Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Almost Half of Former Employees Say Their Passwords Still Work

An alarming number of organisations are not properly offboarding employees when they leave, especially in regard to passwords. In a new survey of 1,000 workers who had access to company passwords at their previous jobs, 47% admitted to using them after leaving the company.

According to the survey one in three respondents said they had been using the passwords for upwards of two years, which is a distressingly long time for organisations not to be aware of who is accessing those accounts and services.

When asked what they use the passwords for, 64% said to access their former email accounts and 44% to access company data. A concerning 10% of respondents said they were trying to disrupt company activities.

https://www.darkreading.com/edge-threat-monitor/almost-half-of-former-employees-say-their-passwords-still-work

• Efficient Risk Based Patch Management Means Eliminating Just 2% of Exposures Could Protect 90% of Critical Assets

A recent cyber security report analysed over 60 million security exposures, or weaknesses that could give an attacker access to systems. The report found that only 2% enabled attackers access to critical assets, while 75% of exposures along attack paths lead to “dead ends”. Further, the report shows that average organisations have 11,000 exploitable security exposures monthly, with techniques targeting credentials and permissions affecting 82% of organisations and exploits accounting for over 70% of all identified security exposures.

The report found that most security alerts were benign and did not lead to critical assets. By applying efficient risk based patch management and reducing unnecessary access to critical assets, organisations can mitigate a significant amount of risk. This isn’t a simple task however, for an organisation to be able to employ efficient risk based patch management it must have a sufficient level of cyber maturity and internal vulnerability scanning accompanied by a dynamic threat intelligence component.

https://www.infosecurity-magazine.com/news/eliminating-2-exposures-protect-90/

• Printers Pose Persistent Yet Overlooked Threat

A rash of printer-related vulnerabilities in 2023 have punctuated security expert warnings that printers continue to be a significant vulnerability within companies — especially as remote workers require printing resources or access to corporate printers. So far in 2023, Lexmark advised that a publicly available remote exploit had already targeted a code execution flaw in its printers, HP warned of a vulnerable firmware version on some of its enterprise printers, and Microsoft fixed three remote code execution vulnerabilities in its printer drivers.

Printers remain a likely soft spot in most companies’ attack surface area, particularly because they are not always part of a company’s asset management process and are often left out of security assessments and risk registers. Many organisations don’t know where their printers are, their security status, configuration, monitoring or logging activity. Research has shown that 67% of companies are worried about the risk home printers may pose and only 26% of information technology and cyber security professionals are confident in their organisation’s printing infrastructure security.

https://www.darkreading.com/vulnerabilities-threats/printers-pose-persistent-yet-overlooked-threat

• Employees Are as Likely as Cyber Criminals to Cause Cyber Incidents

Employees and cyber criminals cause similar numbers of data leakages. Kaspersky’s 2022 IT Security Economics survey found cyber-attacks caused 23% of data leakages, while employees caused a similar proportion, at 22%. The rise in employees causing leakages may be linked with more remote working since the pandemic, with new staff laptops, tablets, and virtual private networks (VPNs) featuring among the extra endpoints and systems needing security. Although innocent mistakes or ignoring cyber-security policy were behind most leakages, security managers reported 36% of employee-triggered leakages were deliberate acts of sabotage or espionage. The high number of cyber-incidents stemming from employee action shows all organisations need thorough cyber-security awareness training to teach all staff how to avoid common security mistakes.

https://www.independent.co.uk/news/business/business-reporter/employees-cyber-criminals-cyber-incidents-b2314225.html

• Over 90% of Organisations Find Threat Hunting a Challenge

Executing essential cyber security operations tasks during the threat hunting process is an increasingly challenging proposition to the vast majority of organisations, with 93% of those polled for a Sophos report saying they find basic security operations a chore.

In the report, “The state of cybersecurity 2023: The business impact of adversaries on defenders”, Sophos said these findings were likely the result of the ongoing cyber security skills shortage, which is creating a domino effect in security operations: a lack of skilled personnel makes investigating alerts take longer, which reduces the security team’s capacity and increases the organisation’s exposure to higher levels of risk.

