Black Arrow Cyber Threat Briefing 28 June 2024

30 Jun

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Attacks on The Rise with Financial Sector a Top Target, Report Reveals

A recent report from BlackBerry reveals the financial sector faces significant cyber threats, with 40% of attacks on critical infrastructure targeting financial firms. In Q1 2024 alone, BlackBerry's cyber security solutions intercepted 3.1 million attacks, averaging 37,000 daily. Commercial enterprises saw a 3% rise in threats, now constituting 36% of all attacks. Unique malware is increasing, highlighting the need for updated defences. The report underscores the high motivation of threat actors, particularly in a year marked by geopolitical tensions and major global events like the Olympics.

Cloud Resources Have Become Biggest Targets for Cyber Attacks, Finds Thales

A recent report indicates that cloud security spending has surpassed all other security categories, driven by the sensitivity of nearly 47% of corporate data stored in the cloud. With 44% of participating organisations experiencing a cloud data breach, including 14% experiencing one in the past year, protecting cloud environments has become a top priority. Human error and misconfiguration are the leading causes of these breaches, accounting for 31%. Exploitation of known vulnerabilities accounts for 28% of breaches, while zero-day vulnerabilities account for 24%. The report also highlights that 66% of organisations use over 25 software as a service (SaaS) applications, yet less than 10% encrypt the majority of their sensitive cloud data. Digital sovereignty initiatives are recognised by 31% of organisations as crucial for future-proofing cloud environments.

Hackers Grow More Sinister and Brazen in Hunt for Bigger Ransoms

A recent surge in aggressive extortion tactics by cybercrime groups has led to severe disruptions, with a London hospital hack exposing hundreds of millions of health records and causing critical cancer treatment delays. In North America, attackers attempted to auction customer data of LendingTree Inc., gained by leveraging credentials from another breach. Meanwhile, car-dealership software provider CDK Global faced repeated attacks. These incidents illustrate the growing boldness of cyber criminals, who are increasingly using advanced technology to pressure major companies.

1 Out of 3 Breaches Go Undetected

A recent report by Gigamon highlights the increasing challenge organisations face in detecting breaches, with over 65% of respondents indicating that current security solutions are ineffective. Complexity in hybrid cloud environments is a significant factor, with 83% of IT leaders acknowledging it raises cyber risks. Despite a projected global information security spend of $215 billion in 2024, only 54% feel well-prepared for unauthorised access. Notably, 31% of breaches were only detected after receiving extortion threats, and 25% of organisations failed to identify the breach's root cause.

Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organisations Experience Cyber Breaches and Incidents

A recent report by Optiv, based on a Ponemon Institute survey, reveals a 59% increase in cyber budgets year-over-year, with organisations with over 5,000 users allocating an average of $26 million to cyber security in 2024. Despite these investments, 61% of respondents experienced a data breach or cyber security incident in the past two years. The report highlights that 40% of organisations feel overwhelmed by too many security tools, suggesting a need for streamlined technology integration. Key investment areas include internal security assessments (60%) and identity and access management (58%). The adoption of security orchestration technology is on the rise, with 73% using it to automate incident responses.

Why Are Threat Actors Faking Data Breaches?

A recent incident involving Europcar revealed hackers selling fake data on its 50 million customers, likely generated using AI. This trend of faking data breaches is driven by financial gain, notoriety, and attempts to distract or harm a company's reputation. For example, a Russian hacking group falsely claimed to have breached Epic Games to gain visibility, and a ransomware group falsely claimed to have breached Sony, causing reputational damage. Companies are advised to proactively monitor the dark web, compare leaked datasets with previous breaches, and deploy canary tokens to authenticate breach claims, while adopting integrated security models to enhance threat detection.

China-Sponsored Attackers Target 40K Corporate Users in 90 Days

A recent report by Menlo Security has identified three sophisticated credential-phishing campaigns, compromising over 40,000 corporate users, including executives, in just three months. Named LegalQloud, Eqooqp, and Boomer, these state-sponsored attacks use advanced techniques to bypass security controls like MFA and URL filtering. The campaigns have targeted more than 3,000 domains across various industries, with six out of ten malicious links evading detection. Researchers link these campaigns to China-sponsored threat actors, highlighting the evolving and aggressive tactics used in cyber espionage. This underscores the need for organisations to continually adapt their cyber security strategies.

