This is an update following the 19 July Critical Citrix ADC and Gateway flaw actively exploited advisory by Black Arrow.

Executive Summary

Following the previous advisory on the Citrix Netscaler ADC vulnerability (CVE-2023-3519), the NCC Group has identified that as of 14 August, 1828 Citrix NetScaler servers remain compromised or ‘backdoored’ by attackers. Approximately 69% of the servers that contain a backdoor have been updated to remediate the vulnerability and are no longer vulnerable to CVE-2023-3519. This means that the affected systems were compromised by a malicious actor prior to the updates being applied, allowing the malicious actor to establish persistent access to the systems even after the vulnerability has been remediated.

What’s the risk to me or my business?

Successful exploitation of the vulnerability prior to updating would allow an attacker to perform arbitrary code execution with administrator privileges. The main attack campaign is believed to have taken place between late 20 July to early 21 July. If updates were not applied to affected and vulnerable systems prior to this date, exploitation may have already taken place.

Further information on the vulnerability can be found on our previous advisory linked below.

What can I do?

If you have not already updated to a Citrix version that resolves this vulnerability, Black Arrow recommends applying these updates urgently. All affected systems, updated and vulnerable, should be scanned for indicators of compromise (IoC), Mandiant have released a tool that can help organisations to scan their Citrix devices for evidence of post-exploitation indicators. If IoC’s are identified, then forensic data should be secured by taking a copy of both the disk and the memory of the appliance before any remediation or investigative actions are completed. If evidence of persistence such as a webshell is found, then this should be investigated through threat hunting techniques to establish the extent of the incident whilst conducting containment and remediation activities.

More information on the NetScaler vulnerability:

https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

Information on the Mandiant Tool:

https://github.com/mandiant/citrix-ioc-scanner-cve-2023-3519

Further information on the study of the exploited devices:

https://research.nccgroup.com/2023/08/15/approximately-2000-citrix-netscalers-backdoored-in-mass-exploitation-campaign/

Previous Advisory: https://www.blackarrowcyber.com/blog/advisory-19-july-2023-citrix-vulns-exploited

Artificial Intelligence (AI) has unlocked countless doors to innovation, paving the way for unprecedented efficiency, automation, and business intelligence in organisations globally. However, the AI we so keenly herald as a catalyst for advancement is not without its dangers. From a cyber security perspective, the risks associated with AI, particularly those concerning insider threats and AI-driven attacks, are of increasing concern.

Consider the potential of AI in the wrong hands

Threat actors leverage AI to enhance their illicit activities. Sophisticated cyber attacks, traditionally relegated to a small number of skilled and capable individuals or groups, could be automated and exponentially expanded in scale. The very virtues that make AI so appealing to businesses - scalability, adaptability, and autonomy - are transformed into threats by attackers to harm those same businesses as well as individuals. A cyber attacker utilising AI tools could easily automate processes like social engineering attacks, identifying system vulnerabilities, or developing advanced malware that adapts to today’s countermeasures.

AI has catapulted the capabilities of attackers

Reflect on the MOVEit scandal this summer that has impacted tens of millions of individuals globally. In May this year, the Russian-based CL0P ransomware gang exploited a previously undiscovered vulnerability in the popular file transfer platform called MOVEit. The platform is a component of the supply chain that is used by many companies, paradoxically to keep their documents secure from unauthorised access. Nonetheless, the attackers managed to break into MOVEit in different organisations to harvest the information within it, or use that access as a door to other parts of the target’s systems. So far, the compromise has claimed sensitive data from at least 230 firms across the world, from government and education to transport and finance including Ernst & Young, British Airways, the BBC and Tesco Bank. The heist undoubtedly took significant skill and expertise to accomplish, and highlights the need to manage the security within the chain of organisations and systems that are connected across borders and sectors.

Now, imagine what happens when attackers conduct these kinds of attacks by levering the power and creativity of AI. Attackers are constantly probing and identifying novel methods of attack, to swiftly bypass existing security measures and evade detection. With AI, attackers are already sending out seemingly flawless phishing messages to successfully break into systems through people, and will soon attack technology systems using AI in sophisticated ways at a rate that humans cannot possibly keep pace with.

Poisoning the AI data pool

Beyond harnessing AI for malicious intent, threat actors could exploit AI systems' inherent vulnerabilities. One alarming method is adversarial machine learning; this is a technique wherein 'poisoned' data is used to manipulate AI algorithms. In a cyber security context, attackers could intentionally feed misleading data into AI security systems, causing them to overlook genuine threats or behave unpredictably. People may be inclined to trust the output of AI making autonomous decisions, because they do not believe that malicious or false information could have been added into the source data.

AI models used in sensitive sectors like healthcare, finance, or defence are an attractive target for intellectual property theft. The very algorithms that drive insights, predictions, and automated decisions could be stolen, reverse-engineered, or used maliciously. The successful theft of an AI model could cause extensive financial loss, and potentially even endanger national security.

Insider threats

The realm of insider threats is yet another frontier where AI's risk factors come to the fore. Consider the rise of powerful language models like ChatGPT, that must be handled with care in organisations because sometimes, employees unwittingly become a threat.

Samsung reported that their staff had leaked sensitive proprietary information by inputting it into such models. Many organisations such as Amazon and Apple have already banned their employees from using publicly accessible generative AI systems like ChatGPT, and have instead provided their own private alternatives for internal use.

How to protect your organisation

Mitigating the dangers of AI requires a two-pronged approach. First, robust AI governance is needed at a national and international level. Governments must implement ethical guidelines, transparency measures, and regulation; however, these measures are unlikely to be implemented at a pace that matches the development and adoption of AI. Secondly, organisations must themselves immediately begin to foster a culture of AI and cyber security awareness among their employees. Clear communication about the capabilities and potential dangers of AI, coupled with training employees to recognise AI-enhanced threats and implementing strong cyber security controls across people, operations and technology can all help in this endeavour.

The advent of AI has ushered in a new era of previously unimaginable benefits, and risks. From AI-driven cyber attacks to the dangers posed by employee use, the threats are real and rapidly evolving. As organisations increasingly and inevitably adopt AI, they must stay vigilant to these threats and proactively invest in robust cyber security measures to safeguard against them. The reality of AI and cyber security is a delicate balancing act that we are all learning as we leverage those benefits while mitigating the risks.

Contact us to discuss how to embrace AI and manage the risks to your organisation

An increasing number of organisations are contacting us to take advantage of our expertise and advice on how they can benefit from AI while managing the complex risks. Contact us today to discuss how we can help you assess and govern the risks though cyber security controls across people, operations and technology.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices

Newly released research found that 75% of organisations worldwide are currently implementing or considering bans on ChatGPT and other generative Artificial Intelligence (AI) applications within the workplace, with 61% stating that it will be a long term or permanent solution. Despite this, the majority recognised the opportunity such applications bring to the workplace, with 55% believing it would increase efficiency. All in all, 81% remained in favour of AI, highlighting that whilst organisations see the benefit, they are not ready to take the plunge for fear of being caught flat-footed.

Many organisations may simply not have the expertise-in house or confidence to employ AI effectively. These organisations lack an effective AI management plan, which governs the usage of AI in the corporate environment, rather than banning it outright. By having a clear-set AI plan, organisations can use AI to improve their efficiency, whilst maintaining cyber resilience. An increasing number of organisations have approached us at Black Arrow to discuss how to embrace AI securely; contact us to see how we can help you.

Source: [Dark Reading]

How an Eight-Character Password Could be Cracked in Just a Few Minutes

Strong and complex passwords are necessary to protect online accounts and data from cyber criminals. Complex passwords typically use lowercase and uppercase characters, numbers, and special characters. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems. The report found that a complex password of eight characters can be cracked in only five minutes, and other weaker or shorter passwords are cracked instantly. However, passwords that have a greater number of characters are less vulnerable: for example an 18 character password, even if only lowercase letters, would take 481,000 years for a computer to crack.

Since creating and remembering multiple complex and lengthy passwords on your own is impossible, a password manager is your best bet. By using a password manager for yourself or within your organisation, you can generate, store and apply strong passwords for websites and online accounts.

Source: [Techrepublic]

Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits

The number of organisations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities to break into target networks.

In many of these attacks, threat actors did not bother to encrypt data belonging to victim organisations. Instead, they focused solely on stealing their sensitive data and extorting victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner; this highlights the need for organisations to be able to detect and ideally block anomalous exfiltration of data, and have effective and rehearsed incident response plans to address the concept of pure exfiltration, because having backups is not enough.

The costs of these types of controls continue to fall making them viable for even smaller businesses. Without tools like Managed Detection and Response (MDR) and Data Loss Prevention (DLP), attacks of this nature cannot be detected until it is too late to do anything to stop them.

Source: [Dark Reading]

How Executives’ Personal Devices Threaten Business Security

Individuals, including executives, are considered a major target for cyber attacks. Motivated attackers know the right individual people they want to go after to achieve their larger organisational goal, and they’ll use any means necessary to be successful.

A recent report found that most executives are using their personal devices for work, creating a “backdoor” for cyber criminals to access large organisations. 50% of executive respondents reported receiving work-related scams in their personal emails.

Personal device use can be effective for organisations, however they need to implement an effective bring-your-own-device (BYOD) procedure and provide employees, including executives, with frequent user awareness and education training. All users at all levels within an organisation need to understand the risks, and importantly the role they play in keeping the organisation secure.

Sources: [Help Net Security] [Security Affairs]

77% of Financial Firms Saw an Increase in Cyber Attack Frequency

According a recent report on the financial services sector, 77% of firms reported an increase in attack frequency, and 87% said attacks were more severe. These firms unanimously said they would look to outsource their cyber security programs to third-party providers to shore up their cyber defences. Among the respondents, firms need to protect hybrid work environments (62%), consolidate cyber security and managed IT services (41%) and tap industry-specific and regulatory expertise (33%).

Source: [SecurityMagazine]

Protecting Against Sophisticated Cyber Attacks Requires Layered Defences

Faced with an influx of sophisticated cyber threats, including usage of AI to further enhance the efficacy of social engineering attacks, and the growth of both malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS), it is critical for organisations to invest in layered security defences.

Services like managed detection and response (MDR) are integral to monitoring, investigating and responding to threats in real time. But without a strong and comprehensive foundational cyber security posture, managed services alone cannot effectively mitigate threats. To ensure comprehensive defences against emerging threats, organisations must prioritise proactive measures that can stop attacks before they even start. As adversaries continue to refine their attack techniques, layered protection that covers every stage in the attack chain becomes imperative.

Source: [Forbes]

Managing Human Cyber Risks Matters Now More Than Ever

As artificial intelligence (AI) amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital, according to the SANS Institute. It makes sense as no matter the technological advancement, the human element has always been a point of entry for attackers.

A recent study found that mature security programs, marked by robust teams and leadership support, are characterised by having at least three full-time employees in their security awareness teams. In some cases, this isn’t feasible for an organisation and this is where outsourcing comes in. By outsourcing security awareness, organisations can ensure that they have access to security awareness experts, to keep their organisation educated. Here at Black Arrow we offer regular security and awareness training, bespoke to your organisation, for your employees and leadership team.

Source: [Help Net Security]

Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins

Cyber security provider Proofpoint reported that high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks. More alarmingly, according to Proofpoint, around one-third (35%) of the compromised users had multi-factor authentication (MFA) enabled.

The attacks come amid a rise in cases of EvilProxy, a phishing tool that allows attackers to steal even MFA-protected credentials. In the three months to June 2023, around 120,000 EvilProxy phishing emails were observed being sent to hundreds of targeted organisations globally, with many targeting Microsoft 365 user accounts in particular. Approximately 39% of the victims were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Users must be trained effectively, to help mitigate the chance of them suffering a phishing attack. The C-suite is no exception.

Sources: [Help Net Security] [Security Affairs]

UK Shaken by Major Data Breaches

Recent major data breaches impacting crucial institutions like the UK Electoral Commission (which exposed the data of 40 million UK voters) and the Police Service of Northern Ireland, have brought attention to potential risks. Following a recent freedom of information request 10,000 police officers and staff details where published including details such as first name and surname, their rank or grade and the unit and where they are based. This breach occurred when a junior member of staff forgot to remove the master spreadsheet containing sensitive data when responding to the request.

Sources: [Telegraph] [Tech Crunch]

Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack

The UK government has raised the threat level posed by cyber attacks, now deeming the risk of cyber attacks to be more severe than that presented by small-scale chemical, biological, radiological, or nuclear (CBRN) attacks according to the latest National Risk Register (NRR) report for 2023. The report also highlighted artificial intelligence (AI) as a “chronic risk” – that is, one that poses “continuous challenges that erode our economy, community, way of life, and/or national security”.

Sources: [ITPro] [Infosecurity Magazine]

Mac Users are Facing More Dangerous Security Threats Than Ever Before

Apple’s MacBook Pro or iPhone devices are often perceived as safer, from a cyber security standpoint, compared to those from Microsoft or Google, mostly because of its “walled garden” approach. However, another key reason why hackers were not historically as interested in Apple was the smaller market share Apple held. That is no longer the case and as attacks are rising against Apple devices, this is something we expect to see continuing to accelerate.

In the last 10 years, Apple’s market share on desktop has increased from less than 7.5% to just over 20% today. Apple frequently patches actively exploited vulnerabilities, with overall 261 security vulnerabilities addressed so far this year. A recent report found that Mac users are targeted by three key threats: Trojans, Adware, and Potentially Unwanted Applications (PUA). Of the three, Trojans are the biggest single threat, making up more than half of all threat detections. Of all those detections, around half (52.7%) were for the EvilQuest encryption malicious software.

Source: [Techradar]

Cyber Attack to Cost Outsourcing Firm Capita up to £25m

Capita expects to take a financial hit of as much as £25m as a result of a cyber attack that began in March, pushing the outsourcing group to a pre-tax loss of almost £68m for the first half of the year. The group is still recovering from the attack by the Black Basta ransomware group, which hacked its Microsoft Office 365 software and accessed the personal data of staff working for the company and dozens of clients. Capita, which runs crucial services for local councils, the military, and the NHS, estimated that the financial costs associated with what it called the “cyber incident” would be between £20m and £25m. Previous estimates had put the cost at £15m to £20m.

The group said this new figure reflected the complexities of analysing the “exfiltrated” data, as well as costs of recovery and remediation and new investment to improve its cyber security. However, Capita said it was not currently able to estimate the level of any potential fine related to the incident and had not yet made any provision to cover any future costs. The company’s shares fell by more than 12% in morning trading on Friday after the release of its results, making it the biggest faller on the FTSE 250.

Source: [Guardian]

Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources

A report published by BlackBerry noted a 40% rise in cyber attacks against public sector organisations and government institutions. One of the reasons is the limited resources and resistance that these government and public have; this makes it much easier for an attacker. An easy target is an attractive target.