Organisations that suffer the most are those with revenues of less than $10m (£8m), which are more likely to lack the necessary skillsets, followed by organisations with revenues of more than $5bn, where organisational and system complexity likely play a more prominent role.

https://www.computerweekly.com/news/365534612/Over-90-of-organisations-find-threat-hunting-a-challenge

• 75% of Organisations Have Suffered a Cyber Security Breach

Most organisations need stronger security controls to stop cyber security breaches and cyber attacks, according to “The Data Dilemma: Cloud Adoption and Risk Report” from security service edge (SSE) company Skyhigh Security. Key takeaways from the report include:

• 97% of organisations indicated they are experiencing private cloud problems.

• 75% have experienced a cyber security breach, threat and/or theft of data.

• 75% said shadow IT “impairs their ability to keep data secure.”

• 60% allow employees to download sensitive data to their personal devices.

• 52% noted their employees are using SaaS services that are commissioned by departments outside of IT and without direct involvement of their IT department.

• 37% said they do not trust the public cloud to secure their sensitive data.

https://www.msspalert.com/cybersecurity-research/skyhigh-security-report-75-of-organizations-have-suffered-a-cybersecurity-breach/

• Leak Shows Evolving Russian Cyber War Capabilities

The leak of thousands of pages of secret documentation related to the development of Moscow’s cyber and information operations capabilities paint a picture of a government obsessed with social control and committed to scaling their capacity for non-kinetic interference.

The leaked documents detail methods and training simulations intended to prepare an operator workforce for offensive operations against critical infrastructure targets. Tools revealed by these recent leaks suggest a desire and an ability to extensively map foreign vulnerabilities and make the job of Russia’s cyber conflict operators as accessible and scalable as possible.

This leak reinforces the significant concern regarding the threat posed by Russian cyber forces to firms across the globe.

https://www.csoonline.com/article/3692821/ntc-vulkan-leak-shows-evolving-russian-cyberwar-capabilities.html#tk.rss_news

• Outsourced Payroll and HR Services Firm Forced to Shut Down After Cyber Attack

Belgian headquartered HR and payroll giant SD Worx has suffered a cyber attack causing them to shut down all IT systems for their UK and Ireland services. While the login portals for other European countries are working correctly, the company's UK customer portal was not accessible. As a full-service human resources and payroll company, SD Worx manages a large amount of sensitive data for their client's employees.

According to the company's general conditions agreement, this data may include tax information, government ID numbers, addresses, full names, birth dates, phone numbers, bank account numbers, employee evaluations, and more.

https://www.bleepingcomputer.com/news/security/sd-worx-shuts-down-uk-payroll-hr-services-after-cyberattack/

• When a Cyber Criminal Steals Personal Data from Your Organisation What Do You Do and Who Do You Need to Inform?

If that happens it might be time for your management to clear their desks. The prospect of financial penalties and reputational damage is very real. You need to know your obligations — for instance, reporting the breach to applicable authorities and regulators within strict timeframes — understand the breach, and prioritise. Then you communicate and remedy. If you haven’t planned well, it’s going to be tough.

You need to understand the data breach. Who is affected — is it staff or customer data? What exactly have the cyber criminals accessed? Consider the type of information: salary details and passport copies, or customer payment information.

If personal data has been lost or compromised, you will likely have an obligation under data protection regulations to report the breach to your applicable data protection authority within 72 hours, and if you are a regulated business there will likely be similar requirements to report to your regulator within a similar timeframe. Knowing your obligations — ideally before any hack takes place — will guide how well you respond.

https://www.thetimes.co.uk/article/who-should-i-inform-after-a-data-hack-dcrzvgp2x

• Insider Threat and Ransomware: A Growing Issue

Ransomware is a growing epidemic. 2022 saw a slew of high-profile attacks leading to massive paydays for cyber criminals. Cyber criminals work just as hard to conceal their identities and location as they do to exploit weaknesses and capture valuable data to hold hostage. Organisations not only stand to lose money in this scenario, but the damage to their reputation and trustworthiness in the market can be challenging to recover from. Customers place high trust in the safety of their personal information, and it’s the company they hold accountable – not the thieves – if it slips into the wrong hands.