Cyber Security Neglect: The Silent Killer of Businesses

A recent report underscores the hidden dangers of cyber security neglect, highlighting that such oversight can lead to catastrophic data breaches and financial ruin. IBM's 2023 Cost of a Data Breach Report indicates an average cost of $4.45 million per breach, impacting legal fees, lost business, and increased insurance premiums. Common red flags include outdated security protocols, lack of employee training, and inadequate incident response plans. Businesses must adopt a proactive approach with regular security audits, updated security measures, and comprehensive incident response plans to mitigate these risks and safeguard their operations.

Third of Organisations Have Suffered Three or More Data Breaches in the Last 24 Months

New research reveals that 50% of IT professionals are unaware of all devices connected to their network, despite nearly 60% acknowledging these insecure devices pose a significant risk. The survey of 250 IT professionals also found that over two-thirds of organisations experienced three or more data breaches in the past 24 months, with 20% taking more than five days to detect a breach. This delay increases potential damage from attacks. The report underscores the need for robust security protocols, automated network scanning tools, and continuous investment in security solutions to mitigate cyber threats and protect critical assets.

75% of New Vulnerabilities Exploited Within 19 Days

A recent report by Skybox Security highlights the urgent need for improved vulnerability management, revealing over 30,000 new vulnerabilities were published last year, averaging one every 17 minutes. Despite this surge, the average time to patch vulnerabilities exceeds 100 days, while 75% of new vulnerabilities are exploited within just 19 days. The United States National Vulnerability Database recorded a 17% increase in vulnerabilities year-over-year, with half classified as high or critical. The report underscores the necessity for continuous exposure management and modern mitigation strategies to protect against the rapid exploitation of vulnerabilities, with 25% being exploited on the same day of discovery.

It’s a Hard Time to Be a CISO. Transformational Leadership is More Important Than Ever.

A recent report highlights the challenging landscape for modern CISOs, exacerbated by evolving cyber threats and a global shortage of staff and skills. Heightened regulatory pressures and landmark cases, such as those involving Uber and SolarWinds, underscore the critical need for robust cyber security strategies and compliance across the c-suite and board. Stress and burnout are significant issues, with 94% of CISOs reporting work-related stress and 74% leaving their jobs in 2022 due to it. Gartner predicts up to 50% of security leaders will change jobs by 2025. To mitigate these challenges, CISOs must adopt transformational leadership to enhance organisational and personal resilience.

Tackling The Role Human Error Plays in Data Breaches

A recent report by Thales reveals that human error remains a significant cause of cloud data breaches, with 22% of IT professionals identifying it as the most concerning threat and 74% considering it a key priority. Over the past three years, human error has consistently ranked as a leading source of cyber attacks for enterprises.

Given the likelihood of cyber attacks, businesses must prioritise mitigating human-related risks. This includes comprehensive employee training, robust security protocols, and continuous monitoring to safeguard IT infrastructure and ensure organisational resilience against cyber threats.

Sources:

https://www.investmentnews.com/industry-news/news/cyberattacks-on-the-rise-with-financial-sector-a-top-target-report-reveals-254752

https://www.thalesgroup.com/en/worldwide/defence-and-security/press_release/cloud-resources-have-become-biggest-targets

https://www.infosecurity-magazine.com/news/cloud-breaches-half-organizations/

https://www.bloomberg.com/news/articles/2024-06-26/hackers-grow-more-sinister-and-brazen-in-hunt-for-bigger-ransoms

https://www.helpnetsecurity.com/2024/06/24/detecting-breaches-struggle-in-organizations/

https://www.darkreading.com/cybersecurity-operations/optiv-report-shows-nearly-60-increase-in-security-budgets-as-most-organizations-report-cyber-breaches-and-incidents

https://www.helpnetsecurity.com/2024/06/24/faking-data-breaches/

https://www.darkreading.com/threat-intelligence/china-sponsored-attackers-40k-corporate-users

https://hackernoon.com/cybersecurity-neglect-the-silent-killer-of-businesses

https://www.itsecurityguru.org/2024/06/27/third-of-organisations-have-suffered-three-or-more-data-breaches-in-the-last-24-months/

https://www.helpnetsecurity.com/2024/06/27/nvd-vulnerabilities/

https://securityboulevard.com/2024/06/its-a-hard-time-to-be-a-ciso-transformational-leadership-is-more-important-than-ever/

https://www.techradar.com/pro/tackling-the-role-human-error-plays-in-data-breaches