Source: [Financial Express]

Governance, Risk and Compliance

• SMB cyber security: Cyber Security challenge: SMBs and large enterprises face common threat but separate response routes - The Economic Times (indiatimes.com)

• Protecting Against Sophisticated Cyber attacks Requires Layered Defense (forbes.com)

• Managing human cyber risks matters now more than ever - Help Net Security

• Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)

• How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)

• Recent threat intelligence study indicates reactive measures are prioritized by most organisations over proactive | SC Media (scmagazine.com)

• Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru

• Cyber attack to cost outsourcing firm Capita up to £25m | Capita | The Guardian

• 9 common risk management failures and how to avoid them | TechTarget

• Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE

• Safeguarding Businesses From Data Privacy And Cyber security Risk (forbes.com)

• How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)

• What happens if cyber insurance becomes unviable? - Raconteur

• Only 22% of Firms Have Mature Threat Intelligence Programs - Infosecurity Magazine (infosecurity-magazine.com)

• NIST announces rare overhaul of security framework, focusing on organisational leadership | ITPro

• Protection is No Longer Straightforward – Why More Cyber Security Solutions Must Incorporate Context - Security Week

• Cyber Security Must Focus on the Goals of Criminals (informationweek.com)

• Going Up! How to Handle Rising Cyber Security Costs (securityintelligence.com)

• Maintaining Data Security Amidst Rising Concerns of Cyber attacks (techreport.com)

• Why it’s time for everyone to reorient their thinking about cyber security | Federal News Network

• 'Confusing, misleading or just plain wrong': Researchers explain why cyber security is needlessly complex - Study Finds

• It's Time for Cyber security to Talk About Climate Change (darkreading.com)

• Prioritizing cyber attacks still needs a lot of work, according to new Picus Labs report - SiliconANGLE

• It's not always malware (betanews.com)

• Act Before You're Hacked (forbes.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Healthcare and Finance Firms Ranked as Leading Targets for Cyber Attacks - MSSP Alert

• Ransomware victim numbers surge as attackers target zero-day vulnerabilities | CSO Online

• Definitive Guide to Ransomware 2023 | IBM whitepaper | ITPro | ITPro

• UK Think Tank Proposes Greater Ransomware Reporting From Cyber Insurance to Government – Security Week

• The ransomware rollercoaster continues as criminals advance their business models - Help Net Security

• Data exfiltration is now the go-to cyber extortion strategy - Help Net Security

• Clop ransomware now uses torrents to leak data and evade takedowns (bleepingcomputer.com)

• Spot Fake Extortion Attacks Without Wasting Time and Money (securityintelligence.com)

• The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO - Security Affairs

• New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (thehackernews.com)

• Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits (darkreading.com)

• Recent ransomware attacks share curiously similar tactics - Help Net Security

• Ransomware Attacks: 20 Essential Considerations For Prep And Response (forbes.com)

• Ransomware attacks cost manufacturing sector $46 billion in downtime since 2018, report claims | Tripwire

• Navigating the gray zone of ransomware payment practices - Help Net Security

• Anatomy of a Black Basta Ransomware Attack on BankCard USA - MSSP Alert

• Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (darkreading.com)

• Clop Gang Offers Data Downloads Via Torrents - Infosecurity Magazine (infosecurity-magazine.com)

• The volume of ransomware attacks is dropping - but it’s no time to get complacent (networkingplus.co.uk)

• FortiGuard Labs: Organisations Detecting Ransomware Decline as the Volume and Impact of Targeted Attacks Continue to Rise (fortinet.com)

• Suspected Vietnamese hacker targets Chinese, Bulgarian organisations with new ransomware (therecord.media)

• Ransomware gangs are targeting public schools | Fortune

• New Report Exposes Vice Society's Collaboration with Rhysida Ransomware (thehackernews.com)

• White House Holds First-Ever Summit on Ransomware Crisis Plaguing Public Schools (insurancejournal.com)

• Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)

• Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)

• Best practices for reporting ransomware attacks | TechTarget

• Ransomware, healthcare and incident response: Lessons from the Allscripts attack | CSO Online

• Microsoft OneDrive is a willing 'ransomware double agent' • The Register

• Threat Report: Ransomware Down, Targeted Attacks on the Rise (inforisktoday.com)

• Rasnake: Ransomware Now Threatens All, Not Just Elites | Newsmax.com

• The Ransomware Prevention Guide For SMBs - GovInfoSecurity

Ransomware Victims

• Hospital System Goes Back To Paper Following Ransomware Attack (forbes.com)

• ‘Data Security Incident’: 16 Hospitals across Four States Forced to Close after Cyber attack - News18

• Cyber attack forces hospitals to divert ambulances in Connecticut and Pennsylvania | CNN Politics

• Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)

• Colorado Department of Higher Education warns of massive data breach (bleepingcomputer.com)

• Israel hospital hacking disrupts services; cyber attackers unknown - Israel News - The Jerusalem Post (jpost.com)

• Bnei Brak hospital hit by cyber attack, bringing down computers | The Times of Israel

• LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)

• Breach Connected to MOVEit Flaw Affects Missouri Medicaid Recipients - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker stole more than $6 million from New Haven Public Schools (wfsb.com)

Phishing & Email Based Attacks

• Hackers are targeting top executives to steal their work logins | TechRadar

• Microsoft 365 accounts of execs, managers hijacked through EvilProxy - Help Net Security

• 9 of 10 Cyber attacks Start with a Phish, Comcast Study Shows - MSSP Alert

• Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)

• AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times

• First quarter of 2023 saw 88% rise in phishing attacks: Kaspersky | The Peninsula Qatar

• RTL Today - Up to 80% of all cyber attacks: Phishing attempts surge in post-pandemic age

• 100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com

• Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg

• Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)

BEC – Business Email Compromise

• 37% of third-party applications have high-risk permissions - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Social engineering biggest threat to online safety - Avast (securitybrief.co.nz)

Artificial Intelligence

• 75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices (darkreading.com)

• When your teammate is a machine: 8 questions CISOs should be asking about AI | CSO Online

• Generative AI In Cyber Should Worry Us, Here’s Why (forbes.com)

• How to Prepare for ChatGPT's Risk Management Challenges (darkreading.com)

• AI chatbots like ChatGPT could be security nightmares - and experts are trying to contain the chaos | TechRadar

• Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian

• White House offers prize money for hacker-thwarting AI (techxplore.com)

• Criminals Have Created Their Own ChatGPT Clones | WIRED UK

• AI making cyber attacks more effective - Tech Monitor

• AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times

• Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)

• Hackers Released New Black Hat AI Tool Evil-GPT (cybersecuritynews.com)

• Cyber security In The Age Of AI (forbes.com)

• In the age of ChatGPT, Macs are under malware assault | Digital Trends

• AI can now steal your passwords with almost 100% accuracy | Digital Trends

• Microsoft AI Red Team building future of safer AI | Microsoft Security Blog

• ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)

• Why We Need to Manage the Risk of AI Browser Extensions - Infosecurity Magazine (infosecurity-magazine.com)

• AI hacking gets White House backing; some already go rogue (9to5mac.com)

• Zoom trains its AI model with some user data, without giving them an opt-out option - Security Affairs

• OpenAI to Unleash New Web Crawler to Devour More of the Open Web - Decrypt

• 5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)

2FA/MFA

• Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)

• Microsoft Authenticator will soon provide codes via WhatsApp - gHacks Tech News

• LastPass removes the master password from customers’ login with FIDO2 authenticators - Help Net Security

Malware

• In the age of ChatGPT, Macs are under malware assault | Digital Trends

• Mac users are facing more dangerous security threats than ever before | TechRadar

• Threat intelligence's key role in mitigating malware threats - Help Net Security

• This PowerPoint could help hackers empty your bank account | Digital Trends

• Safeguarding Against Silent Cyber Threats: Exploring the Stealer Log Lifecycle (bleepingcomputer.com)

• Israel cyber security agency says no breach after senior official self-infects home PC with malware | TechCrunch

• Latest Batloader Campaigns Use Pyarmor Pro for Evasion (trendmicro.com)

• Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)

• Malicious npm Packages Found Exfiltrating Sensitive Data from Developers (thehackernews.com)

• Fake VMware vConnector package on PyPI targets IT pros (bleepingcomputer.com)

• New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs (thehackernews.com)

• Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)

• QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)

• This Mac Utility Is Now Malware (howtogeek.com)

• Hackers use open source Merlin post-exploitation toolkit in attacks (bleepingcomputer.com)

• New Statc Stealer Malware Emerges: Your Sensitive Data at Risk (thehackernews.com)

• Gafgyt malware exploits five-years-old flaw in EoL Zyxel router (bleepingcomputer.com)

• CISA: New Whirlpool backdoor used in Barracuda ESG hacks (bleepingcomputer.com)

Mobile

• Google explains how Android malware slips onto Google Play Store (bleepingcomputer.com)

• Czech cyber security experts warn against BaiRBIE.me app | Radio Prague International

• Removing Spyware From Your Android Phone: A How-To Guide (slashgear.com)

• How executives' personal devices threaten business security - Help Net Security

• Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)

• Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)

• 40 Vulnerabilities Patched in Android With August 2023 Security Updates - Security Week

• Android 14 to let you block connections to unencrypted cellular networks (bleepingcomputer.com)

Botnets

• QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)

• Two-Thirds of UK Sites Vulnerable to Bad Bots - Infosecurity Magazine (infosecurity-magazine.com)

Denial of Service/DoS/DDOS

• Analysing Network Chaos Leads to Better DDoS Detection (darkreading.com)

• How to accelerate and access DDoS protection services using GRE - Help Net Security

• Researchers Strengthen Defences Against Common Cyber attack - CleanTechnica

Internet of Things – IoT

• What is IoT Security? | TechTarget

• Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED

• Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says (darkreading.com)

• The new technology that is making cars easier for criminals to steal, or crash (techxplore.com)

Data Breaches/Leaks

• Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)

• Over 200 Million Brits Have Data Compromised in Four Years - Infosecurity Magazine (infosecurity-magazine.com)

• The Top 10 Countries Being Bombarded by Data Breaches (gizmodo.com)

• UK Shaken by Major Data Breaches: Security Concerns Surge Over Data Protection Changes | Open Rights Group

• UK Electoral Commission hacked by 'hostile actors' | Reuters

• PSNI officers who work with MI5 face relocation after ‘humongous’ security breach (telegraph.co.uk)

• Northern Ireland police investigate second data breach after documents containing officers' names stolen | UK News | Sky News

• Burger King Serves Up Sensitive Data, No Mayo (darkreading.com)

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• TunnelCrack attack may cause vulnerable VPNs to leak traffic • The Register

• Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)

• How safe is my data after a hack or leak? - BBC News

Organised Crime & Criminal Actors

• Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD

• New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs (thehackernews.com)

• IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)

• Interpol Shuts Down African Cyber crime Group, Seizes $2 Million (darkreading.com)

• Cyber security Must Focus on the Goals of Criminals (informationweek.com)

• How fame-seeking teenagers hacked some of the world’s biggest targets | Ars Technica

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• BlackBerry Discloses Major Crypto-Based Malware - The Tech Report

• FBI warns of phishing scams and social media account hijackers (cointelegraph.com)

• Crypto heavyweights back new cyber security standards after nearly $4 billion was lost to hacks in 2022 | Fortune Crypto

• Only 6 out of 45 crypto wallet brands have undergone penetration testing: Report (cointelegraph.com)

• Worldcoin is scanning eyeballs to build a global ID and finance system. Governments are not impressed (theconversation.com)

Insider Risk and Insider Threats

• Managing human cyber risks matters now more than ever - Help Net Security

• History’s Greatest Insider Threats - IT Security Guru

• US Navy sailors charged with stealing secret info for China • The Register

• Get consent before you monitor your staff, UK MPs suggest • The Register

Fraud, Scams & Financial Crime

• Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly

• Extended warranty robocallers fined $300 million after 5 billion scam calls (bleepingcomputer.com)

• Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian

• Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)

Impersonation Attacks

• Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly

Insurance

• What happens if cyber insurance becomes unviable? - Raconteur

• Cyber Insurance Experts Make a Case for Coverage, Protection (darkreading.com)

• 5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)

• 10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)

• Lower Data Breach Insurance Costs with These Tips (trendmicro.com)

Dark Web

• Dark web activity targeting the financial sector - Help Net Security

• ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)

• Dark Web Threat Actors Targeting macOS | Accenture

Supply Chain and Third Parties

• Government contractor plunges after £25m cyber attack - The Mail (mailplus.co.uk)

• 37% of third-party applications have high-risk permissions - Help Net Security

Software Supply Chain

• Unravelling the importance of software supply chain security - Help Net Security

• OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)

• 37% of third-party applications have high-risk permissions - Help Net Security

Cloud/SaaS

• Attackers Use EvilProxy to target C-suite Executives (inforisktoday.com)

• 100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com

• Credentials Account For Over Half of Cloud Compromises - Infosecurity Magazine (infosecurity-magazine.com)

• Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD

• Microsoft OneDrive is a willing 'ransomware double agent' • The Register

• Managing and Securing Distributed Cloud Environments - Security Week

• How hybrid cloud is transforming cyber security | ITPro

• Microsoft 365 guests + Power Apps = security nightmare • The Register

Containers

• Kubernetes clusters under attack in hundreds of organisations | CSO Online

Identity and Access Management

• CrowdStrike observes massive spike in identity-based attacks | TechTarget

• Keeper Security reveals SMBs at risk due to lack of PAM (securitybrief.co.nz)

• Understanding Active Directory Attack Paths to Improve Security (thehackernews.com)

• 91% of IT leaders better protected with PAM but want more affordable solutions - IT Security Guru

• Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)

• WhatsApp is working on phishing-proof passkey authentication (androidpolice.com)

• Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)

Encryption

• Cyber security Breakthrough: New Cipher System Protects Computers Against Spy Programs (scitechdaily.com)

• UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian

• Quantum computing: A threat to asymmetric encryption. (thecyberwire.com)

• What if WhatsApp really does leave the UK? - Tech Monitor

Open Source

• Is Open Source Security a Ticking Cyber Time Bomb? (securityintelligence.com)

• Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)

• Kemba Walden: We need to secure open source software | TechTarget

Passwords, Credential Stuffing & Brute Force Attacks

• Credentials Account For Over Half of Cloud Compromises - Infosecurity Magazine (infosecurity-magazine.com)

• How an 8-character password could be cracked in just a few minutes (techrepublic.com)

• AI can now steal your passwords with almost 100% accuracy | Digital Trends

• US Dept. of the Interior Employees Use Accounts That Are Easily Hacked (businessinsider.com)

• LastPass removes the master password from customers’ login with FIDO2 authenticators - Help Net Security

Biometrics

• Worldcoin is scanning eyeballs to build a global ID and finance system. Governments are not impressed (theconversation.com)

• Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)

Social Media

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

Malvertising

• Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)

• Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)

• Not so fast: Don’t click that fake Amazon or Microsoft ad. Here’s why | Fox News

Training, Education and Awareness

• Managing human cyber risks matters now more than ever - Help Net Security

• Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)

Travel

• I'm a cyber security expert, here's why your airport selfie is a gift to scammers | Daily Mail Online

• Free Airline Miles, Hotel Points, and User Data Put at Risk by Flaws in Points Platform | WIRED

Parental Controls and Child Safety

• Cyber security expert warns parents of online predators, social media usage (wptv.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Most domestic abuse cases feature spyware and remote monitoring, MPs warn | E&T Magazine (theiet.org)

• Baby monitors and smart speakers enabling abuse, say MPs - BBC News

Regulations, Fines and Legislation

• SEC Adopts Final Rules on Cyber security Risk Management, Strategy, Governance and Incident Disclosure by Public Companies | Akin Gump Strauss Hauer & Feld LLP - JDSupra

• How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)

• What does the Data Protection and Digital Information (DPID) Bill mean for small businesses? | ITPro

• The Problem With Cyber security (and AI Security) Regulation (darkreading.com)

• CISA Unveils Cyber security Strategic Plan for Next 3 Years - Security Week

• The 5 Ways The SEC Failed Investors On Cyber security (forbes.com)

• What if WhatsApp really does leave the UK? - Tech Monitor

• America’s messy cyber regulations are no match for its adversaries | Financial Times (ft.com)

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• Banks hit with $549 million in fines for using Signal and WhatsApp to evade regulators (nbcnews.com)

• ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro

• UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian

Models, Frameworks and Standards

• NIST Drafts Major Update to Its Widely Used Cyber security Framework | NIST

• Understanding NIST CSF and MITRE ATT&CK Security Frameworks - The New Stack

• OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)

• Understanding Changes in the OWASP API Security Top 10 List - IT Security Guru

• 5 steps to ensure HIPAA compliance on mobile devices | TechTarget

Data Protection

• UK Shaken by Major Data Breaches: Security Concerns Surge Over Data Protection Changes | Open Rights Group