Even if you have good technical controls, the low-hanging fruit is capitalising on the human element and gaining entrance through a person within your organisation. Insider threats come in all shapes and sizes and roles, including employees, executives, former employees, board members, contractors, and service providers. Insider threats, by their very nature, pose a unique challenge for organisations.

https://informationsecuritybuzz.com/insider-threat-and-ransomware-a-growing-issue/

• How LockBit Changed Cyber Security Forever

LockBit are one of the most prolific ransomware gangs globally, accounting for almost half of ransomware attacks in 2022. They not only maintain a high profile, but they’ve also turned ransom monetisation upside down. Thanks to their innovative approach, the group has claimed 44% of total ransomware attacks launched in 2022. LockBit made history by launching the industry’s first bug bounty program initiated by a ransomware group. The operation invites security experts to uncover vulnerabilities and report them for rewards ranging from $1,000 to a staggering $1 million. This has since been expanded and now offers bounties for creative ways to enhance ransomware operations.

https://securityintelligence.com/articles/how-lockbit-changed-cybersecurity/

• Hybrid Work Environments Are Stressing CISOs

The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new strategies for hybrid work security, according to a new report.

Among the report’s most critical findings is the revelation that browsing-based threats ranked as CISOs’ number one concern, regardless of whether their organisation was operating primarily in an in-office, hybrid, or remote setting.

And as for the risks posed by hybrid and remote workers specifically, insecure browsing also topped the list of CISOs’ concerns.

https://www.helpnetsecurity.com/2023/04/12/hybrid-work-environments-stressing-cisos/

• Protect Your Data with a USB Condom

USB isn't just a charging protocol, it also allows data to flow back and forth, and while most of the time this data flow is safe, it is possible to create a malicious charging port that can do bad things, such as plant malware on your device or steal your data. Equally, an employee plugging their personal phone into a corporate USB port may present a danger to the corporate network through the phone. A USB condom is a small dongle that adds a layer of protection between your device and the charging point you're attaching it to by blocking the data being transferred through the port. If you must use a charger, cable, or charging port that isn't under your control, it makes sense to use a USB condom.

https://www.zdnet.com/article/protect-your-data-with-a-usb-condom/

• Strategising Cyber Security: Why a Risk-based Approach is Key

By 2027, cyber crime could cost the global economy nearly $24 trillion. Businesses often find themselves at the sharp end of this challenge, and, as such, cyber security is a critical aspect of the modern business landscape. Cyber threats are multiplying and pose serious financial, legal and reputational challenges to organisations.

Modern and effective cyber security management entails more than managing technology risk; it encompasses managing business risk. Organisations must recognise cyber security as a strategic imperative integrated into their overall risk management framework — and this starts at the board level.  In some cases, board members may find it beneficial to seek help in assessing appropriate levels of control.

https://www.weforum.org/agenda/2023/04/strategizing-cybersecurity-why-a-risk-based-approach-is-key/

Threats

Ransomware, Extortion and Destructive Attacks

• Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit (thehackernews.com)

• Microsoft patches vulnerability used in Nokoyawa ransomware attacks | CSO Online

• How LockBit Changed Cyber security Forever (securityintelligence.com)

• Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise (thehackernews.com)

• Insider Threat And Ransomware: A Growing Issue (informationsecuritybuzz.com)

• Rorschach ransomware deployed by misusing a security tool - Help Net Security

• Medusa ransomware claims attack on Open University of Cyprus (bleepingcomputer.com)

• Cyble — New Cylance Ransomware with Power-Packed CommandLine Options

• Taiwanese PC Company MSI Falls Victim to Ransomware Attack (thehackernews.com)

• KFC, Pizza Hut owner discloses data breach after ransomware attack (bleepingcomputer.com)

• 7 Things Your Ransomware Response Playbook Is Likely Missing (darkreading.com)

• Cyber crime group exploits Windows zero-day in ransomware attacks-Security Affairs

• Windows zero-day vulnerability exploited in ransomware attacks (bleepingcomputer.com)

• Ransomware gangs increasingly deploy zero-days to maximize attacks | CyberScoop

• Latitude Financial Refuses to Pay Ransom - Infosecurity Magazine (infosecurity-magazine.com)

• Superyacht-Maker Hit by Easter Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

Phishing & Email Based Attacks

• Microsoft: Phishing attack targets accountants as Tax Day approaches (bleepingcomputer.com)

• Researchers Uncover Thriving Phishing Kit Market on Telegram Channels (thehackernews.com)

• Phishing Campaign Targeting YouTube Content Creators, Malware Hitting Charging Stations - MSSP Alert

BEC – Business Email Compromise

• 'BEC 3.0' Is Here with Tax-Season QuickBooks Cyber attacks (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Simple psychology is the most dangerous form of cyber attack (thetimes.co.uk)