Governance, Risk and Compliance

It’s a Hard Time to Be a CISO. Transformational Leadership is More Important Than Ever. - Security Boulevard

The NYSE's $10M Wake-up Call (darkreading.com)

Cyber Attacks on the rise with financial sector a top target, report reveals (investmentnews.com)

Cyber security Neglect: The Silent Killer of Businesses | HackerNoon

Organisations with outdated security approaches getting hammered: Cloudflare | CSO Online

Today's Most Overlooked Mergers and Acquisitions Cyber Security and Compliance Risks | Inc.com

New cyber threat research for SMB in 2024 | Securelist

Nearly half of cyber professionals do not have the budget for adequate protection – Coalition | Insurance Times

Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organisations Report Cyber Breaches and Incidents (darkreading.com)

Building a culture of security is everyone’s responsibility - Raconteur

Small Businesses Taking Proactive Steps to Prevent Cyber Attacks (smallbiztrends.com)

Is Defence Winning? A Look at Decades of Playing Catch Up (darkreading.com)

Working with a cyber security committee of the board | Microsoft Security Blog

CISOs Reveal Firms Prioritize Savings Over Long-Term Security - Infosecurity Magazine (infosecurity-magazine.com)

CISOs becoming more comfortable with risk levels - Help Net Security

Inside the Mind of a CISO: Survey and Analysis - SecurityWeek

CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed (darkreading.com)

Some strategies for CISOs freaked out by the specter of federal indictments | CSO Online

The challenges in maintaining effective cyber security (securitybrief.co.nz)

A proactive cyber security policy is not just smart — it’s essential (securityintelligence.com)

The cyber attacks which could wipe your business out | BelfastTelegraph.co.uk

Global business leaders are optimistic about growth and focused on cyber security, AI, sustainability, brand image and international outlook (cnn.com)

Evaluating crisis experience in CISO hiring: What to look for and look out for | CSO Online

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Cyber operations create additional risks for people’s security and well-being | ICRC

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

Future trends in cyber warfare: Predictions for AI integration and space-based operations - Help Net Security

US military project aims to prevent hackers targeting satellites and recognises rising threat of cyber attacks in space (theconversation.com)

Nation State Actors

China

China-Sponsored Attackers Target 40K Corporate Users in 90 Days (darkreading.com)

China-Russia alignment: a threat to Europe's security | Merics

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

'SneakyChef' APT Slices Up Foreign Affairs With SugarGh0st (darkreading.com)

Chinese hackers have stepped up attacks on Taiwanese organisations, cyber security firm says (yahoo.com)

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign (thehackernews.com)

Protecting America’s cyber security demands showing our teeth | CyberScoop

Chinese Cyber Spies Employ Ransomware in Attacks for Diversion (bleepingcomputer.com)

Beyond TikTok: Navigating the cyber security landscape of tomorrow (federaltimes.com)

China-Linked Espionage Groups Target Asian Telecoms (darkreading.com)

Chinese Hackers Have Stepped Up Attacks on Taiwanese Organisations, Cyber Security Firm Says - SecurityWeek

18,000 cyber security attacks reported to Hong Kong police in 3 months | South China Morning Post (scmp.com)

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack (thehackernews.com)

Russia

Microsoft Tells More Clients Russian Hackers Viewed Emails (2) (bloomberglaw.com)

China-Russia alignment: a threat to Europe's security | Merics

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

US Treasury Sanctions 12 Kaspersky Executives Amid Software Ban (thehackernews.com)

Why Russia Is Facing a Crime Wave When War on Ukraine Ends - Bloomberg

Russian soldiers returning home are sending crime higher | Fortune

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (thehackernews.com)

European Union Sanctions Russian State Hackers (govinfosecurity.com)

Protecting America’s cyber security demands showing our teeth | CyberScoop

Russian used US systems for pre-invasion attack on Ukraine, US says - Defense One

UK government weighs action against Russian hackers over NHS records theft | NHS | The Guardian

Evolve Bank & Trust Confirms Data Was Stolen in Cyber Attack (claimsjournal.com)

Cyber attacks on healthcare: Russia’s tool for mass disruption - Medical Device Network (medicaldevice-network.com)