• Regulator: “Harmful” Web Design Could Break Data Protection Laws - Infosecurity Magazine (infosecurity-magazine.com)

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro

Careers, Working in Cyber and Information Security

• Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru

• Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE

• Using creative recruitment strategies to tackle the cyber security skills shortage - Help Net Security

• Why cyber security is a blue-collar job - Help Net Security

• Will AI kill cyber security jobs? - Help Net Security

• Will CISOs become obsolete in the future? (betanews.com)

• 6 Essential Strategies for Enterprise Cyber security Workforce Development (govinfosecurity.com)

• Seasoned cyber pros are more complacent in their skills than junior staff - Help Net Security

Law Enforcement Action and Take Downs

• IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)

• Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)

Privacy, Surveillance and Mass Monitoring

• Missing persons NGO alliance kicks off global facial recognition initiative | Biometric Update

• China drafts rules for using facial recognition data - Japan Today

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• Zoom trains its AI model with some user data, without giving them an opt-out option - Security Affairs

• ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro

• Worldcoin is scanning eyeballs to build a global ID and finance system. Governments are not impressed (theconversation.com)

• Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Electoral Commission cyber attack: Everything we know about the hack as Russia 'tops list' of suspects (inews.co.uk)

• BlueCharlie changes attack infrastructure in response to reports on its activity - Security Affairs

• The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO - Security Affairs

• Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)

• SpaceX's private control of satellite internet concerns military leaders | Space

• Analysts Say Use of Spyware During Conflict Is Chilling (voanews.com)

• Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)

• Cyber security experts discuss wins, losses and lessons at western Ukraine gathering : NPR

• Ukrainian official: Russian hackers change tactics from disruptive attacks | CyberScoop

• Ukraine Fends Off Sandworm Battlefield Espionage Ploy (govinfosecurity.com)

• Victor Zhora on cataloging cyber war crime evidence against Russian hackers targeting Ukraine | CyberScoop

• Microsoft addresses Office vulnerability attacked by Russian spooks in latest update | Computer Weekly

• Hackers with links to Pro-Russian groups compromised foreign embassies in Belarus, researchers say | CyberScoop

• New Cyber Threat 'MoustachedBouncer' Targets Embassies in Belarus - Infosecurity Magazine (infosecurity-magazine.com)

• Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop

• US, Ukraine cyber leaders talk resilience, collaboration | TechTarget

• Kyiv Cyber Defenders Spot Open-Source RAT in Phishing Emails (govinfosecurity.com)

• North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs

• LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)

China

• China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign (thehackernews.com)

• Electric vehicle threat: China will use its EV dominance to spy: UK warning (afr.com)

• UK security must not be sacrificed to net zero (telegraph.co.uk)

• Chinese cyber attacks on Japan prompts US push for stronger defences - Nikkei Asia

• China reportedly had ‘deep, persistent access’ to Japanese networks for months | Engadget

• Why the China cyber threat demands an airtight public-private response (federaltimes.com)

• China not ahead of US in cyber and surveillance, NSA head says - Nextgov/FCW

• China drafts rules for using facial recognition data - Japan Today

• US Navy sailors charged with stealing secret info for China • The Register

• RedHotel Checks in as Dominant China-Backed Cyber Spy Group (darkreading.com)

• US Navy sailors charged with stealing secret info for China • The Register

• APT31 Linked to Recent Industrial Attacks in Eastern Europe - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg

Iran

• Iranian state ‘now biggest threat to UK’ (thetimes.co.uk)

• Iranian cyber spies are targeting dissidents in Germany, warns intelligence service (therecord.media)

North Korea

• Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)

• When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule (securityintelligence.com)

• North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs

Misc/Other/Unknown

• Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD

• Security News This Week: The Cloud Company at the Center of a Global Hacking Spree | WIRED

Vulnerability Management

• Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities - Security Week

• How an unpatched Microsoft Exchange 0-day likely caused one of the UK’s biggest hacks ever | Ars Technica

• Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken? | CSO Online

• Microsoft hits back at Tenable’s criticism of its infosec • The Register

• The Four Pillars of Vulnerability Management - GovInfoSecurity

• Has Microsoft cut security corners once too often? | Computerworld

• Why Shellshock Remains a Cyber security Threat After 9 Years (darkreading.com)

• The 7 Worst Software Vulnerabilities of All Time (makeuseof.com)

Vulnerabilities

• Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws - Security Affairs

• Microsoft, Intel lead this month's security fix emissions • The Register

• Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications (darkreading.com)

• Nearly every AMD CPU since 2017 vulnerable to Inception bug • The Register

• Microsoft fixes flaw after being called irresponsible by Tenable CEO (bleepingcomputer.com)

• New PaperCut critical bug exposes unpatched servers to RCE attacks (bleepingcomputer.com)

• Google Chrome will get weekly security updates - gHacks Tech News

• Downfall: New Intel CPU Attack Exposing Sensitive Information - Security Week

• Adobe Releases Security Updates for Multiple Products | CISA

• New 'Inception' Side-Channel Attack Targets AMD Processors - Security Week

• Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs (thehackernews.com)

• Dell Credentials Bug Opens VMWare Environments to Takeover (darkreading.com)

Tools and Controls

• Managing human cyber risks matters now more than ever - Help Net Security

• Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR (darkreading.com)

• MDR: Empowering Organisations with Enhanced Security (thehackernews.com)

• 9 common risk management failures and how to avoid them | TechTarget

• Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)

• Only 22% of Firms Have Mature Threat Intelligence Programs - Infosecurity Magazine (infosecurity-magazine.com)

• Here’s Why You Need Identity, Privacy, and Device Protection (finextra.com)

• What Is Content Disarm and Reconstruction? How CDR Tools Protect You From Malicious Files (makeuseof.com)

• Attacker Breakout Time Shrinks Again, Underscoring Need for Automation (darkreading.com)

• Managing and Securing Distributed Cloud Environments - Security Week

• How to handle API sprawl and the security threat it poses - Help Net Security

• Threat intelligence's key role in mitigating malware threats - Help Net Security

• What Is Comprehensive Cyber-Resiliency? - The Futurum Group

• The Role of AI in Cyber security and Threat Detection: 5 Use Cases | by David Silva | Aug, 2023 | UX Planet

• Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)

• 10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)

• Lower Data Breach Insurance Costs with These Tips (trendmicro.com)

• AI Risk Database Tackles AI Supply Chain Risks (darkreading.com)

Other News

• UK Sounds Warning Over Targeted Healthcare Attack (databreachtoday.co.uk)

• British Government Report Highlights Pressing Risks: Terrorism, Cyber Attacks, and International Conflicts - Shafaq News

• Budget constraints threaten cybersecurity in government bodies - Help Net Security

• Threat of cyber attacks to national security compared to that of chemical weapons | ITPro

• UK Government: Cyber Attacks Could Kill or Maim Thousands - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Signals: Sporting events and venues draw cyberthreats at increasing rates | Microsoft Security Blog

• Cyber Security A Major Vulnerability In The Not For Profit Sector | Scoop News

• Government and public services face 40% more cyberattacks, struggle to protect due to lack of resources: Report | The Financial Express

• Hacker attacks on Mac users are 10x as high as they were in 2019, report says | iMore

• Venture Capital Investments at Risk: DynaRisk Identifies Critical Cybersecurity Gaps in Companies Backed By Some Of London’s Biggest VC Funds | Pressat

• Cyber Security Threats From Online Gaming – Analysis – Eurasia Review

• Satellites easier to hack than a Windows device | Cybernews

• Cyber attack cost Interserve more than £11m | News | Building

• Exploitable Vulnerabilities That Expose Healthcare Facilities Surged Nearly 60% Since 2022, New Research Report Finds (prweb.com)

• Environmental Regulations, OT & the Maritime Industry's New Challenges (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

Microsoft’s August Patch Tuesday provides updates to address 86 security issues across its product range, including two zero-day vulnerabilities (CVE-2023-36884, CVE-2023-38180). The vulnerabilities allow remote code execution and denial of service. Among the updates provided by Microsoft, 6 addressed critical vulnerabilities.

What’s the risk to me or my business?

The vulnerabilities allow an attacker to remotely execute code and cause a denial-of-service, impacting the confidentiality, integrity and availability of data held by an organisation. CVE-2023-38180, which is a denial-of-service vulnerability has been recorded by the US Cybersecurity and Infrastructure Security Agency (CISA) in its “Known Exploited Vulnerabilities” Catalogue.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied immediately for the zero-day vulnerabilities and as soon as possible for all other vulnerabilities.  Microsoft has also published an separate advisory for CVE-2023-36884.

Technical Summary

CVE-2023-36884: This vulnerability, if exploited allows threat actors to create specially crafted documents which bypass Mark of the Web (MoTW) security features, causing files to be opened with no warning, allowing a threat actor to perform remote code execution.

CVE-2023-38180: The actively exploited vulnerability allows an attacker to cause a denial-of-service attack on .NET applications and Visual Studio.

Adobe

In addition to Microsoft’s Patch Tuesday Adobe released fixes for 36 vulnerabilities, of which 19 were rated critical. The critical vulnerabilities spanned across Adobe Acrobat and Reader (16), Adobe Commerce and  Adobe Dimension (2). At current, Adobe is not aware of any of these vulnerabilities being actively exploited. The vulnerabilities include remote code execution, memory leak and security bypass.

further details on other specific updates within this patch Tuesday can be found here:

https://www.ghacks.net/2023/08/08/the-windows-august-2023-security-updates-fix-critical-vulnerabilities-and-internet-explorer/

Further details about CVE-2023-38180 can be found here:                     

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180

Further details about CVE-2023-36884 can be found here:                     

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884  

The advisory from Microsoft can be found here:

Further information on CISA’s Known Exploited Vulnerabilities Catalog can be found here:

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://msrc.microsoft.com/update-guide/vulnerability/ADV230003

Further details of the vulnerabilities addressed in Adobe Acrobat DC and Reader can be found here: https://helpx.adobe.com/security/products/acrobat/apsb23-30.html

Further details of the vulnerabilities addressed in Adobe Commerce can be found here: https://helpx.adobe.com/security/products/magento/apsb23-42.html

Further details of the vulnerabilities addressed in Adobe Dimension can be found here: https://helpx.adobe.com/security/products/dimension/apsb23-44.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity 

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Top 12 Exploited Vulnerabilities List Highlights Troubling Reality That Many Organisations Are Still Not Patching

A joint advisory from US and allied cyber security agencies highlights the top routinely exploited vulnerabilities. This is a list that includes old and well-known bugs that many organisations still have not patched, including some vulnerabilities that have been known for more than five years. The list underscores how exploiting years-old vulnerabilities in unpatched systems continues to dominate the threat landscape. Organisations are more likely to be compromised by a bug found in 2021 or 2020 than they are by ones discovered over the past year.

This report emphasises that a vulnerability management strategy relying solely on CVSS for vulnerability prioritisation is proving to be insufficient at best; CVSS is an established method for assigning criticality scores to known vulnerabilities based on different scoring criteria. Additional context is required to allow for a more scalable and effective prioritisation strategy. This context should stem from internal sources, for example, the target environment (asset criticality, mitigating controls, reachability), as well as from external sources, which will permit a better assessment of the likelihood and feasibility of exploitation. Most organisations have a limited patching capacity, affected by the tooling, processes, and skills at their disposal. The challenge is to direct that limited patching capacity towards vulnerabilities that matter most in terms of risk reduction. Therefore, the task of sifting the signal through the noise is becoming increasingly more important.

Sources: [HelpNetSecurity] [NSA.gov] [SCMagazine]

67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious

In a report that leveraged data from 23.5 billion cyber security attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities it was found that approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phishing email.

A separate report found that there was a 36% rise in cyber attacks in the first half of 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. In addition, malware accounted for 20% of attacks, and business email compromise (BEC) constituted 8%.

The findings reinforce the need for organisations to employ effective and regular security awareness training for users to better help them to not only identify, but also report such attacks to help strengthen the cyber resilience of the organisation. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.

Source: [Security Intelligence]

Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence

Cases of straight-up data theft and extortion now appear to be more widespread a threat than ransomware, becoming the single most observed threat in the second calendar quarter of 2023, according to new data released by researchers. 1,378 organisations have been named as victims on ransomware data-leak websites in Q2 2023. This was a 64.4% increase from the record-breaking number of victims named in Q1 2023.

Despite both the rise in threats and the high percentage of respondents whose organisations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience. In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.

Sources: [Forbes] [HelpNetSecurity] [ComputerWeekly] [SecurityBrief.co.nz] [Malwarebytes]

The Generative AI War Between Companies and Hackers is Starting

To no one’s surprise, criminals are tapping open-source generative AI programs for all kinds of heinous acts, including developing malware and phishing attacks, according to the FBI. This comes as the UK National Risk Register officially classes AI as a long-term security threat. It’s safe to say AI is certainly a controversial field right now, with the battle between companies and hackers really starting to take place; only recently had technology giants such as Amazon, Google, Meta and Microsoft met with the US President Joe Biden to pledge to follow safeguards.

A recent report from security firm Barracuda has found that between August 2022 and July 2023, ransomware attacks had doubled and this surge has largely been driven by the breaching of networks via AI-crafted phishing campaigns, as well as automating attacks to increase reach, again using AI.

Despite the controversy, AI can be of tremendous value to organisations, helping to streamline and automate tasks. Organisations employing or looking to employ AI in the workplace should also have effective governance and identification procedures over the usage of said AI. Equally, when it comes to defending against AI attacks, organisations need to have a clear picture of their attack landscape, with layers of defence.

Sources: [CSO Online] [PC MAG] [CNBC] [Tech Radar]

Spend to Save: The CFO’s Guide to Cyber Security Investment

As a CFO, you need to make smart choices about cyber security investments. The increasing impact of data breaches creates a paradox: While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending should be seen an investment in the future of your business.

The impact of a cyber event extends beyond quantifiable currency loss. Further impacts include those of reputation and customer retention. CFOs should look to identify weak spots, understand the effect these can have, pick the right solution that mitigates these and finally, advocate cyber security and robust governance at the board level.

It is important to remember, cyber security is not just a technical issue, but also a business one, and you have a key role in ensuring the security and resilience of your organisation.

Source: [Security Intelligence]

Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril

The debate over whether the CISO should, by the very nature of the position, be considered a member of the C-suite has been raging for some time and seems likely to continue for a good while to come. CISOs should not only have a seat among the uppermost echelon at the big table but also be recognised as a foundational element in the success of any business.

There is a danger that, without an effective CISO, organisations can end up in a perilous situation in which there's no one driving the cyber security bus at a time when vulnerabilities and incidents are ever on the rise. When the CISO has a seat at the big table, everybody wins.

Source [CSO Online]

How the Talent Shortage Impacts Cyber Security Leadership

The lack of a skilled cyber security workforce hampers the effectiveness of an organisation’s security program. While technologies like AI and machine learning can provide some support, they are not sufficient, especially for small and medium sized businesses (SMBs). The cyber security workforce shortage affects not just current security but the future of leadership roles, including CISOs and CSOs.

Today’s CISOs require a blend of technology and business understanding. According to the (ISC)2 2022 Workforce Study, the global cyber security workforce is nearly 5 million and growing at 26% yearly. However, more than 3 million jobs still need to be filled, including specialised roles in cloud security, data protection, and incident response. This gap jeopardises functions like risk assessment, oversight, and systems patching.

The greatest talent shortage is found in soft skills, leading to a trend of looking outside the traditional security talent pool. The future of CISOs will likely require a solid security background, but as the talent gap widens, finding leadership candidates from the existing pool may remain challenging.

Source: [Security Intelligence]

Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods

A recent report by cyber security company identified a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services. The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.