2FA/MFA

• Comparing enabled and enforced MFA in Microsoft 365 | TechTarget

• Rilide browser extension steals MFA codes - Help Net Security

Malware

• New Mirai Variant Employs Uncommon Tactics to Distribute Malware (darkreading.com)

• Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques (thehackernews.com)

• BlackGuard Stealer Extends its Capabilities in New Variant - MSSP Alert

• Check Point Software Technologies: Qbot Top Malware in March 2023 - MSSP Alert

• Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages (thehackernews.com)

• DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia - Microsoft Security Blog

• Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads (darkreading.com)

• Microsoft shares guidance to detect BlackLotus UEFI bootkit attacks (bleepingcomputer.com)

• Researchers Uncover 7000 Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft, Fortra Gains Legal Rights Against Cobalt Strike Abuse (informationsecuritybuzz.com)

• Emotet Climbs March 2023's Most Wanted Malware List With OneNote Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Legion Malware Marches onto Web Servers to Steal Credentials, Spam Mobile Users (darkreading.com)

• WhatsApp boosts defence against account takeover via malware (bleepingcomputer.com)

Mobile

• Protect your data with a USB condom | ZDNET

• FBI warns about dangers of public USB charging ports | Popular Science (popsci.com)

• Researchers Uncover Thriving Phishing Kit Market on Telegram Channels (thehackernews.com)

• Android phones vulnerable to remote hacking — update right now | Tom's Guide (tomsguide.com)

• Burglars tunnel through Apple Store’s neighbour, allegedly steal $500K in iPhones | Ars Technica

• 5G connections set to rise past 5.9 billion by 2027 - Help Net Security

• Cyber criminals To Add Android Malware On Google Play Up To $20,000 (informationsecuritybuzz.com)

• Cyber criminals Turn to Android Loaders on Dark Web to Evade Google Play Security (thehackernews.com)

• Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit (thehackernews.com)

• WhatsApp boosts defence against account takeover via malware (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Hackers Flood NPM with Bogus Packages Causing a DoS Attack (thehackernews.com)

• DDoS attacks shifting to VPS infrastructure for increased power (bleepingcomputer.com)

• DDoS threat report for 2023 Q1 (cloudflare.com)

• DDoS alert traffic reaches record-breaking level of 436 petabits in one day - Help Net Security

• DDoS attacks rise as pro-Russia groups attack Finland, Israel (techrepublic.com)

Internet of Things – IoT

• Printers Pose Persistent Yet Overlooked Threat (darkreading.com)

• There’s a new form of keyless car theft that works in under 2 minutes | Ars Technica

• Special Report: Tesla workers shared sensitive images recorded by customer cars | Reuters

• Default static key in ThingsBoard IoT platform can give attackers admin access | CSO Online

• 5G connections set to rise past 5.9 billion by 2027 - Help Net Security

• New Ultrasonic Acoustic Attack Targeting Microphones and Voice Assistants Gives Remote Access to Most Smart Devices - The Debrief

• Zigbee PRO 2023 introduces new security mechanisms, feature enhancements - Help Net Security

• Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data - SecurityWeek

Data Breaches/Leaks

• Samsung employees unwittingly leaked company secret data by using ChatGPT-Security Affairs

• Cloud accounting firm in a pickle after researchers find admin login data | TechRadar

• Service NSW breach exposes personal data affecting thousands of customers | 7NEWS

• Leaked n documents provide rare window into depth of US intelligence on allies and foes | CNN Politics

• Military Intel Leak Investigated By US Officials (informationsecuritybuzz.com)

• Hyundai data breach exposes owner details in France and Italy (bleepingcomputer.com)

• Over 20,000 Iowa Medicaid Members Affected By Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Criminal businesses adopt corporate behaviour as they grow - Help Net Security

• Seized Genesis malware market's infostealers infected 1.5 million computers | CSO Online

• Breached shutdown sparks migration to ARES data leak forums (bleepingcomputer.com)

• FBI: Crooks posing as PRC agents prey on Chinese in the US • The Register

• 5 Types of Cyber Crime Groups (trendmicro.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Sentiment DeFi Hacker Makes Amends by Returning 90% of Funds (beincrypto.com)

• Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages (thehackernews.com)

• EU-Funded Report Calls for Crypto ID Checks, Police Training to Combat Darknet Markets (coindesk.com)