Russian national indicted for role in cyber attacks on Ukraine | CyberScoop

Russian Charged With Ukrainian Cyber Attack Before Invasion - Law360

Ukraine war briefing: US charges Russian with conspiring to destroy Kyiv computer systems | Ukraine | The Guardian

Kaspersky Denies Security Risk, After US Sales Ban | Silicon UK

The US bans Kaspersky products, citing security risks - what this means for you | ZDNET

US Bans Kaspersky Over Alleged Kremlin Links - Infosecurity Magazine (infosecurity-magazine.com)

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor (thehackernews.com)

FBI joins hunt for hackers who stole NHS records (thetimes.com)

HUR Cyber Attack Hits Russian Internet Providers in Occupied Crimea (kyivpost.com)

Evolve Bank caught up in latest Russia-linked cyber attacks (paymentexpert.com)

North Korea

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (thehackernews.com)

Protecting America’s cyber security demands showing our teeth | CyberScoop

Cyber operations create additional risks for people’s security and well-being | ICRC

Suspected North Korean Attack Drains $2m from CoinStats Wallets - Infosecurity Magazine (infosecurity-magazine.com)

Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets - SecurityWeek

CoinStats says North Korean hackers breached 1,590 crypto wallets (bleepingcomputer.com)

Tools and Controls

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

Recovery costs of cyber attacks outpacing insurance – Sophos | Insurance Times

Four steps to build cyber resilience in the public sector | TechRadar

US bans Kaspersky and hands out sanctions to execs — 100 days until class-leading antivirus ban takes effect | Tom's Hardware (tomshardware.com)

Conditional Access - The ultimate starter guide (oceanleaf.ch)

Hybrid work prompts spike in network security threats | Computer Weekly

Why immutable data storage is key to cyber security strategy | TechRadar

What Application Security Within Shadow IT Looks Like (darkreading.com)

Cyber cover still seen as “nice to have” despite threats (emergingrisks.co.uk)

76% of Companies Improved Their Cyber Defences to Qualify (globenewswire.com)

Nearly half of cyber professionals do not have the budget for adequate protection – Coalition | Insurance Times

DMARC: Why It's Moving from a Best Practice to Must-Have | Proofpoint US

UK midsize firms wary of cyber insurance: Coalition - Reinsurance News

IT Leaders Are Fifty-Fifty on Using GenAI For Cyber Security - Infosecurity Magazine (infosecurity-magazine.com)

Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organisations Report Cyber Breaches and Incidents (darkreading.com)

The four phases of emergency management | TechTarget

CISOs Reveal Firms Prioritize Savings Over Long-Term Security - Infosecurity Magazine (infosecurity-magazine.com)

How are cyber insurance claims shaping up for 2024? | Insurance Business America (insurancebusinessmag.com)

CISOs becoming more comfortable with risk levels - Help Net Security

CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed (darkreading.com)

Crafting a Robust Cloud Security Strategy in 2024 | MSSP Alert

US businesses struggle to obtain cyber insurance, lawmakers are told | CyberScoop

Cisco's enterprise firewall receives ‘caution’ rating from CyberRatings - SDxCentral

A proactive cyber security policy is not just smart — it’s essential (securityintelligence.com)

The dos and don’ts of gamified cyber security training - Security Boulevard

Benefits of dark web monitoring (techtarget.com)

Google's Naptime Framework to Boost Vulnerability Research with AI - Infosecurity Magazine (infosecurity-magazine.com)

A Watershed Moment for Threat Detection and Response (darkreading.com)

Creating a proactive incident response plan | Microsoft Security Blog

Building an incident response strategy in 2024 | ITPro

Conducting a Comprehensive Security Posture Assessment in 2024 (att.com)

Best practices for protection from ransomware in cloud storage | TechTarget

How to construct a cyber security policy that sits alongside AI (architecture.com)

Meet the Ransomware Negotiators (darkreading.com)

Cyber Security Report Examples (3 Common Styles) | UpGuard

Other News

We analysed the entire web and found a cyber security threat lurking in plain sight (theconversation.com)

UK's largest nuclear site denies being hacked but pleads guilty over cyber security failures (therecord.media)

Post Office expert IT witness Gareth Jenkins resigns BCS membership | Computer Weekly

Cyber Attacks: An Unseen State Of Emergency In Healthcare (forbes.com)

New cyber threat research for SMB in 2024 | Securelist

Is Defence Winning? A Look at Decades of Playing Catch Up (darkreading.com)