Whilst Facebook and Salesforce have now addressed the issue, it goes to show that technology alone is not enough to stop phishing; operational and people controls are still necessary and should form part of an effective organisational response.

Source: [Security Brief]

Cyber Insurance and the Ransomware Challenge

The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cyber criminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort.

While the insurance industry has the power to do this, there are still challenges that need to be addressed in the underwriting process. Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach. This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand. Namely, that the underwriting process for cyber insurance policies is still not that sophisticated. Most underwriters are poorly equipped to effectively measure the cyber risk exposure of new or renewing customers.

Sources: [RUSI] [Dark Reading]

Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard.

"In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities" Microsoft said. "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organisation by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts."

Source: [TheHackerNews]

66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies

A recent report found that 66% of cyber security leaders don’t trust their current cyber risk mitigation strategies. It was also found that while 90% of respondents say their organisation has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.

In some cases, it can be hard to get the necessary talent to build out the cyber security arm of an organisation; this is where organisations can look towards outsourcing to fulfil positions with expertise. At Black Arrow we offer many services to help you to govern your cyber security, including as virtual CISO that leverages our diverse team with backgrounds from British intelligence, board governance, IT and finance.

Source: [ITSecurityWire]

UK legal Sector at Risk, National Cyber Security Centre Warns

Over the past three years more than 200 ransomware attacks worldwide have been inflicted on companies in the legal industry. The UK was the second most-attacked country constituting 2.3% of all ransomware attacks across various sectors. The legal sector was the fourth most-attacked industry in the UK in 2022. Ransomware groups are indiscriminate in their targeting, attacking companies of all sizes, from small law firms with only ten employees to large firms with 1,000+ employees, and ranging in revenue from companies generating £100 million to those with under £3 million. No single kind of company is immune to these attacks.

The International Bar Association (IBA) has released a report to guide senior executives and boards in protecting their organisations from cyber risk. Entitled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," the report aims to provide leaders with insight into the primary elements of a robust cyber risk management programme. Its recommendations for senior executives and boards encompass understanding the organisation's cyber risk profile, knowing what information assets to safeguard, being aware of significant regulatory requirements, and recognising the security standards utilised by the organisation.

Sources: [Todays Conveyancer] [Infosecurity Magazine]

Startups Should Move Fast and Remember Cyber Security

The importance of cyber security for startups, which can often be overlooked in the pursuit of fast-paced growth, cannot be overstated. However, cyber attacks can have devastating consequences for businesses of all sizes. The percentage of micro-businesses in the UK that consider cyber security a high priority has dropped from 80% to 68% in the past year, possibly due to wider economic pressures. Cyber criminals target businesses of all sizes, often initially using automated software to find weak spots. Startups can be particularly vulnerable due to their fast-paced environments and new or less familiar supply chains. The use of shared office spaces can also increase risk.

The UK DCMS/DSIT 2023 Cyber Security Breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone, with the average victim losing £15,300. Startups have the unique advantage of being able to implement cyber security best practices from the outset and embed them into company culture. It is recommended that startups prioritise cyber security from the get-go to protect their business and ensure long-term growth.

Source: [UKTech] [Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)]

Governance, Risk and Compliance

• Corporate boards take heed: Give CISOs the cold shoulder at your peril | CSO Online

• How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)

• New SEC Rules Require US Companies To Reveal Cyber Attacks Within 4 Days (informationsecuritybuzz.com)

• 66% of Cyber security Leaders Don't Trust Their Current Cyber Risk Mitigation Strategies - ITSecurityWire

• How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)

• Global Lawyers Unveil Cyber Best Practices for Execs - Infosecurity Magazine (infosecurity-magazine.com)

• From tech expertise to leadership: Unpacking the role of a CISO - Help Net Security

• Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)

• Companies make strides in cyber defence and resilience amid escalating cyber threats: Aon - Reinsurance News

• Data Security Can Make Or Break Your Business (forbes.com)

• Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• CISOs Need Backing to Take Charge of Security (darkreading.com)

• Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)

• The State Of Cyber security – Outlook And Challenges For 2023 And Beyond (informationsecuritybuzz.com)

• Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 67% of data breaches start with a single click - Help Net Security

• 1 in 100 emails is malicious - Help Net Security

• AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks have doubled thanks to AI | TechRadar

• The race against time in ransomware attacks - Help Net Security

• As Ransomware Attackers’ Motives Changes, So Should Your Defence (forbes.com)

• Global ransomware attacks at an all-time high, shows latest 2023 State of Ransomware report (malwarebytes.com)

• Ransomware gang increases attacks on insecure MSSQL servers | CSO Online

• MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)

• How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)

• Ransomware Attacks on Industrial Organisations Doubled in Past Year: Report - SecurityWeek

• In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online

• Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch

• Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)

• Cyber criminals pivot away from ransomware encryption | Computer Weekly

• Food manufacturers top three for ransomware attacks

• Ransomware on manufacturing industry caused $46bn in losses - IT Security Guru

• How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)

• 2023 State of Ransomware | Malwarebytes

• Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

• The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)

Ransomware Victims

• MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Hawai'i Community College pays ransomware gang to prevent data leak (bleepingcomputer.com)

• Scottish university UWS targeted by cyber attackers - BBC News

• Tempur Sealy isolated tech system to contain cyber burglary • The Register

• US govt contractor Serco discloses data breach after MoveIT attacks (bleepingcomputer.com)

Phishing & Email Based Attacks

• 1 in 100 emails is malicious - Help Net Security

• 67% of data breaches start with a single click - Help Net Security

• Russian Hackers Are Conducting Phishing Attacks via Microsoft Teams - MySmartPrice

• Salesforce, Meta suffer phishing campaign that evades typical detection methods (securitybrief.co.nz)

• Beware: Tricky phishing email targeting Twitter Blue subscribers with X rebranding confusion - 9to5Mac

• UK MoD Error Sends Emails to Russia’s Ally Instead of US - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop

• Threat actors abuse Google AMP for evasive phishing attacks (bleepingcomputer.com)

• Emerging Cyber security Threat: How Google AMP Phishing Attacks Are Bypassing Email Security Measures (informationsecuritybuzz.com)

BEC – Business Email Compromise

• 1 in 100 emails is malicious - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks have doubled thanks to AI | TechRadar

• UK calls artificial intelligence a “chronic risk” to its national security | CSO Online

• FBI warns of broad AI threats facing tech companies and the public | CyberScoop

• As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)

• Another AI Pitfall: Digital Mirroring Opens New Cyber attack Vector (darkreading.com)

• Intersection of generative AI, cyber security and digital trust | TechTarget

• Hackers are using AI to create vicious malware, says FBI | Digital Trends

• The generative A.I. war between companies and hackers is starting (cnbc.com)

• Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday

• 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)

• A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED

• Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)

• OWASP Top 10 for LLM applications is out! - Security Affairs

• Think tank wants monitoring of China's AI-enabled products • The Register

• UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian

• Deputy National Security Advisor Anne Neuberger on addressing the security threats of AI | CyberScoop

• Researchers figure out how to make AI misbehave, serve up prohibited content | Ars Technica

• Organisations want stronger AI regulation amid growing concerns - Help Net Security

• AI-enhanced images a ‘threat to democratic processes’, experts warn | Artificial intelligence (AI) | The Guardian

Malware

• Hackers Abusing Windows Search Feature to Install Remote Access Trojans (thehackernews.com)

• Hackers can abuse Microsoft Office executables to download malware (bleepingcomputer.com)

• IcedID Malware Adapts and Expands Threat with Updated BackConnect Module (thehackernews.com)

• Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin

• 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)

• Attackers can turn AWS SSM agents into remote access trojans - Help Net Security

• Hackers are infecting Modern Warfare 2 players with a self-spreading malware | TechSpot

• Chinese Malware Could Cut Power To US Military Bases, Businesses And Homes, Report Claims (forbes.com)

• Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT (thehackernews.com)

• Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs

• New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods (thehackernews.com)

• New persistent backdoor used in attacks on Barracuda ESG appliances - Help Net Security

• Cyber criminals Renting WikiLoader to Target Italian Organisations with Banking Trojan (thehackernews.com)

• MacOS malware discovered on Russian dark web forum | Security Magazine

• Apple Users Open to Remote Control via Tricky macOS Malware (darkreading.com)

• Hackers can gain complete control over your Mac with this new dark web hacking tool | Tom's Guide (tomsguide.com)

• Threat Actors Use AWS SSM Agent as a Remote Access Trojan - Infosecurity Magazine (infosecurity-magazine.com)

• NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs

• Chrome malware Rilide targets enterprise users via PowerPoint guides (bleepingcomputer.com)

• BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)

• Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist

• OT/IoT Malware Surges Tenfold in First Half of the Year - Infosecurity Magazine (infosecurity-magazine.com)

• CISA: New Submarine malware found on hacked Barracuda ESG appliances (bleepingcomputer.com)

Mobile

• New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)

• CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency (darkreading.com)

• Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)

• Google: Android patch gap makes n-days as dangerous as zero-days (bleepingcomputer.com)

• New smartphone vulnerability could allow hackers to track user location (techxplore.com)

• Hackers steal Signal, WhatsApp user data with fake Android chat app (bleepingcomputer.com)

• Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)

• SpyNote Android Spyware Strikes Financial Institutions - Infosecurity Magazine (infosecurity-magazine.com)

• Malicious Apps Use Sneaky Versioning Technique to Bypass Google Play Store Scanners (thehackernews.com)

Botnets

• Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs

Denial of Service/DoS/DDOS

• Navigating The Landscape Of Hacktivist DDoS Attacks (forbes.com)

• Israel's largest oil refinery website offline amid cyber attack claims (bleepingcomputer.com)

• Russian hackers crash Italian bank websites, cyber agency says | Reuters

• "Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches (thehackernews.com)

Internet of Things – IoT

• Canon warns of Wi-Fi security risks when discarding inkjet printers (bleepingcomputer.com)

Data Breaches/Leaks

• Cyber security breaches exposed 146 million records - ITSecurityWire

• Hack Crew Responsible for Stolen Data, NATO Investigates Claims (darkreading.com)

• Pentagon hit by ‘critical compromise’ of US air force communications – report | US military | The Guardian

• Doctors sign up to legal case against Capita over GP data breach - Pulse Today

• UK MoD Error Sends Emails to Russia’s Ally Instead of US - Infosecurity Magazine (infosecurity-magazine.com)

• Been Hacked? These are Your Next Steps | Entrepreneur

• Cyber attack on B.C. health websites may have taken workers’ personal information (thestar.com)

• NI Executive Office and Patient and Client Council rapped for data breach risks | BelfastTelegraph.co.uk

• Cyber security Recovery Guide: How to Recover from a Data Breach (thelondoneconomic.com)

Organised Crime & Criminal Actors

• As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)

• How Hackers Trick You With Basic Sales Techniques (makeuseof.com)

• Iranian Company Cloudzy Accused of Aiding Cyber criminals and Nation-State Hackers (thehackernews.com)

• Space Pirates Turn Cyber Sabers on Russian, Serbian Organisations (darkreading.com)

• Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist

• Hacktivists fund their operations using common cyber crime tactics (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto Hacks in July Resulted in $165 Million in Losses (beincrypto.com)

• New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)

• Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability (therecord.media)

• BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)

• Couple admit laundering $4B of stolen Bitfinex Bitcoins • The Register

Insider Risk and Insider Threats

• How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)

• US military battling cyber threats from within and without • The Register

Deepfakes

• Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)

Insurance

• Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)

• Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)

• Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)

Dark Web

• 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)

• MacOS malware discovered on Russian dark web forum | Security Magazine

Supply Chain and Third Parties

• Doctors sign up to legal case against Capita over GP data breach - Pulse Today

• Capita boss quits as potential fine looms for huge hack of confidential data | Capita | The Guardian

• Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)

Software Supply Chain

• Lessons Not Learned From Software Supply Chain Attacks (darkreading.com)

Cloud/SaaS

• Attackers can turn AWS SSM agents into remote access trojans - Help Net Security

• New Microsoft Azure AD CTS feature can be abused for lateral movement (bleepingcomputer.com)

• Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday

• In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online

• Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch

• These Are the Top Five Cloud Security Risks, Qualys Says - SecurityWeek

• North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch

• Google warns companies about keeping hackers out of cloud infrastructure | CyberScoop

Identity and Access Management

• The gap in users' identity security knowledge gives cyber criminals an opening - Help Net Security

Encryption

• Braverman fights Meta encryption plans ‘that aid paedophiles’ (thetimes.co.uk)

• SCARF cipher sets new standards in protecting sensitive data - Help Net Security

• Cult of Dead Cow hacktivists design encryption system for mobile apps - The Washington Post

Open Source

• Open-source security challenges and complexities - Help Net Security

• Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Retail chain Hot Topic discloses wave of credential-stuffing attacks (bleepingcomputer.com)

Biometrics

• Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update

Social Media

• Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin

• Salesforce, Meta suffer phishing campaign that evades typical detection methods (securitybrief.co.nz)

• Beware: Tricky phishing email targeting Twitter Blue subscribers with X rebranding confusion - 9to5Mac

• Social media giants on notice over foreign cyber threat (themandarin.com.au)

• NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs

• Instagram Flags AI-Generated Content (darkreading.com)

Travel

• Never share boarding passes online, cyber security experts warn travellers - NZ Herald

Regulations, Fines and Legislation

• New SEC Rules Require US Companies To Reveal Cyber Attacks Within 4 Days (informationsecuritybuzz.com)

• Strengthening Cyber security: Can The SEC’s New Rules Be Enforced? (forbes.com)

• CISA’s security-by-design initiative is at risk: Here’s a path forward | TechCrunch

• What is the Computer Fraud and Abuse Act (CFAA)? | Definition from TechTarget

• Why the California Delete Act Matters (darkreading.com)

• Organizations want stronger AI regulation amid growing concerns - Help Net Security

• Materiality Definition Seen as Tough Task in New SEC Cyber Rules | Mint (livemint.com)

• Cyber security Implementation Plan Offers a Roadmap for Cyber Priorities | Perkins Coie - JDSupra

Models, Frameworks and Standards

• OWASP Top 10 for LLM applications is out! - Security Affairs

• Security professionals unaware of NCSC Cyber Essentials framework - Lookout - IT Security Guru

• What is SOC 2 (System and Organization Controls 2)? | Definition from TechTarget

Careers, Working in Cyber and Information Security

• How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)

• US Gov Rolls Out National Cyber Workforce, Education Strategy - SecurityWeek

• Women two-thirds more likely to fear losing CNI security jobs than men - IT Security Guru

• White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage (darkreading.com)

• Cyber workforce strategy requires buy-in across sectors, experts say - Nextgov/FCW

Law Enforcement Action and Take Downs

• Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update

• FBI: Without Section 702, we can't ID cyber criminals • The Register

Privacy, Surveillance and Mass Monitoring

• Home Office plans new national police ‘facial-matching’ service after signing £50m deal for biometrics platform – PublicTechnology

• UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian

• Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)

• Instead of obtaining a warrant, the NSA would like to keep buying your data | Ars Technica

• Tor’s shadowy reputation will only end if we all use it | Engadget

• Delivering privacy in a world of pervasive digital surveillance: Tor Project's Executive Director speaks out - Help Net Security

• After talking to security expert, I deleted all Chrome extensions: they see everything | Cybernews

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats (thehackernews.com)

• BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities (thehackernews.com)

• Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures (thehackernews.com)

• Russian spies posed as Microsoft tech support in bid to hack governments (telegraph.co.uk)

• Elon Musk ‘stopped Ukraine military using Starlink for military operation’ | The Independent

• Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia (thehackernews.com)

• MacOS malware discovered on Russian dark web forum | Security Magazine

• Kazakhstan Rebuffs US Extradition Request for Russian Cyber security Expert - The Moscow Times

• Russian hackers crash Italian bank websites, cyber agency says | Reuters

• Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)