Insider Risk and Insider Threats

• Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent

• Cyber criminals use simple trick to obtain personal data - Help Net Security

• Nearly Half of Workers Pilfer Former Employers’ Passwords to Access Accounts, Study Says - MSSP Alert

• Insider Threat And Ransomware: A Growing Issue (informationsecuritybuzz.com)

• Building a human firewall to block cyber attacks | McKinsey

• How to Combat Insider Threats-Security Affairs

Fraud, Scams & Financial Crime

• FBI warns of companies exploiting sextortion victims for profit (bleepingcomputer.com)

• Cambodia deports 19 Japanese cyber crime scam suspects | News | Al Jazeera

• ‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)

• When Banking Laws Don't Protect Consumers From Cybertheft (darkreading.com)

• AI clones child’s voice in fake kidnapping scam | The Independent

• Five arrested after 33,000 victims lose $98M to online investment fraud (bleepingcomputer.com)

• Stolen Card Numbers Plummet 94% Globally - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• 3CX confirms North Korean hackers behind supply chain attack (bleepingcomputer.com)

• Capita: IT outsourcer reels from being locked out of its own IT (thetimes.co.uk)

Cloud/SaaS

• Western Digital struggles to fix massive My Cloud outage, offers workaround (bleepingcomputer.com)

• Nation-state actors are taking advantage of weak passwords to go after cloud customers, Google says | CyberScoop

• Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse - SecurityWeek

• How and Why to Put Multicloud to Work (darkreading.com)

• Iranian APT group launches destructive attacks in hybrid Azure AD environments | CSO Online

• Cloud accounting firm in a pickle after researchers find admin login data | TechRadar

• Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments - SecurityWeek

Hybrid/Remote Working

• 4 ways to secure your remote work setup | ZDNET

• Hybrid work environments are stressing CISOs - Help Net Security

• ‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)

Attack Surface Management

• How to Secure Web Applications in a Growing Digital Attack Surface (bleepingcomputer.com)

• The new weakest link in the cyber security chain - Help Net Security

Shadow IT

• How to use a CASB to manage shadow IT | TechTarget

Identity and Access Management

• Identity Management Day: 3 Things MSSPs Need to Know - MSSP Alert

• Centralized vs. decentralized identity management explained | TechTarget

• The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late (thehackernews.com)

Encryption

• The UK government has sparked an encryption row over powers it might never use | Financial Times (ft.com)

• Why the US Needs Quantum-Safe Cryptography Deployed Now (darkreading.com)

API

• How to fix the top 5 API vulnerabilities | TechTarget

• Google launches dependency API and curated package repository with security metadata | CSO Online

• Why Shadow APIs are More Dangerous than You Think (thehackernews.com)

Open Source

• Researchers Uncover 7000 Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Almost Half of Former Employees Say Their Passwords Still Work (darkreading.com)

• LastPass Breach Reveals Important Lessons (darkreading.com)

• Why it's time to move towards a passwordless future - Help Net Security

• AI can crack most password in less than a minute | TechRadar

• How an AI tool could crack your passwords in seconds | ZDNET

• Meet PassGAN, the supposedly “terrifying” AI password cracker that’s mostly hype | Ars Technica

Social Media

• Tech layoffs raise new alarms about how platforms protect users | CNN Business

Malvertising

• Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads (darkreading.com)

Training, Education and Awareness

• How to transform cyber security learning and make content more engaging - Help Net Security

Regulations, Fines and Legislation

• Lagging regulations frustrate protecting data from cyber attacks (themandarin.com.au)

• The UK government has sparked an encryption row over powers it might never use | Financial Times (ft.com)

• Battle could be brewing over new FCC data breach reporting rules | CSO Online

• When Banking Laws Don't Protect Consumers From Cyber Theft (darkreading.com)

Governance, Risk and Compliance

• Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent

• Skyhigh Security Report: 75% of Organizations Have Suffered a Cyber security Breach - MSSP Alert

• Strategising cyber security: Why a risk-based approach is key | World Economic Forum (weforum.org)

• Who should I inform after a data hack? (thetimes.co.uk)

• Two-Fifths of IT Pros Told to Keep Breaches Quiet - Infosecurity Magazine (infosecurity-magazine.com)

• Outcome-based cyber security paves way for organizational goals - Help Net Security

• Why reporting an incident only makes the cyber security community stronger | CSO Online

• 6 common challenges facing cyber security teams and how to overcome them | TechCrunch

