEit Attack - SecurityWeek
Spanish Bank Globalcaja Hit By Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)
2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)
Burton Snowboards discloses data breach after February attack (bleepingcomputer.com)
City of Dallas Still Clawing Back Weeks After Cyber Incident (darkreading.com)
Caribbean Island Suffers Cyber Attack, MSSP Expert Recommends Low-Code Automation - MSSP Alert
Phishing & Email Based Attacks
Fixing email security: It's still a rocky road ahead - SiliconANGLE
Worldwide 2022 Email Phishing Statistics and Examples (trendmicro.com)
New Security Warning Issued For Google's 1.8 Billion Gmail Users (forbes.com)
New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)
Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)
Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
ChatGPT creates mutating malware that evades detection by EDR | CSO Online
The Growing Cyber Threats of Generative AI: Who's Accountable? (darkreading.com)
Consumers overestimate their deepfake detection skills - Help Net Security
Department of Defence AI principles have a place in the CISO’s playbook | CSO Online
Generative AI's influence on data governance and compliance - Help Net Security
Traditional malware increasingly takes advantage of ChatGPT for attacks | CSO Online
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters
Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)
Cyber crooks Scrape OpenAI API Keys to Pirate GPT-4 (darkreading.com)
2FA/MFA
Malware
High-profile malware and targeted attacks in Q1 2023 | Securelist
ChatGPT creates mutating malware that evades detection by EDR | CSO Online
Malicious Chrome extensions with 75M installs removed from Web Store (bleepingcomputer.com)
Qakbot: The trojan that just won't go away - Help Net Security
Qbot malware adapts to live another day … and another … • The Register
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)
New PowerDrop Malware Targeting US Aerospace Industry (thehackernews.com)
Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)
Minecraft Malware Spreading Through Mods, Plug-ins (darkreading.com)
Online sellers targeted by new information-stealing malware campaign (bleepingcomputer.com)
Google puts $1M behind its mining-malware detection promise • The Register
Mobile
Over 60,000 Android apps secretly installed adware for past six months (bleepingcomputer.com)
Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)
New tool scans iPhones for 'Triangulation' malware infection (bleepingcomputer.com)
New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews
Apple announces next-level privacy and security innovations - Help Net Security
How Does Android Stack Up Vs IOS? (informationsecuritybuzz.com)
Botnets
New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)
Denial of Service/DoS/DDOS
Outlook.com hit by outages as hacktivists claim DDoS attacks (bleepingcomputer.com)
Microsoft OneDrive down worldwide following claims of DDoS attacks (bleepingcomputer.com)
Internet of Things – IoT
Britain to remove Chinese surveillance gear from government sites | Surveillance | The Guardian
Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)
Amazon’s Ring doorbell employees spied on users’ bathrooms (telegraph.co.uk)
High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security
New York City sues Hyundai, Kia claiming cars easy to steal • The Register
Data Breaches/Leaks
Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Hackers launch another wave of mass-hacks targeting company file transfer tools | TechCrunch
Massive free VPN data breach exposes 360M records | Fox News
2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)
Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online
Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)
Every Netherlands resident affected by data leak: watchdog | NL Times
German recruiter Pflegia leaks sensitive job seeker info- Security Affairs
What’s really changed 10 years after the Snowden revelations? | Edward Snowden | The Guardian
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft – Security Week
Google puts $1M behind its mining-malware detection promise • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Scammers publish ads for hacking services on government websites | TechCrunch
Hackers hijack legitimate sites to host credit card stealer scripts (bleepingcomputer.com)
A new wave of sophisticated digital fraud hits Europe - Help Net Security
ID fraud a possibility forever, claims data breach lawsuit • The Register
Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack (thehackernews.com)
Brazilian Cyber criminals Using LOLBaS and CMD Scripts to Drain Bank Accounts (thehackernews.com)
Virtual claims raise alarms among insurance carriers and customers - Help Net Security
UK banks to reimburse fraud victims under new rules, regulator confirms | Scams | The Guardian
Impersonation Attacks
'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting (darkreading.com)
Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)
Deepfakes
Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)
Deepfakes being used in ‘sextortion’ scams, FBI warns • The Register
Consumers overestimate their deepfake detection skills - Help Net Security
Defenders Buckle Up for a Future of Detecting Deepfakes (darkreading.com)
Insurance
Dark Web
New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews
Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)
What is the dark web and how do you access it? (androidpolice.com)
Supply Chain and Third Parties
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online
Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021 (thehackernews.com)
Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg
data privacy: Swiss administration hit by cyber attack - The Economic Times (indiatimes.com)
Software Supply Chain
SBOMs - Software Supply Chain Security’s Future or Fantasy? - SecurityWeek
10 security tool categories needed to shore up software supply chain security | CSO Online
Cloud/SaaS
The Annual Report: 2024 Plans and Priorities for SaaS Security (thehackernews.com)
Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Current SaaS security strategies don't go far enough - Help Net Security
Hybrid/Remote Working
Filling the Gaps: How to Secure the Future of Hybrid Work (darkreading.com)
Thought of Going Into Office Gives Quarter of Employees Sunday Scaries - IT Security Guru
Surveilling your employees? You could be putting your company at risk of attack - Help Net Security
Shadow IT
Encryption
API
Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)
OWASP's 2023 API Security Top 10 Refines View of API Risks - SecurityWeek
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)
Hate speech is driving advertisers away from Twitter • Graham Cluley
US government's TikTok ban extended to include contractors • The Register
Training, Education and Awareness
Employee cyber security awareness takes center stage in defense strategies - Help Net Security
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)
How to Boost Cyber security Through Better Communication (securityintelligence.com)
Embracing realistic simulations in cyber security training programs - Help Net Security
Data Protection
SEC drops 42 cases after staff bungle data protection • The Register
Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters
Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)
Microsoft Fined $20M For Xbox Child Data Collection (darkreading.com)
Careers, Working in Cyber and Information Security
Privacy, Surveillance and Mass Monitoring
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Nation State Actors
A Peek Behind the Curtain: Examining the Dimensions of a National-level Cyber Program | Mandiant
North Korean APT group targets email credentials in social engineering campaign | CSO Online
UK to strip Chinese surveillance cameras from sensitive government sites | Financial Times (ft.com)
Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)
US government's TikTok ban extended to include contractors • The Register
Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering (thehackernews.com)
Kimsuky APT poses as journalists and broadcast writers in attacks- Security Affairs
Meet TeamT5, the Taiwanese infosec outfit taking on Beijing • The Register
China has closed unofficial ‘police stations’ in Britain, UK minister says | China | The Guardian
Lazarus hackers linked to the $35 million Atomic Wallet heist (bleepingcomputer.com)
Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks (thehackernews.com)
Hostile states face contract ban amid security concerns (thetimes.co.uk)
North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft - SecurityWeek
Vulnerability Management
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
Public sector apps show higher rates of security flaws - Help Net Security
Vulnerabilities
Zyxel vulnerability under 'widespread exploitation' | TechTarget
Barracuda Urges Immediate Replacement of Hacked ESG Appliances (thehackernews.com)
Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities (thehackernews.com)
High-Severity Vulnerabilities Patched in Splunk Enterprise - SecurityWeek
Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution
Gigabyte Slams Backdoor Shut With Attack-Killing BIOS Update (darkreading.com)
Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now! (thehackernews.com)
Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)
High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security
Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover (darkreading.com)
Tools and Controls
CISOs focus more on business strategy than threat research - Help Net Security
CIOs prioritize new technologies over tech stack optimization - Help Net Security
Going Beyond “Next Generation” Network Security - Cisco Blogs
Make Your Employees Your Best Asset in Combating Cybercrime | CISO Collective (fortinet.com)
UK Organisations lack clear path to achieve threat intelligence - IT Security Guru
Employee cybersecurity awareness takes center stage in defence strategies - Help Net Security
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
Factors influencing IT security spending - Help Net Security
Top factors driving enterprise demand for new cyber security technology - Help Net Security
How to Boost Cyber security Through Better Communication (securityintelligence.com)
MoD adopts ‘secure by design’ for cyber security | UKAuthority
Everyone is selling VPNs, and that's a problem for security | Engadget
ISMG Editors: Why Communications Skills Matter for CISOs (inforisktoday.com)
Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)
Ransomware Attack Prevention Checklist - 2023 (cybersecuritynews.com)
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Embracing realistic simulations in cyber security training programs - Help Net Security
The Key to Zero Trust Identity Is Automation (darkreading.com)
What generative AI's rise means for the cyber security industry | TechTarget
Cisco spotlights generative AI in security, collaboration | Network World
10 security tool categories needed to shore up software supply chain security | CSO Online
How to Improve Your API Security Posture (thehackernews.com)
Consolidate Vendors and Products for Better Security - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.