China

• FBI warns of broad AI threats facing tech companies and the public | CyberScoop

• Chinese Malware Could Cut Power To US Military Bases, Businesses And Homes, Report Claims (forbes.com)

• Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica

• US senator victim-blames Microsoft for Chinese hack • The Register

• Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor (thehackernews.com)

• US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)

• Think tank wants monitoring of China's AI-enabled products • The Register

• Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop

• US military battling cyber threats from within and without • The Register

Iran

• Iranian Company Cloudzy Accused of Aiding Cyber criminals and Nation-State Hackers (thehackernews.com)

• Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)

• Iranian Company Plays Host to Reams of Ransomware, APT Groups (darkreading.com)

North Korea

• STARK#MULE Targets Koreans with US Military-themed Document Lures (thehackernews.com)

• North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch

Misc/Other/Unknown

• Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch

• Kaspersky unveils latest APT trends for Q2 | Media OutReach Newswire (media-outreach.com)

Vulnerability Management

• Relying on CVSS alone is risky for vulnerability management - Help Net Security

• Top 12 vulnerabilities list highlights troubling reality: many organizations still aren't patching | CyberScoop

• Old vulnerabilities, major vendors dominate list of most-exploited flaws of 2022 | SC Media (scmagazine.com)

• In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues - Security Affairs

• 40% of Log4j Downloads Still Vulnerable (securityintelligence.com)

• CISA, NSA, FBI and International Partners Issue Advisory on the Top Routinely Exploited Vulnerabilities in 2022 > National Security Agency/Central Security Service > Press Release View

• What Causes a Rise or Fall in Fresh Zero-Day Exploits? (govinfosecurity.com)

• Piles of Unpatched IoT, OT Devices Attract ICS Cyber attacks (darkreading.com)

• Microsoft comes under blistering criticism for “grossly irresponsible” security | Ars Technica

Vulnerabilities

• Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins - SecurityWeek

• Over 640 Citrix servers backdoored with web shells in ongoing attacks (bleepingcomputer.com)

• New flaw in Ivanti Endpoint Manager Mobile actively exploited in the wild - Security Affairs

• Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks - SecurityWeek

• Apple iOS, Google Android Patch Zero-Days in July Security Updates | WIRED UK

• US fears attacks will continue against Ivanti MDM installs • The Register

• Cisco Talos Discusses Flaws in SOHO Routers Post-VPNFilter - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates (bleepingcomputer.com)

• Hackers exploit BleedingPipe RCE to target Minecraft servers, players (bleepingcomputer.com)

• Firefox 116: improved upload performance and security fixes - gHacks Tech News

• Oracle Critical Patch Update Advisory - July 2023

• Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop

Tools and Controls

• Data Loss Prevention for Small and Medium-Sized Businesses - IT Security Guru

• Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• 66% of Cyber security Leaders Don't Trust Their Current Cyber Risk Mitigation Strategies - ITSecurityWire

• US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications - SecurityWeek

• Data stolen from millions via missing web app access checks • The Register

• Keeping the cloud secure with a mindset shift - Help Net Security

• Strengthening security in a multi-SaaS cloud environment | TechCrunch

• 5 Essential Tips For Data Security On The Cloud (informationsecuritybuzz.com)

• AI has a place in cyber, but needs effective evaluation | Computer Weekly

• Top 5 benefits of SASE to enhance network security | TechTarget

• MDR 40-Plus: Top Managed Detection and Response (MDR) Companies: 2023 Edition - MSSP Alert

• 4 Generative AI Security Benefits (trendmicro.com)

• What is Data Security Posture Management (DSPM)? (thehackernews.com)

• Unified XDR and SIEM Alleviate Security Alert Fatigue (darkreading.com)

• What is an ISMS (Information Security Management System)? | UpGuard

• VPNs remain a risky gamble for remote access - Help Net Security

• Insider Threat Protection And Modern DLP (informationsecuritybuzz.com)

• Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)

Reports Published in the Last Week

• 2023 State of Ransomware | Malwarebytes

• Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)

Other News

• The top 6 cyber security incidents in July 2023 (cshub.com)

• UK legal sector at risk, National Cyber Security Centre warns | Today's Conveyancer (todaysconveyancer.co.uk)

• UK Military Embraces Security by Design - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals targeting medical info warns FBI | KSNV (news3lv.com)

• How local governments can combat cyber crime - Help Net Security

• Governments and public services facing 40% more cyber attacks (securitybrief.co.nz)

• Utilities Face Security Challenges as They Embrace Data in New Ways (darkreading.com)

• Cyber Attacks Targeting Government Agencies Increase 40% - Infosecurity Magazine (infosecurity-magazine.com)

• BPP targeted in cyber attack - Legal Cheek

• Microsoft Flags Growing Cyber security Concerns for Major Sporting Events (thehackernews.com)

• Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack - SecurityWeek

• New Study Reveals Forged Certificate Attack Risks - Infosecurity Magazine (infosecurity-magazine.com)

• 80 percent of digital certificates vulnerable to man-in-the-middle attacks (betanews.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Half of UK Businesses Struggle to Fill Cyber Security Skills Gap

Half of UK businesses have a cyber security skills gap that they are struggling to fill amid a challenging labour market, according to data published by the UK Department for Science, Innovation and Technology (DSIT), which found that there were more than 160,000 cyber security job postings in the last year – a 30% increase on the previous period. In all, the UK requires an additional 11,200 people with suitable cyber skills to meet the demands of the market, the report estimates.

In a separate report, it was found that a lack of executive understanding and an ever-widening talent gap is placing an unsustainable burden on security teams to prevent business-ending breaches. When asked how long it takes to fill a cyber security role, 82% of organisations report it takes three months or longer, with 34% reporting it takes seven months or more. These challenges have led one-third (33%) of organisations to believe they will never have a fully-staffed security team with the proper skills.

With such a gap, some organisations have turned to outsourcing cyber security roles, such as chief information security officers (CISOs), leading to a rise in virtual CISOs (vCISO). With outsourcing, organisations can ensure that they are easily able to pick up and use cyber security experts, greatly reducing the delay were they to hire. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.uktech.news/cybersecurity/uk-cybersecurity-skills-gap-20230725

https://www.helpnetsecurity.com/2023/07/26/security-teams-executive-burden/

• Deloitte Joins Fellow Big Four MOVEit victims PWC, EY as Victims Exceed 500

The global auditing and accounting firm Deloitte appeared alongside a further 55 MOVEit victims that were recently named by the Cl0p ransomware gang, making them the third Big Four accounting firm to be affected and amongst over 500 organisations in total with that number expected to continue to increase.

Research by Kroll has also uncovered a new exfiltration method used by Cl0p in their the MOVEit attacks, highlighting constant efforts by the ransomware gang. Worryingly, it has been reported that Cl0p have made between $75-100 million from ransom payments and it is expected this, along with the victim count, will rise.

https://cybernews.com/security/deloitte-big-four-moveit-pwc-ey-clop/

https://www.kroll.com/en/insights/publications/cyber/moveit-vulnerability-investigations-uncover-additional-exfiltration-method

https://www.infosecurity-magazine.com/news/clop-could-make-100m-moveit/

• Why Cyber Security Should Be Part of Your ESG Strategy

Organisations need to consider cyber security risks in their overall environmental, social and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny. The ESG programme is, in many ways, a form of risk management to mitigate the risks to businesses, societies and the environment, all of which can be impacted by cyber security. The investment community has been singling out cyber security as one of the major risks that ESG programmes will need to address due to the potential financial losses, reputational damage and business continuity risks posed by a growing number of cyber attacks and data breaches.

Various ESG reporting frameworks have emerged in recent years to provide organisations with guidelines on how they can operate ethically and sustainably, along with metrics that they can use to measure their progress. There are also specific IT security standards and frameworks, including ISO 27001 and government guidelines. Some regulators have gone as far as mandating the adoption of baseline security standards by critical infrastructure operators and firms in industries like financial services, but that does not mean organisations outside of regulated sectors are less pressured to shore up their cyber security posture.

https://www.computerweekly.com/news/366545432/Why-cyber-security-should-be-part-of-your-ESG-strategy

• Lawyers Take Frontline Role in Business Response to Cyber Attacks

Cyber security risk has shot to the top of general counsels’ agendas as the sophistication and frequency of attacks has grown. According to security company Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed said they had been hit with ransomware in the past year. Of those affected, 33% said their data was encrypted and stolen and a further 6% said that their data was not encrypted but they experienced extortion.

In-house lawyers have a key role around the boardroom table when dealing with a breach including war-gaming and discussing cases in which a company will pay a ransom. The advent of General Data Protection Regulation (GDPR) legislation in Europe, and equivalents elsewhere, demands that businesses hit by a data breach notify a regulator, and the individuals whose data was stolen, or both, depending on certain factors. This has led to far greater exposure of cyber incidents which companies previously could have tried to deal with privately.

https://www.ft.com/content/2af44ae8-78fc-4393-88c3-0d784a850331

• Organisations Face Record $4.5M Per Data Breach Incident

In a recent report conducted by IBM, the average cost per data breach for US business in 2023 jumped to $4.45 million, a 15% increase over three years. In the UK, the average cost was found to be £3.4 million, rising to £5.3 million for financial services. It is likely that the cost per breach will maintain a continual rise, with organisations struggling to crack down on cyber crime, something threat groups like Cl0p are taking advantage of.

https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident

https://uk.newsroom.ibm.com/24-07-2023-IBM-Security-Report-Cost-of-a-Data-Breach-for-UK-Businesses-Averages-3-4m

• Cryptojacking Soars as Cyber Attacks Diversify

According to a recent report, a variety of attacks have increased globally, including cryptojacking (399%), IoT malware (37%) and encrypted threats (22%). This reflects the increase in actors who are changing their methods of attacks. The report found that we can expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.

Cryptojacking, sometimes referred to as malicious cryptomining, is where an attacker will use a victim’s device to mine cryptocurrency, giving the attacker free money at the expense of your device, network health and electricity.

https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/

• Ransomware Attacks Skyrocket in 2023

Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The significant increase in ransomware over April, May and June 2023 suggests that attackers are regrouping. In July 2023, the blockchain analysis firm Chainalysis found that in the first half of 2023, ransomware attackers extorted $176m more than the same period in 2022, reversing a brief downward trend in 2022.

The report also observed an uptick in “pure extortion attacks,” with cyber criminals increasingly relying on the threat of data leaks rather than encrypting data to extort victims. Such schemes may not trigger any ransomware detection capability but could potentially be picked up by a robust Data Loss Prevention (DLP) solution.

https://www.infosecurity-magazine.com/news/ransomware-attacks-skyrocket-q2/

• Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk

Despite the mass adoption of generative AI, most companies don’t know how to assess its security, exposing them to risks and disadvantages if they don’t change their approach. A report found that for every 10,000 enterprise users, an enterprise organisation is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month. Worryingly, despite the security issues, only 45% have an enterprise-wide strategy to ensure a secure, aligned deployment of AI across the entire organisation.

Blocking access to AI related content and AI applications is a short term solution to mitigate risk, but comes at the expense of the potential benefits that AI apps offer to supplement corporate innovation and employee productivity. The data shows that in financial services and healthcare nearly 1 in 5 organisations have implemented a blanket ban on employee use of ChatGPT, while in the technology sector, only 1 in 20 organisations have done likewise.

https://www.helpnetsecurity.com/2023/07/28/chatgpt-exposure/

https://www.techradar.com/pro/lots-of-sensitive-data-is-still-being-posted-to-chatgpt

https://www.helpnetsecurity.com/2023/07/25/generative-ai-strategy/

• Protect Your Data Like Your Reputation Depends on It (Because it Does)

Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organisation to its knees. However, in the face of economic damage, it’s too easy to overlook the vast reputational impacts that often do more harm to a business. After all, it’s relatively easy to recoup monetary losses, less so to regain customer trust.

It’s important to remember that reputational damage isn’t limited to consumer perceptions. Stakeholder, shareholder, and potential buyer perception is also something that needs to be considered. By having effective defence in depth controls including robust data loss prevention (DLP) solutions in place, organisations can reduce the risk of a breach from happening.

https://informationsecuritybuzz.com/protect-your-data-like-your-reputation-depends-on-it-because-it-does/

• Why CISOs Should Get Involved with Cyber Insurance Negotiation

Generally negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the chief information security officer (CISO) at the table when negotiating with insurance brokers or carriers is a best practice for ensuring the insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organisation's strategy. That said, often best practices are ignored for reasons of expediency and lack of acceptance by other C-suite executives.

Sometimes being the CISO can be a no-win position. According to a recent survey more than half of all CISOs report to a technical corporate officer rather than the business side of the organisation. This lack of recognition by the board can diminish the CISO's ability to deliver business-imperative insights and recommendations, leaving operations to have a more commanding influence on the board than cyber security. Too often the CISO gets the responsibility to protect the company without the authority and budget to accomplish their task.

https://www.darkreading.com/edge-articles/why-cisos-should-get-involved-with-cyber-insurance-negotiation

• Companies Must Have Corporate Cyber Security Experts, SEC Says

A recent report has found that only five Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is largely unchanged from five of the Fortune 100 in 2018. One likely reason why a great many companies still don’t include their security leaders within their highest echelons is that these employees do not report directly to the company’s CEO, board of directors, or chief risk officer.

The chief security officer (CSO) or chief information security officer (CISO) position traditionally has reported to an executive in a technical role, such as the chief technology officer (CTO) or chief information officer (CIO). But workforce experts say placing the CISO/CSO on unequal footing with the organisation’s top leaders makes it more likely that cyber security and risk concerns will take a backseat to initiatives designed to increase productivity and generally grow the business.

The US Securities and Exchange Commission (SEC) has recently implemented new regulations necessitating publicly traded companies to report cyber attacks within four business days, once they're deemed material incidents. While the SEC is not presently advocating for the need to validate a board cyber security expert's credentials, it continues to insist that cyber security expertise within management be duly reported to them. The increased disclosure should help companies compare practices and may spur improvements in cyber defences, but meeting the new disclosure standards could be a bigger challenge for smaller companies with limited resources.

https://www.darkreading.com/edge-articles/companies-must-have-corporate-cybersecurity-experts-sec-says

https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/

https://krebsonsecurity.com/2023/07/few-fortune-100-firms-list-security-pros-in-their-executive-ranks/

• Over 400,000 Corporate Credentials Stolen by Info-stealing Malware

Information stealers are malware that steal data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, file transfer protocol (FTP) clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cyber crime marketplaces. Worryingly, employees use personal devices for work or access personal stuff from work computers, and this may result in many info-stealer infections stealing business credentials and authentication cookies. A report has found there are over 400,000 corporate credentials stolen, from applications such as Salesforce, Google Cloud and AWS. Additionally, there was a significant increase in the number containing OpenAI credentials; this is alarming as where AI is used without governance, the credentials may leak things such as internal business strategies and source code.