• Top 10 Cyber security Trends for 2023: From Zero Trust to Cyber Insurance (thehackernews.com)

• Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert

• Threat hunting programs can save organizations from costly security breaches - Help Net Security

• LastPass Breach Reveals Important Lessons (darkreading.com)

• Gartner: Human-Centric Design Is Top Cyber Security Trend for 2023 (darkreading.com)

Law Enforcement Action and Take Downs

• Seized Genesis malware market's infostealers infected 1.5 million computers | CSO Online

• Spanish cops arrest teenage 'Robin Hood hacker' • The Register

• Australia Is Scouring the Earth for Cyber criminals — the US Should Too (darkreading.com)

• Cambodia deports 19 Japanese cyber crime scam suspects | News | Al Jazeera

• Dutch Police mails RaidForums members to warn they’re being watched (bleepingcomputer.com)

• Five arrested after 33,000 victims lose $98M to online investment fraud (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Tesla Sued Over Workers' Alleged Access to Car Video Imagery - SecurityWeek

• Consumers take data control into their own hands amid rising privacy concerns - Help Net Security

Artificial Intelligence

• 5 ChatGPT security risks in the enterprise | TechTarget

• Samsung employees unwittingly leaked company secret data by using ChatGPT - Security Affairs

• Cyber crime: be careful what you tell your chatbot helper… | Chatbots | The Guardian

• US cyber chiefs warn of threats from China and AI • The Register

• When you're talking to a chatbot, who's listening? | CNN Business

• Bad Actors Will Use Large Language Models — but Defenders Can, Too (darkreading.com)

• Fight AI With AI (darkreading.com)

• American investors shouldn’t be ‘arming the enemy’ by helping China create its own version of OpenAI, warns top VC Keith Rabois (yahoo.com)

• GPT-4 tried to escape into the internet today and it ‘almost worked’ | by Cezary Gesikowski | Mar, 2023 | Bootcamp (uxdesign.cc)

• It sounds like science fiction but it’s not: AI can financially destroy your business | Gene Marks | The Guardian

• AI can crack most password in less than a minute | TechRadar

• ‘Overemployed’ Hustlers Exploit ChatGPT To Take On Even More Full-Time Jobs (vice.com)

• AI clones child’s voice in fake kidnapping scam | The Independent

• European privacy watchdog creates ChatGPT task force | Reuters

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian hackers linked to widespread attacks targeting NATO and EU (bleepingcomputer.com)

• NTC Vulkan leak shows evolving Russian cyberwar capabilities | CSO Online

• What we know about Russian hackers — and how to stop them — after a year of cyberwar in Ukraine | CyberScoop

• The Discord servers at the center of a massive US intelligence leak | CyberScoop

• Cisco trashed offices and destroyed spares as it quit Russia • The Register

• Another zero-click Apple spyware biz shows up in town again • The Register

• Ukrainian hackers spend $25,000 of pro-Russian blogger's money on sex toys (bitdefender.com)

• DDoS attacks rise as pro-Russia groups attack Finland, Israel (techrepublic.com)

• Russian Hacker Group Zarya Hit Canadian Pipeline—Leaked Docs (gizmodo.com)

• Experts warn of new spyware threat targeting journalists and political figures | Hacking | The Guardian

• Russia's Joker DPR Claims Access to Ukraine Troop Movement Data (darkreading.com)

• Spyware Offered to Cyber attackers via PyPI Python Repository (darkreading.com)

• Russian hackers ‘target security cameras inside Ukraine coffee shops’ | Ukraine | The Guardian

• Russian attacks on Ukrainian infrastructure cause internet outages, cutting off a valuable wartime tool | CyberScoop

• Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit (thehackernews.com)

Nation State Actors

• Russia-linked APT29 is behind recent attacks targeting NATO and EU-Security Affairs

• North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack (thehackernews.com)

• Nation-state actors are taking advantage of weak passwords to go after cloud customers, Google says | CyberScoop

• Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise (thehackernews.com)

• US cyber chiefs warn of threats from China and AI • The Register

• Ukrainian hackers spend $25,000 of pro-Russian blogger's money on sex toys (bitdefender.com)

• American investors shouldn’t be ‘arming the enemy’ by helping China create its own version of OpenAI, warns top VC Keith Rabois (yahoo.com)

• Google is on a crusade against cyber security threats from North Korea | TechRadar