Beat the Heat and Cyber Threats this Summer | MSSP Alert

Cyber Europe 2024 tests resilience of EU Energy Sector (techmonitor.ai)

Hijacked spacecraft, hacked life support systems: the cyber risks of space | Cybernews

New Trends in Maritime Cyber Security in 2024 (maritime-executive.com)

Estimated cyber crime up almost 120 per cent in four years | The Herald (heraldscotland.com)

Japan's space agency struck by multiple cyber attacks, but officials say no sensitive data was taken - Washington Times

Windows 10 will get five years of additional support thanks to 0patch - Neowin

Cracking down on cybercrime: Who you gonna call? - Help Net Security

Inmarsat Maritime Whitepaper Recommends Holistic Approach To Cyber Security Ahead Of New Iacs Requirements (gcaptain.com)

Chemical Facilities Told of Possible Data Exfiltration in CISA Breach - Infosecurity Magazine (infosecurity-magazine.com)

Why cyber attack cases against journalists are increasing | WKMS

Securing the skies: IBS Software’s Alex Haynes on cyber security in air travel - Airport Technology (airport-technology.com)

Japan's Space Agency Was Hit by Multiple Cyber Attacks, but Officials Say No Sensitive Data Was Taken - SecurityWeek

How to navigate retail’s changing cyber threats | Retail Technology Review

Cyber Threats in Construction and Manufacturing: Securing your Organisation (att.com)

Cyber security for schools: What you need to know | Edexec

Nine ways construction companies can modernize and mitigate cyber risks | SC Media (scmagazine.com)

Vulnerability Management

75% of new vulnerabilities exploited within 19 days - Help Net Security

Google's Naptime Framework to Boost Vulnerability Research with AI - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerabilities

MOVEit Transfer Flaws Push Security Defence Into a Race With Attackers (darkreading.com)

Phoenix UEFI bug affects long list of Intel chip families • The Register

New attack uses MSC files and Windows XSS flaw to breach networks (bleepingcomputer.com)

Fresh MOVEit Bug Under Attack Mere Hours After Disclosure (darkreading.com)

VMware ESXi Flaw Allows Attackers to Bypass Authentication (cybersecuritynews.com)

MoveIt Transfer vulnerability targeted amid disclosure drama | TechTarget

New MOVEit Transfer critical bug is actively exploited (securityaffairs.com)

ESET Security Products - Windows Vulnerable Privilege Escalation (cybersecuritynews.com)

Chrome 126 Update Patches Memory Safety Bugs - SecurityWeek

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts (thehackernews.com)

US government tells some Pixel users to update their phones in 10 days or stop using them - PhoneArena

Plugins on WordPress.org backdoored in supply chain attack (bleepingcomputer.com)

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping (thehackernews.com)

Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released (bleepingcomputer.com)

WordPress Fights Off Malware Attack, 5 Plugins Infected | MSSP Alert

GitLab Security Updates Patch 14 Vulnerabilities - SecurityWeek

Windows 10 will get five years of additional support thanks to 0patch - Neowin

'Mirai-like' botnet observed attacking EOL Zyxel NAS devices • The Register

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin

Black Arrow Cyber Threat Briefing 28 June 2024

Top Cyber Stories of the Last Week

Cyber Attacks on The Rise with Financial Sector a Top Target, Report Reveals

Cloud Resources Have Become Biggest Targets for Cyber Attacks, Finds Thales

Hackers Grow More Sinister and Brazen in Hunt for Bigger Ransoms

1 Out of 3 Breaches Go Undetected

Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organisations Experience Cyber Breaches and Incidents

Why Are Threat Actors Faking Data Breaches?

China-Sponsored Attackers Target 40K Corporate Users in 90 Days

Cyber Security Neglect: The Silent Killer of Businesses

Third of Organisations Have Suffered Three or More Data Breaches in the Last 24 Months

75% of New Vulnerabilities Exploited Within 19 Days

It’s a Hard Time to Be a CISO. Transformational Leadership is More Important Than Ever.

Tackling The Role Human Error Plays in Data Breaches

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

North Korea

Tools and Controls

Other News

Vulnerability Management

Vulnerabilities

Sector Specific

Black Arrow Cyber Advisory 02 July 2024 – Critical Vulnerabilities identified in OpenSSH, Juniper, and Apple App Development Supply Chain

Black Arrow Cyber Threat Briefing 21 June 2024