With such an array of valuable information for an attacker, it is no wonder incidents involving info stealers doubled in Q1 2023. Organisations can best protect themselves by utilising password managers, enforcing multi-factor authentication and having strict usage controls. Additionally, user awareness training can help avoid common infection channels such as malicious websites and adverts.

https://www.bleepingcomputer.com/news/security/over-400-000-corporate-credentials-stolen-by-info-stealing-malware/

https://www.scmagazine.com/news/infostealer-incidents-more-than-doubled-in-q1-2023

Governance, Risk and Compliance

• Data Breaches Cost Businesses $4.5M on Average (darkreading.com)

• Deciphering The IBM Cost Of A Data Breach Report: A Statistical Perspective For Business Leaders (informationsecuritybuzz.com)

• Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)

• SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)

• Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)

• Companies encounter months-long delays in filling critical security positions - Help Net Security

• Why Today's CISOs Must Embrace Change (darkreading.com)

• Enterprises should layer-up security to avoid legal repercussions - Help Net Security

• Aligning Risk Appetite, Tolerance, And Thresholds With Business Planning: A Comprehensive Guide To Enterprise Risk Management (informationsecuritybuzz.com)

• Explaining risk maturity models and how they work | TechTarget

• Why cyber security should be part of your ESG strategy | Computer Weekly

• The old “trust but verify” adage should be the motto for every CISO | CSO Online

• Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security

• Few Fortune 100 Firms List Security Pros in Their Executive Ranks – Krebs on Security

• The critical cyber security backup plan too many companies are ignoring (cnbc.com)

• Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)

• Why Computer Security Advice Is More Confusing Than It Should Be (darkreading.com)

• Why whistleblowers in cyber security are important and need support | CSO Online

• The challenge of managing unlimited threats in a limited budget: cyber security experts comment | CSO Online

• 4 Cyber security Budget Management Tips (trendmicro.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Clop now leaks data stolen in MOVEit attacks on clearweb sites (bleepingcomputer.com)

• MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method (kroll.com)

• Clop Could Make $100m from MOVEit Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)

• Millions of people's healthcare files accessed by Clop gang • The Register

• Ransomware Attacks Skyrocket in Q2 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Local Governments Targeted for Ransomware – How to Prevent Falling Victim (thehackernews.com)

• New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)

• Dozens of Organisations Targeted by Akira Ransomware - SecurityWeek

• Ransomware Spotlight: Play - Security News (trendmicro.com)

• The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop

• Risk & Repeat: Are data extortion attacks ransomware? | TechTarget

• ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)

• Education Sector Has Highest Ransomware Victim Count - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware: Sophos says most universities pay | Times Higher Education (THE)

Ransomware Victims

• PwC has data leaked on the clear web - Cyber Security Connect

• Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews

• DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)

• Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek

• Millions of people's healthcare files accessed by Clop gang • The Register

• Tampa General Hospital Says Patient Information Stolen in Ransomware Attack - SecurityWeek

• Another Cl0p victim goes public | Cybernews

• Yamaha confirms cyber attack after multiple ransomware gangs claim attacks (therecord.media)

Phishing & Email Based Attacks

• Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Stolen Microsoft key may have opened up more than inboxes • The Register

• KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related (darkreading.com)

• The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)

• How to avoid LinkedIn phishing attacks in the enterprise | TechTarget

• Windows 11 just got a big upgrade to protect you from phishing attacks — here’s how it works | Tom's Guide (tomsguide.com)

• Critical Infrastructure Workers More Likely to Detect and Report Phishing and Malicious Emails, Study Finds - MSSP Alert

BEC – Business Email Compromise

• Repeatable VEC Attacks Target Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• The Dark Side of AI (darkreading.com)

• Blocking access to ChatGPT is a short term solution to mitigate risk - Help Net Security

• UN Security Council to hold first talks on AI risks | Reuters

• Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security

• ChatGPT, Other Generative AI Apps Prone to Compromise, Manipulation (darkreading.com)

• Lots of sensitive data is still being posted to ChatGPT | TechRadar

• Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)

• Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop

• The Good, the Bad and the Ugly of Generative AI - SecurityWeek

• OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop

• Intel's deepfake detector tested on real and fake videos - BBC News

• Are AI-Engineered Threats FUD or Reality? (darkreading.com)

• How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)

Malware

• Over 400,000 corporate credentials stolen by info-stealing malware (bleepingcomputer.com)

• Infostealer incidents more than doubled in Q1 2023 | SC Media (scmagazine.com)

• The Alarming Rise of Infostealers: How to Detect this Silent Threat (thehackernews.com)

• Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks (thehackernews.com)

• Rust-based malware used to hack both Windows and Linux servers - Neowin

• Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets (thehackernews.com)

• Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)

• FIN8 is rewriting its backdoor malware to avoid detection | SC Media (scmagazine.com)

• New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)

• New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)

• HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software (thehackernews.com)

• Who and What is Behind the Malware Proxy Service SocksEscort? – Krebs on Security

Mobile

• Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert

• Spyhide stalkerware is spying on tens of thousands of phones | TechCrunch

• 5 steps to approach BYOD compliance policies | TechTarget

Botnets

• Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)

• Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek

Denial of Service/DoS/DDOS

• Critical UK Infrastructures in the crosshairs of DDoS attacks (link11.com)

• Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica

• Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)

BYOD

• 5 steps to approach BYOD compliance policies | TechTarget

Internet of Things – IoT

• Peloton Bugs Expose Enterprise Networks to IoT Attacks (darkreading.com)

• Microsoft previews  Defender for IoT firmware analysis service (bleepingcomputer.com)

• Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats - SecurityWeek

Data Breaches/Leaks

• Deciphering The IBM Cost Of A Data Breach Report: A Statistical Perspective For Business Leaders (informationsecuritybuzz.com)

• Capita breach class action nears 1,000 sign-ups • The Register

• VirusTotal: We're sorry for mistake that exposed 5,000 users • The Register

• Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews

• NATO investigating apparent breach of unclassified information sharing platform | CyberScoop

• Tampa General Hospital Data Breach Impacts 1.2 Million Patients - Infosecurity Magazine (infosecurity-magazine.com)

• Australian Home Affairs cyber survey exposed personal data of participating firms | Data and computer security | The Guardian

• Data Breach Costs Hit Record High but Fall For Some - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker Claims to Have Stolen Sensitive Medical Records from Egypt's Ministry of Health - Infosecurity Magazine (infosecurity-magazine.com)

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

• Nice Suzuki, sport: shame dealer left your data up for grabs - Security Affairs

• Johns Hopkins hit with class action lawsuit connected to data breach - CBS Baltimore (cbsnews.com)

Organised Crime & Criminal Actors

• The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cryptojacking soars as cyber attacks increase, diversify - Help Net Security

• Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)

• Cryptojacking: Understanding and defending against cloud compute resource abuse | Microsoft Security Blog

• Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)

• New Realst macOS malware steals your cryptocurrency wallets (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)

• Consumers demand more from businesses when it comes to security - Help Net Security

• CISOs gear up to combat the rising threat of B2B fraud - Help Net Security

• Booz Allen Pays $377m to Settle Government Fraud Case - Infosecurity Magazine (infosecurity-magazine.com)

• MPs launch inquiry into prosecution of Norton Motorcycles pension fraud | Crime | The Guardian

Insurance

• Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)

• Brave New World of Cyber Insurance Meets Old-World Contract Principles | New Jersey Law Journal

Dark Web

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

• How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)

Supply Chain and Third Parties

• Capita breach class action nears 1,000 sign-ups • The Register

• DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)

• The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)

• Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek

• Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)

• Strengthening the weakest links in the digital supply chain - Help Net Security

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• Supply Chain Attack Hits NHS Ambulance Trusts - Infosecurity Magazine (infosecurity-magazine.com)

Software Supply Chain

• Two ambulance services in UK lost access to patient records after a cyber attack on software provider - Security Affairs

Cloud/SaaS

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps (darkreading.com)

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek

• The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)

• Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)

Shadow IT

• NCSC Publishes New Guidance on Shadow IT - Infosecurity Magazine (infosecurity-magazine.com)

Encryption

• The UK Government Is Very Close To Eroding Encryption Worldwide  | Electronic Frontier Foundation (eff.org)

• Apple could opt to stop iMessage and FaceTime services due to the government's surveillance demands - Security Affairs

• Hacking police radios: 30-year-old crypto flaws in the spotlight – Naked Security (sophos.com)

• Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (vice.com)

API

• Reining in API sprawl | TechCrunch

• ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)

Open Source

• New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection (thehackernews.com)

• Rust-based malware used to hack both Windows and Linux servers - Neowin

• Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)

• New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)

• Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• CISA: Most cyber attacks on gov’ts, critical infrastructure involve valid credentials (therecord.media)

Social Media

• How to avoid LinkedIn phishing attacks in the enterprise | TechTarget

• Stanford researchers find Mastodon has a massive child abuse material problem - The Verge

Training, Education and Awareness

• Why are computer security guidelines so confusing? - Help Net Security

Travel

• The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)

Parental Controls and Child Safety

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Stanford researchers find Mastodon has a massive child abuse material problem - The Verge

Regulations, Fines and Legislation

• SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)

• Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Apple could opt to stop iMessage and FaceTime services due to the government's surveillance demands - Security Affairs

• OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop

• EU Agrees On Common Position For Cyber Resilience Act To Enhance Security Of Digital Products (informationsecuritybuzz.com)

Data Protection

• More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)

• Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)

Careers, Working in Cyber and Information Security

• Companies encounter months-long delays in filling critical security positions - Help Net Security

• UK Government Report Finds Cyber security Skills Gap Stagnant - Infosecurity Magazine (infosecurity-magazine.com)

• Bridging the cyber security skills gap through cyber range training - Help Net Security

• Overcoming the cyber security talent shortage with upskilling initiatives - Help Net Security

Law Enforcement Action and Take Downs

• The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop

Privacy, Surveillance and Mass Monitoring

• More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Companies Need to Prove They Can Be Trusted with Technology (hbr.org)

• Ryanair Hit With Lawsuit Over Use of Facial Recognition Technology (darkreading.com)

Misinformation, Disinformation and Propaganda

• China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)

• Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)

• Russian court jails cyber security executive for 14 years in treason case | Reuters

• Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian

• 69% of Russian gamers are pirating after Ukraine invasion pushback | Ars Technica

China

• Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Stolen Microsoft key may have opened up more than inboxes • The Register

• Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)

• The Chinese groups accused of hacking the US and others | Reuters

• Industrial Organisations in Eastern Europe Targeted by Chinese Cyber spies - SecurityWeek

• Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert

• China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)

• China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)

• US Senator Wyden Accuses Microsoft of ‘Cyber security Negligence’ - SecurityWeek

• China’s Wuhan Earthquake Center Suffers Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

North Korea

• North Korean Cyber spies Target GitHub Developers (darkreading.com)

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• GitHub warns of Lazarus hackers targeting devs with malicious projects (bleepingcomputer.com)

• Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)

• Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)

• APT “Mysterious Elephant” Emerges in Q2 2023, Kaspersky Reports - Infosecurity Magazine (infosecurity-magazine.com)

Misc/Other/Unknown

• Advanced Persistent Threats (APTs): Detection and Mitigation (blueteamresources.in)

• Part 1: Historic To 2022 – The APT And Logical Threats (informationsecuritybuzz.com)

Vulnerability Management

• Google: 41 zero-day vulnerabilities exploited in 2022 | TechTarget

• CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem (darkreading.com)

• Want to live dangerously? Try running Windows XP in 2023 • The Register

• A step-by-step guide for patching software vulnerabilities - Help Net Security

Vulnerabilities

• Over 20,000 Citrix Appliances Vulnerable to New Exploit - SecurityWeek

• A flaw in OpenSSH forwarded ssh-agent allows remote code execution-Security Affairs

• Apple fixes new zero-day used in attacks against iPhones, Macs (bleepingcomputer.com)

• Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519 - Security Affairs

• NetScaler RCE bug abused to pilfer critical infrastructure Active Directory data | SC Media (scmagazine.com)

• Ivanti patches MobileIron zero-day bug exploited in attacks (bleepingcomputer.com)

• Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica

• Apache OpenMeetings Wide Open to Account Takeover, Code Execution (darkreading.com)

• Super Admin elevation bug puts 900,000 MikroTik devices at risk (bleepingcomputer.com)

• Norwegian government IT systems hacked using zero-day flaw (bleepingcomputer.com)

• VMware fixes bug exposing CF API admin credentials in audit logs (bleepingcomputer.com)

• Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required (thehackernews.com)

• Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)

• Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks (thehackernews.com)

• Atlassian RCE Bugs Plague Confluence, Bamboo (darkreading.com)

• Zenbleed attack leaks sensitive data from AMD Zen2 processors (bleepingcomputer.com)

• Microsoft shares fix for some Outlook hyperlinks not opening (bleepingcomputer.com)

• Critical Flaws Found in Microsoft Message Queuing Service - Infosecurity Magazine (infosecurity-magazine.com)

• China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)

• Study reveals silent Python package security fixes • The Register

• Windows 10 KB5028244 update released with 19 fixes, improved security (bleepingcomputer.com)

• VMware Patches Vulnerability Exposing Admin Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek

• Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek

• Zimbra patches zero-day vulnerability exploited in XSS attacks (bleepingcomputer.com)

• WordPress Ninja Forms plugin flaw lets hackers steal submitted data (bleepingcomputer.com)

• Two flaws in Linux Ubuntu affect 40% of Ubuntu users - Security Affairs

Tools and Controls

• Aligning Risk Appetite, Tolerance, And Thresholds With Business Planning: A Comprehensive Guide To Enterprise Risk Management (informationsecuritybuzz.com)

• Why cyber security should be part of your ESG strategy | Computer Weekly

• Lawyers take frontline role in business response to cyber attacks | Financial Times (ft.com)

• Explaining risk maturity models and how they work | TechTarget

• Microsoft enhances Windows 11 Phishing Protection with new features (bleepingcomputer.com)

• Shadow Coding Is An Intoxicating Shortcut—And A Security Landmine (forbes.com)

• Zero trust rated as highly effective by businesses worldwide - Help Net Security

• 50% of Zero Trust Programs Risk Failure According to PlainID Survey (darkreading.com)

• Google Chrome to offer 'Link Previews' when hovering over links (bleepingcomputer.com)

• Why are computer security guidelines so confusing? - Help Net Security

• Threat Intelligence Is Growing — Here's How SOCs Can Keep Up (darkreading.com)

• The challenge of managing unlimited threats in a limited budget: cyber security experts comment | CSO Online

• Shaping the future of digital identity - Help Net Security

• How to Put the Sec in DevSecOps (darkreading.com)

• Designing a Security Strategy for Defending Multicloud Architectures (darkreading.com)

• How Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats | Microsoft Security Blog

• Converging networking and security with SASE - Help Net Security

• 5 steps to approach BYOD compliance policies | TechTarget

• KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related (darkreading.com)

• Windows 11 just got a big upgrade to protect you from phishing attacks — here’s how it works | Tom's Guide (tomsguide.com)

• Artificial Intelligence Continues To Revolutionize Cyber security (forbes.com)

• Key factors for effective security automation - Help Net Security

• Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)

• The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)

• CISOs consider zero trust a hot security ticket - Help Net Security

• How a Cyber Security Platform Addresses the 3 “S” (trendmicro.com)

• 4 Cyber security Budget Management Tips (trendmicro.com)

Reports Published in the Last Week

• The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)

• Cost of a data breach 2023 | IBM

• Internet Organised Crime Threat Assessment (IOCTA) | Europol (europa.eu)

• Q1 Report: Email Threat Trends Discover Q1 trends and stay ahead of email based threats. - VIPRE

Other News

• Maritime Cyber attack Database Launched by Dutch University - SecurityWeek

• Google’s new security pilot program will ban employee Internet access | Ars Technica

• Inspiring secure coding: Strategies to encourage developers' continuous improvement - Help Net Security

• macOS Under Attack: Examining the Growing Threat and User Perspectives (thehackernews.com)

• Why whistleblowers in cyber security are important and need support | CSO Online

• Cyber crime as a Public Health Crisis (darkreading.com)

• 7 in 10 MSPs Name Data Security and Network Security As Their Top IT Priorities for 2023 (darkreading.com)

• TETRA Radio Code Encryption Has a Flaw: A Backdoor | WIRED

• World's most internetty firm tries life off the net • The Register

• Exam board cyber attack investigation: Teenager arrested (schoolsweek.co.uk)

• Companies Need to Prove They Can Be Trusted with Technology (hbr.org)

• Heart monitor manufacturer hit by cyber attack, takes systems offline (bitdefender.com)

• How do companies protect customer data? | TechTarget

• Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive Summary

A vulnerability dubbed as ‘Zenbleed’ was discovered in AMD's Zen2 microarchitecture which could enable an malicious attacker to steal sensitive data, such as passwords and encryption keys. The Zenbleed vulnerability has been found to affect all AMD Zen 2 processors, including various models of the Ryzen processor and EPYC processor series.  Zenbleed requires local account access to the target system and a high degree of specialization and knowledge to exploit, however a proof of concept has now been publicly released.