• Russian Hacker Group Zarya Hit Canadian Pipeline—Leaked Docs (gizmodo.com)

• Iranian APT group launches destructive attacks in hybrid Azure AD environments | CSO Online

• Leaked US. assessment includes warning about Russian hackers accessing sensitive infrastructure (nbcnews.com)

• FBI: Crooks posing as PRC agents prey on Chinese in the US • The Register

• Lazarus Group's DeathNote Campaign Reveals Shift in Targets - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Eliminating 2% of Exposures Could Protect 90% of Critical Assets - Infosecurity Magazine (infosecurity-magazine.com)

• Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert

• Ransomware gangs increasingly deploy zero-days to maximize attacks | CyberScoop

• Google Launches New Cyber security Initiatives to Strengthen Vulnerability Management (thehackernews.com)

Vulnerabilities

• Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit (thehackernews.com)

• Windows admins warned to patch critical MSMQ QueueJumper bug (bleepingcomputer.com)

• Nokoyawa ransomware attacks with Windows zero-day | Securelist

• Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly

• Apple issues emergency patches for spyware-style 0-day exploits – update now! – Naked Security (sophos.com)

• 1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs (darkreading.com)

• Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance - SecurityWeek

• Cisco Patches Code and Command Execution Vulnerabilities in Several Products - SecurityWeek

• CISA orders agencies to patch Backup Exec bugs used by ransomware gang (bleepingcomputer.com)

• CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

• Data-leak flaw in Qualcomm, HiSilicon-based Wi-Fi AP chips • The Register

• Twitter 'Shadow Ban' Bug Gets Official CVE (darkreading.com)

• Exploit available for critical bug in VM2 JavaScript sandbox library (bleepingcomputer.com)

• Microsoft finally gets around to fixing half-decade-old Firefox CPU bug | TechRadar

• SAP releases security updates for two critical-severity flaws (bleepingcomputer.com)

• Adobe Plugs Gaping Security Holes in Reader, Acrobat - SecurityWeek

• Limit Login Attempts Plugin Patches Severe Unauthenticated Stored XSS Vulnerability – WP Tavern

• Fortinet Patches Critical Vulnerability in Data Analytics Solution - SecurityWeek

• How Microsoft’s Shared Key authorization can be abused and how to fix it | CSO Online

• Microsoft shares fix for Outlook issue blocking access to emails (bleepingcomputer.com)

• Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data - SecurityWeek

Tools and Controls

• Threat hunting programs can save organizations from costly security breaches - Help Net Security

• Stopping criminals from abusing security tools - Microsoft On the Issues

• Most Security Exposures Do Not Put Organizations' Critical Assets At Risk, Study Shows - MSSP Alert

• LastPass Breach Reveals Important Lessons (darkreading.com)

• The Pope's Security Gets a Boost With Vatican's MDM Move (darkreading.com)

• Bad Actors Will Use Large Language Models — but Defenders Can, Too (darkreading.com)

• Fight AI With AI (darkreading.com)

• Cyber crime: be careful what you tell your chatbot helper… | Chatbots | The Guardian

• Detailed Analysis Of The Best Password Managers In 2023 (informationsecuritybuzz.com)

• How CIEM Can Improve Identity, Permissions Management for Multicloud Deployments (darkreading.com)

• SD-WAN vs. VPN: How do they compare? | TechTarget

• Centralized vs. decentralized identity management explained | TechTarget

• The Service Accounts Challenge: Can't See or Secure Them Until It's Too Late (thehackernews.com)

• What is an Intrusion Prevention System (IPS)? (techtarget.com)

• Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments - SecurityWeek

• How to Secure Web Applications in a Growing Digital Attack Surface (bleepingcomputer.com)

• 4 strategies to help reduce the risk of DNS tunnelling | CSO Online

Reports Published in the Last Week

• DDoS threat report for 2023 Q1 (cloudflare.com)

Other News

• MSI Confirms Cyber Attack, Issues Firmware Download Guidance - SecurityWeek

• Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign - Microsoft Security Blog

• 1M+ WordPress Sites Hacked via Zero-Day Plug-in Bugs (darkreading.com)

• Western Digital restores service; attack details remain unclear | TechTarget

• 5 tips for tackling technical debt | CIO

• The Internet Reform Trilemma (darkreading.com)

• Rapid7 Has Good News for UK Security Posture - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.