What’s the risk to me or my business?

Exploitation of this vulnerability could compromise the confidentiality of data held or accessed through an affected device, allowing an attacker to gain unauthorised access to sensitive data. In addition, detection of the exploitation has been reported as almost impossible due to there being no requirement for elevated privileges to perform the attack. This vulnerability could also allow a malicious actor on a shared tenancy environment to access information running on the same server from a different tenant.

What can I do?

This vulnerability affects all Zen 2 class processors and as such it is essential to prioritise the patching of the upcoming updates to protect devices from this vulnerability when they become available. AMD has released a security bulletin detailing the AGESA Firmware updates which will be included within the BIOS updates for affected processors, and have classified the vulnerability as ‘Medium’ severity. Microcode updates have been created for the affected AMD EPYC processors, however updates for the Desktop, Mobile, High-end Desktop and Workstation processors are scheduled for later in the year. Once OEM’s have released BIOS updates it is strongly recommended that they are applied after appropriate testing has taken place.

In the meantime, a workaround has been recommended by the security researcher who discovered the vulnerability. If you are unsure whether you are impacted or how to implement the mitigation, then you should contact your vendor/MSP. Please note, workarounds are not a permanent fix and Black Arrow maintains that the patches should be applied when available.

Technical Summary

CVE-2023-20593 – If successfully exploited this vulnerability allows a malicious actor to access sensitive data from any system operation including those taking place in virtual machines, isolated containers, and sandboxes.

Affected product ranges include:

• 2nd Generation AMD EPYC “Rome” Processors

• AMD Ryzen 3000 and 4000 series Desktop Processors

• AMD Ryzen Threadripper 3000 and 3000WX series High End Desktop and Workstation Processors

• AMD Ryzen 4000, 5000 and 7020 series Mobile Processors

Further details of the Zenbleed vulnerability can be found here:

https://lock.cmpxchg8b.com/zenbleed.html

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

Executive Summary

Apple has recently released multiple patches, covering a number of vulnerabilities, including one actively exploited zero-day. The zero-day vulnerability has been found to affect devices running vulnerable versions of iOS, iPadOS, macOS, tvOS, watchOS and Safari. The actively exploited zero-day allows threat actors to obtain the highest privileges available (kernel privileges) on affected devices. Earlier this month, another actively exploited zero day, CVE-2023-37450, was addressed by Apple through a Rapid Security Response update.

What’s the risk to me or my business?

Exploitation of the vulnerability could allow an attacker unauthorised access to sensitive data, allowing them to manipulate or delete important information, or even take over the entire device, compromising the confidentiality, integrity, and availability of the data held by an exploited device. In some cases, threat actors are exploiting the vulnerability to install spyware on vulnerable devices.

What can I do?

Given the widespread use of Apple devices for both corporate and personal use, it is important to prioritise the application of the released patches to protect devices. Apple has also released patches addressing these vulnerabilities for products that are no longer supported. We recommend updating your devices promptly to these latest versions. Apple has acknowledged active exploitation of these vulnerabilities and as such recommends updating immediately. Organisations who do not use Apple devices, but have a bring your own device policy should consider whether this may include Apple devices.

Apple have addressed the zero-day in the following versions:

• macOS Ventura 13.5

• iOS 16.6

• iPadOS 16.6

• Safari 16.6

• tvOS 16.6

• watchOS 9.6

 Technical Summary

CVE-2023-38606 – Successful exploitation of this flaw could lead to a threat actor obtaining kernel privileges (the highest available). This allows the malicious actor to “modify sensitive kernel state”.

For information on all vulnerabilities addressed can be found in the following links below:

Further information on the iOS and iPadOS vulnerabilities can be found here:

https://support.apple.com/en-us/HT213841

Further information on the Mac vulnerabilities can be found here:

https://support.apple.com/en-us/HT213843

Further information on the Safari vulnerabilities can be found here:

https://support.apple.com/en-gb/HT213847

Further information on the tvOS vulnerabilities can be found here:

https://support.apple.com/en-gb/HT213846

Further information on the watchOS vulnerabilities can be found here:

https://support.apple.com/en-gb/HT213848

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years

The average weekly volume of cyber attacks reached a two-year high in the second quarter of 2023 amid a spike in activity among ransomware groups according to Check Point Research, with healthcare in particular facing a significant year-on-year increase. The impact of ransomware hits every organisation, with separate research finding global financial services organisations having lost over $32bn in downtime since 2018 due to ransomware breaches.

A recent report found that the ransomware gangs LockBit and Cl0p alone accounted for nearly 40% of all recorded ransomware attacks across June 2023. The impact from Cl0p’s MOVEit attack alone has been felt by over 400 organisations since May 2023. One of the key takeaways from the MOVEit attack is that no matter the sector, any organisation can be a victim and as such it is essential to have effective controls in place, incorporating defence-in-depth. It’s worth considering how many organisations are still running vulnerable instances of MOVEit, or have someone in their supply chain who is.

https://www.infosecurity-magazine.com/news/ransomware-costs-financial-32bn/

https://www.itpro.com/security/ransomware/weekly-cyber-attacks-reach-two-year-high-amid-ransomware-resurgence

• MOVEit Body Count Closes in on 400 Organisations, 20M+ Individuals

The number of victims and the costs tied to the MOVEit file transfer hack continues to climb as the fallout from the massive supply chain attack enters week seven. In late May 2023, Russian ransomware gang Cl0p exploited a security hole in Progress Software's MOVEit product suite to steal documents from vulnerable networks. As of last week, the number of affected organisations was closing in on 400 and individual victims exceed 20 million.

The attack highlights the need for organisations to have policies and procedures in place for third parties, and to be aware of the data which a third party supplier has on them. It will be the organisation who will need to let their customers know in the event of a breach.

https://www.theregister.com/2023/07/20/moveit_victim_count/

• IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer

28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack. Liles, an IT security analyst at an Oxford-based company in the UK, exploited his position to intercept a ransomware payment following an attack suffered by his employer. To deceive the company, he impersonated the ransomware gang extorting them. He tried to redirect the ransomware payments by switching the cyber criminals' cryptocurrency wallet to one under his control. He also accessed a board member's private emails over 300 times.

Insider threat is a risk that organisations need to be aware of and, although it was malicious in this case, it can also come from employee negligence. Organisations looking to achieve a strong level of cyber resilience should incorporate insider risk into their training and controls.

https://www.bleepingcomputer.com/news/security/it-worker-jailed-for-impersonating-ransomware-gang-to-extort-employer/

• Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs

In today's evolving digital landscape, the role of a chief information security officer (CISO) is critical. These professionals defend against the rising tide of daily cyber threats. Yet many CISOs are leaving or considering leaving their jobs; this trend seems to reflect the intense pressure CISOs endure. They face a constant stream of complex cyber threats, manage compliance issues and struggle with a talent deficit in cyber security. Paired with high expectations, many reconsider their roles which can lead to a leadership gap.

A virtual CISO (vCISO) is an outsourced security practitioner who offers their expertise to businesses on a part-time or contractual basis. These professionals provide many of the same services as a traditional CISO, such as developing and implementing security strategies, ensuring compliance with regulations, training staff and managing a company's cyber security posture. vCISOs, such as from Black Arrow, are often part of a larger team and can bring a wide range of experiences and skills. They are exposed to diverse security landscapes across industries, and can provide a fresh perspective and innovative solutions to your security challenges. The vCISO model may not replace the need for a full-time CISO in all cases, but it can certainly add a flexible and cost-effective tool to the arsenal of businesses looking to bolster their cyber security posture.

https://www.forbes.com/sites/theyec/2023/07/14/stabilizing-the-cybersecurity-landscape-the-ciso-exodus-and-the-rise-of-vcisos/

• Risk is Driving Medium-Sized Business Decisions

Small and medium sized businesses (SMBs) have long lacked the tools, expertise, staff and budget to make major cyber security investments. However, as threats become more mainstream and more advanced, the focus is shifting, so SMBs need to take the threats seriously and evaluate their cyber security controls.

In a survey of 140 SMBs, it was found that 40% of respondents believe they are very likely or extremely likely to experience a cyber security attack target in the next 12 months. That fear is founded, as 34% of organisations stated they experienced a malware attack in the past year, and 29% experienced a phishing or spear phishing incident. SMBs are putting their time, energy, and budget toward risk management. When it came to budgeting, 67% list their primary budgeting method as “risk-based”, and only 32% as “ad hoc/following an attack or breach”. It was found that over two-thirds of businesses would rather spend money now than pay a ransom later.

https://www.msspalert.com/cybersecurity-guests/risk-is-driving-small-and-medium-sized-businesses-smb-decisions/

• Talent and Governance, Not Technology, are Key to Drive Change Around Cyber Security

For the last 20 years, large organisations have been spending significant amounts of money on cyber security products and solutions, on managed services, or with consultancies large and small. Yet maturity levels remain elusive: a report found that 70% of firms surveyed had yet to fully advance to a mature-based approach. Cyber security good practices have been well established for the best part of the last 20 years and continue to provide, in most industries, an acceptable level of protection against most threats and an acceptable level of compliance against most regulations.

However cyber security is often viewed as something external to the business. This perspective leads to talent alienation and execution failures because the employees who should be invested in maintaining and improving cyber security may feel disconnected from these efforts. To make genuine progress, cyber security needs to be intrinsically linked to business values as a visible priority, owned and directed from the highest levels of an organisation.

This approach underlines the importance of governance in setting effective cyber security policies and procedures. It also highlights the crucial role of nurturing talent within the organisation to ensure active involvement in maintaining and improving cyber security measures. While technology is undoubtedly an essential element of cyber security, prioritising talent and governance can lead to lasting progress.

https://technative.io/talent-and-governance-not-technology-are-key-to-drive-change-around-cyber-security/

• Hybrid Work, Digital Transformation can Exploit Security Gaps

A new study showed that larger organisations generally recognise malware threats but they lack protection against malicious actors and ways to properly remediate infections. The report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data. 53% say they are extremely concerned about attacks, with 1% of security leaders saying they weren’t concerned at all. 98% said that better visibility into at-risk applications would significantly improve their security posture.

The most overlooked entry points for malware include 57% of organisations allowing employees to sync browser data between personal and corporate devices. 54% of organisations struggle with shadow IT, due to employees’ unsanctioned adoption of applications and systems, creating gaps not only in visibility but also in basic security controls and corporate policies.

https://www.msspalert.com/cybersecurity-research/digital-transformation-hybrid-work-models-create-perfect-setting-for-cybercriminals-to-exploit-security-gaps-study-finds/

• Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training

The process of encouraging secure cyber habits in end users is evolving from traditional awareness training toward changing end user behaviour. It reflects a growing acceptance that traditional methods haven’t worked. While traditional security awareness teaches users how to recognise social engineering, new behaviour changing trains the brain – almost pre-programs it – on the correct recognition and response to phishing.

What is considered a standard phishing email today may not be tomorrow, and changes in user behaviour will help to combat this. It is simply not enough to be shown one phishing email and be told to follow procedures. Training should instead be focused on going beyond; this should look to change how the user approaches things such as phishing, and gamifying the recognition and reporting of it.

https://www.securityweek.com/human-cyber-risk-can-be-demonstrably-mitigated-by-behavior-changing-training-analysis/

• AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks

A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber criminals, specifically for launching business email compromise (BEC) attacks, according to new findings. The tool is designed for malicious purposes and has no restrictions on what a user can request. Such a tool allows for impeccable grammar in emails to reduce suspicion and allows sophistication with no restrictions on prompts. The lowered entry threshold enables cyber criminals with limited skills to execute sophisticated attacks, democratising the use of this technology.

https://www.infosecurity-magazine.com/news/wormgpt-fake-emails-bec-attacks/

https://www.independent.co.uk/tech/chatgpt-dark-web-wormgpt-hack-b2376627.html

• Pro-Russian Hacktivists Increase Focus on Western Targets

‘Anonymous Sudan’, apparent pro-Russian hacktivists, claimed a one-hour distributed denial of service attack on the social platform OnlyFans last week. This was the latest in a string of operations aimed at targets in the US and Europe. The group’s digital assaults coincide with attacks coming from a broader network of hackers aligned with Moscow that seek attention by taking down high-profile victims and strategic targets; many of the targets support Ukraine in its ongoing war against Russia.

The pro-Russian group appears to be affiliated with Killnet, a pro-Russian hacktivist group that emerged in late 2021 or early 2022 and has claimed distributed denial of service (DDoS) attacks, data theft and leaks on perceived adversaries of the Russian government, according to an analysis from Google’s Mandiant released earlier this week. The collective’s apparent significant growth in capabilities, demonstrated by Microsoft’s confirmation that Anonymous Sudan was responsible for the outages they experienced, potentially indicates a significant increase in outside investment in the collective, further suggesting a potential tie to the Russian state.

https://cyberscoop.com/anonymous-sudan-killnet-russia-onlyfans/

• Infosec Doesn't Know What AI Tools Organisations Are Using

With the marketplace awash in new artificial intelligence (AI) tools and new AI features being added to existing tools, organisations are finding themselves lacking visibility into what AI tools are in use, how they are used, who has access, and what data is being shared. As businesses try, adopt, and abandon new generative AI tools, it falls on enterprise IT, risk, and security leaders to govern and secure their use without hindering innovation. While developing security policies to govern AI use is important, it is not possible without knowing what tools are being used in the first place.

Enterprise security teams have to consider how to handle discovery, learning which generative AI tools have been introduced into the environment and by whom, as well as risk assessment.

https://www.darkreading.com/tech-trends/infosec-doesnt-know-what-ai-tools-orgs-are-using

• Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk

In a bid to shrink the attack surface of its employees, and thus boost security, Google is taking an experimental, and some might say extreme, approach: cutting some of their workstations off from the internet. The company originally selected more than 2,500 employees to participate and will disable internet access on the selected desktops, except for internal web-based tools and Google owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

Google is running the programme to reduce the risk of cyber attacks, according to internal materials. If a Google employee’s device is compromised, the attackers may have access to user data and infrastructure code, which could result in a major incident and undermine user trust. The program comes as companies face increasingly sophisticated cyber attacks. Just last week, Microsoft said Chinese intelligence hacked into company email accounts belonging to two dozen government agencies in the US and Western Europe, including the US State Department, in a “significant” breach.

https://www.cnbc.com/2023/07/18/google-restricting-internet-access-to-some-employees-for-security.html

https://www.theregister.com/2023/07/19/google_cuts_internet/

• Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset

Enterprises are responding to growing cyber security threats by working to make the best use of tools and services to ensure business resilience, according to a recent report. Chief information security officers (CISOs) and virtual CISOs (vCISOS) in particular, want more solutions and services that help them align security measures with enterprise objectives and C-level executives have become more aware of the need for cyber resilience. As a result, security investments have expanded beyond detection and response to include rapid recovery and business continuity.

The report found that amongst other things, enterprises are investing in risk assessments and outsourcing more services. In some cases, where a CISO cannot be hired, organisations may look to hire a vCISO. It is important that the vCISO is able to understand cyber in context to the business and help to align security objectives with the organisations objectives. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.blackarrowcyber.com/blog/threat-briefing-14-july-2023

Governance, Risk and Compliance

• Risk is Driving Small and Medium-Sized Businesses (SMB) Decisions - MSSP Alert

• Stabilising The Cyber security Landscape: The Rise Of vCISOs (forbes.com)

• Talent and Governance, not Technology, are Key to Drive Change around Cyber Security - TechNative

• Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert

• Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training: Analysis - SecurityWeek

• Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)

• CISOs under pressure: Protecting sensitive information in the age of high employee turnover - Help Net Security

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• CISOs are making cyber security a business problem - Help Net Security

• Top Information Security Threats for Businesses 2023 (cybersecuritynews.com)

• How to Build a Cyber Resilient Company | Entrepreneur

• Best practices for an effective cyber security strategy | CSO Online

• Exploring the macro shifts in enterprise security - Help Net Security

• Google Cloud CISO Phil Venables On Cyber security, Cloud Adoption And The Boardroom (forbes.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Costs Financial Services $32bn in Five Years - Infosecurity Magazine (infosecurity-magazine.com)

• MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register

• Weekly cyber attacks reach two-year high amid ransomware resurgence | ITPro

• Ransomware attacks are on the rise—and so are ransom payments (fastcompany.com)

• IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR

• Who are the ransomware gangs wreaking havoc on the world’s biggest companies? | Renee Dudley | The Guardian

• Cyber security firm Sophos impersonated by new SophosEncrypt ransomware (bleepingcomputer.com)

• Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net SecurityFIN8 deploys ALPHV ransomware using Sardonic malware variant (bleepingcomputer.com)

• Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)

• Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop

• Ransomware attackers getting more sophisticated: Canadian Centre for Cyber Security (yahoo.com)

• SophosEncrypt Ransomware Fools Security Researchers (darkreading.com)

• Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks (thehackernews.com)

• New Ransomware With RAT Capabilities Impersonating Sophos - SecurityWeek

• Google’s Bard poses ransomware risk, say researchers | Cybernews

• Ransomware review: July 2023 (malwarebytes.com)

• FIN8 Group spotted delivering the BlackCat Ransomware - Security Affairs

• What is Cyber Extortion? | Definition from TechTarget

• Cyber insurers adapting to data-centric ransomware threats | TechTarget

• Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)

Ransomware Victims

• MOVEit victim count closes in on 400 orgs, 20M+ individuals • The Register

• Ofcom says it won’t pay ransom, as new MOVEit hack victims come forward | TechCrunch

• MOVEit Transfer vulnerability: New Cl0p 'victims' include Discovery (techmonitor.ai)

• BlackCat and Clop gangs both claim cyber attack on Estée Lauder | Computer Weekly

• Iron ore giant Fortescue Metals targeted by Russian ransomware group | Cybercrime | The Guardian

• Russian medical lab suspends some services after ransomware attack (therecord.media)

• Recycling Giant Tomra Takes Systems Offline Following Cyber attack - SecurityWeek

• Shutterfly says Clop ransomware attack did not impact customer data (bleepingcomputer.com)

Phishing & Email Based Attacks

• Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)

• AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft Exchange servers compromised by Turla APT - Help Net Security

• Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica

• Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog

• Only a handful of hackers are responsible for all email extortion attacks | TechRadar

• Microsoft Tops List of the Most Impersonated Brand for Phishing Scams in Q2 2023 - MSSP Alert

• Enhanced Monitoring to Detect APT Activity Targeting Outlook Online | CISA

• Sorillus RAT and Phishing Attacks Exploit Google Firebase Hosting - Infosecurity Magazine (infosecurity-magazine.com)

• Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)

BEC – Business Email Compromise

• AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Only a handful of hackers are responsible for all email extortion attacks | TechRadar

• Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek

Other Social Engineering; Smishing, Vishing, etc

• Meta's Threads app used as a lure - Help Net Security

Artificial Intelligence

• ChatGPT rival WormGPT with ‘no ethical boundaries’ sold to hackers on dark web | The Independent

• Infosec Doesn't Know What AI Tools Orgs Are Using (darkreading.com)

• One in 12 victims of rise in AI scams (telegraph.co.uk)

• AI models must be reconciled with data protection laws • The Register

• UK Financial Regulator Urges Banks to Tackle AI-Based Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 4 Brits play with generative AI and some believe it too • The Register

• OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)

• AI must have better security, says top cyber official - BBC News

• Google Categorises 6 Real-World AI Attacks to Prepare for Now (darkreading.com)

• How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED

• Google’s Bard poses ransomware risk, say researchers | Cybernews

Malware

• Microsoft: Hackers turn Exchange servers into malware control centers (bleepingcomputer.com)

• Malicious USB Drives Targeting Global Targets with SOGU and SNOWYDRIVE Malware (thehackernews.com)

• Financial cyber crime syndicate deploys reworked backdoor malware | CyberScoop

• New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)

• LokiBot Malware Targets Windows Users in Office Document Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Hackers Target Gamers With Microsoft-Signed Rootkit (darkreading.com)

• Source code of the BlackLotus UEFI Bootkit was leaked on GitHub - Security Affairs

• Are Viruses Still a Threat to Cyber security? (makeuseof.com)

• Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek

• Pernicious Rootkits Pose Growing Blight On Threat Landscape (darkreading.com)

• Sorillus RAT and Phishing Attacks Exploit Google Firebase Hosting - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Apple slams UK surveillance-bill proposals - BBC News

• Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps (thehackernews.com)

• Meta confirms WhatsApp is down worldwide (bleepingcomputer.com)

• Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware (thehackernews.com)

Botnets

• New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries (thehackernews.com)

• Ukraine's cyber police dismantled a massive bot farm - Security Affairs

Denial of Service/DoS/DDOS

• Cloudflare reports 'alarming surge' in DDoS sophistication, escalation in recent months | CyberScoop

• Attackers intensify DDoS attacks with new tactics - Help Net Security

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• How your internet-connected domestic devices can be a critical tool of cyber attack (mid-day.com)

• US preparing Cyber Trust Mark for more secure smart devices (bleepingcomputer.com)

• Seven new gadgets added to riskiest connected devices list | SC Media (scmagazine.com)

Data Breaches/Leaks

• MOVEit Hack: Number of Impacted Organisations Exceeds 340 - SecurityWeek

• Data compromises on track to set a new record - Help Net Security

• Virustotal data leak exposed data of some registered customers - Security Affairs

• What to do (and what not to do) after a data breach - Help Net Security

• HWL Ebsworth hack: Queensland says its files were taken after criminals release Victorian documents | Cybercrime | The Guardian

• CISOs under pressure: Protecting sensitive information in the age of high employee turnover - Help Net Security

• Thousands of images on Docker Hub leak auth secrets, private keys (bleepingcomputer.com)

• Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard

• LastPass: The lessons we learnt from our devastating breach | TechRadar

• JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica

• Rogue Azure AD Guests Can Steal Data via Power Apps (darkreading.com)

• FIA World Endurance Championship driver passports leaked - Security Affairs

• Typo leaks millions of US military emails to Mali web operator | Financial Times (ft.com)

• Old Roblox Data Leak Resurfaces, 4000 Users' Personal Information Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Colorado State University says data breach impacts students, staff (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Only a handful of hackers are responsible for all email extortion attacks | TechRadar

• Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek

• NCA: Nation States Using Cyber crime Groups as Proxies - Infosecurity Magazine (infosecurity-magazine.com)

• Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)

• Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)

• Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware - SecurityWeek

• Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)

• Taking the Fight to the Cyber Criminals (trendmicro.com)

• Russian Charged with Tech Smuggling and Money Laundering - Infosecurity Magazine (infosecurity-magazine.com)

• Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian

• Hacker Conversations: Inside the Mind of Daniel Kelley, ex-Blackhat - SecurityWeek

• Go Beyond the Headlines for Deeper Dives into the Cyber criminal Underground (thehackernews.com)

• SA on the brink of being Africa's capital of cyber crime, say digital experts | City Press (news24.com)

• What’s the NCA doing about cyber crime? - Tech Monitor

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Trends in ransomware-as-a-service and cryptocurrency to monitor - Help Net Security

Insider Risk and Insider Threats

• IT worker jailed for impersonating ransomware gang to extort employer (bleepingcomputer.com)

• Former contractor accused of remotely accessing town's water treatment facility | Tripwire

• Insider Risk Management Starts With SaaS Security (darkreading.com)

Fraud, Scams & Financial Crime

• One in 12 victims of rise in AI scams (telegraph.co.uk)

• A Twitter user found scam numbers for major airlines on Google Maps. Google is working to fix it | CNN Business

• UK Financial Regulator Urges Banks to Tackle AI-Based Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Growing scam activity linked to social media and automation - Help Net Security

• A fresh look at the current state of financial fraud - Help Net Security

• Tech support scammers now accepting cash via snail mail • The Register

• Half of UK company directors struck off linked to alleged Covid loan fraud | Coronavirus | The Guardian

• Extremist-friendly tech company closes after fine for securities fraud | Technology | The Guardian

• The cruel new holiday scams you need to know about | This is Money

• Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)

AML/CFT/Sanctions

• Russian Charged with Tech Smuggling and Money Laundering - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• Cyber insurers adapting to data-centric ransomware threats | TechTarget

• Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)

Dark Web

• Genesis Market infrastructure and inventory sold on hacker forum (bleepingcomputer.com)

• OpenAI credentials stolen by the thousands for sale on the dark web (bleepingcomputer.com)

• Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations (thehackernews.com)

Supply Chain and Third Parties

• JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica

• Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)

• Supply chain executives unaware of growing customer trust issues - Help Net Security

• Possible Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad (trendmicro.com)

Cloud/SaaS

• Microsoft makes cloud security logs available for free • The Register

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)

• Top 5 Cloud Security Threats in 2023 (analyticsinsight.net)

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• Google Cloud Build bug lets hackers launch supply chain attacks (bleepingcomputer.com)

• Reducing Security Debt in the Cloud (darkreading.com)

• Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop

• TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)

• How to manage cloud exploitation at the edge | CIO

• Sorillus RAT and Phishing Attacks Exploit Google Firebase Hosting - Infosecurity Magazine (infosecurity-magazine.com)

Hybrid/Remote Working

• Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert

• Securing The Hybrid Workforce Begins With Browsing (forbes.com)

Attack Surface Management

• How to Manage Your Attack Surface? (thehackernews.com)

• What is attack surface management? | Intruder

Identity and Access Management

• Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain (securityintelligence.com)

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• The rise of hassle-free and secure authentication | CyberScoop

Encryption

• Real-world examples of quantum-based attacks - Help Net Security

• EU Urged to Prepare for Quantum Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Signal president rejects ‘mass surveillance’ UK law | Fortune

API

• Docker Leaks API Secrets & Private Keys, as Cyber criminals Pounce (darkreading.com)

• API keys: Weaknesses and security best practices | TechTarget

Open Source

• Linux Ransomware Poses Significant Threat to Critical Infrastructure (darkreading.com)

• Half of AI Open Source Projects Reference Buggy Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• LastPass: The lessons we learnt from our devastating breach | TechRadar

• Millions of Keyboard Walk Patterns Found in Compromised Passwords - IT Security Guru

• TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud (thehackernews.com)

• Strengthening Password Security may Lower Cyber Insurance Premiums (bleepingcomputer.com)

Social Media

• Growing scam activity linked to social media and automation - Help Net Security

• Met Police ‘passed victims’ data to Facebook via online tracking tool’ | Evening Standard

• Meta's Threads app used as a lure - Help Net Security

• TechScape: ‘Lives are ruined in an afternoon’ – social media and the Huw Edwards story | Technology | The Guardian

Training, Education and Awareness

• Human Cyber Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis - SecurityWeek

• Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek

• Companywide Cyber security Training: 20 Tips To Make It ‘Stick’ (forbes.com)

Digital Transformation

• Hybrid Work, Digital Transformation Can Exploit Security Gaps, Study Finds - MSSP Alert

Travel

• The cruel new holiday scams you need to know about | This is Money

• Airbnb-Related Scams Surge: Beware Of ‘Too Good To Be True’ Offers (forbes.com)

• A Twitter user found scam numbers for major airlines on Google Maps. Google is working to fix it | CNN Business

Regulations, Fines and Legislation

• AI models must be reconciled with data protection laws • The Register

• UK Financial Regulator Urges Banks to Tackle AI-Based Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Apple slams UK surveillance-bill proposals - BBC News

• Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard

Models, Frameworks and Standards

• OWASP ZAP 2.13.0 Released – What’s New! (gbhackers.com)

Data Protection

• AI models must be reconciled with data protection laws • The Register

Careers, Working in Cyber and Information Security

• Career Benefits of Learning Ethical Hacking (analyticsinsight.net)

• Should You Be Using a Cyber security Careers Framework? (darkreading.com)

Law Enforcement Action and Take Downs

• Nigerian Man Sentenced to 8 Years in US Prison for $8 Million BEC Scheme - SecurityWeek

• Owner of BreachForums Pleads Guilty to Cyber crime and Child Pornography Charges (thehackernews.com)

• What’s the NCA doing about cyber crime? - Tech Monitor

• Police arrests Ukrainian scareware developer after 10-year hunt (bleepingcomputer.com)

• Russian Charged with Tech Smuggling and Money Laundering - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine's cyber police dismantled a massive bot farm - Security Affairs

Privacy, Surveillance and Mass Monitoring

• Apple slams UK surveillance-bill proposals - BBC News

• Online Safety Bill Last chance for Lords to stop surveillance | Evening Standard

• Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)

• How to Use Generative AI Tools While Still Protecting Your Privacy | WIRED

Misinformation, Disinformation and Propaganda

• Ukraine's cyber police dismantled a massive bot farm - Security Affairs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• The rise in ransomware attacks this year may be related to Russia's war in Ukraine : NPR

• Gamaredon hackers start stealing data 30 minutes after a breach (bleepingcomputer.com)

• Analysis of Storm-0558 techniques for unauthorised email access | Microsoft Security Blog

• Microsoft Exchange servers compromised by Turla APT - Help Net Security

• Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. | CyberScoop

• Elon Musk’s Starlink is putting our soldiers at risk, Ukraine warns (telegraph.co.uk)

• New Threat Actor Launches Cyber attacks on Ukraine and Poland - Infosecurity Magazine (infosecurity-magazine.com)

• 1st Case Of Online Killing? Russian Submarine Commander Falls Prey To Fitness Tracking App (eurasiantimes.com)

• Thousands of Russian officials to give up iPhones over US spying fears | Financial Times (ft.com)

• Ukraine innovates on cyber defence | Financial Times (ft.com)

China

• Three key unanswered questions about the Chinese breach of Microsoft cloud services | CyberScoop

• Chinese APT Favourite Backdoor Found in Pakistani Government App - Infosecurity Magazine (infosecurity-magazine.com)

• China Espionage Operatives Left Empty Handed in Email Heist, White House Official Says - MSSP Alert

• Xi wants to make the Great Firewall of China even greater • The Register

• Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware (thehackernews.com)

North Korea

• JumpCloud breach traced back to North Korean state hackers (bleepingcomputer.com)

• North Korean hackers breached a US tech company to steal crypto | Reuters

Misc/Other/Unknown

• JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state | Ars Technica

• NCA: Nation States Using Cyber crime Groups as Proxies - Infosecurity Magazine (infosecurity-magazine.com)

• APT Protection: The Key to Safeguarding Your Business (ts2.space)

• How to Secure Your OT Network Against Advanced Persistent Threats (APTs) (ts2.space)

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)

Vulnerability Management

• CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• What is Vulnerability Assessment In Cyber security? (gbhackers.com)

• Half of AI Open Source Projects Reference Buggy Packages - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerabilities

• Windows Users Urged To Update As Microsoft Confirms New Zero-Day Exploits (forbes.com)

• Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organisations via Forged Azure AD Tokens (thehackernews.com)

• Microsoft still unsure how hackers stole Azure AD signing key (bleepingcomputer.com)

• Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica

• CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent | Qualys Security Blog

• New critical Citrix ADC and Gateway flaw exploited as zero-day (bleepingcomputer.com)

• OpenSSH Addresses Remote Code Execution Vulnerability: CVE-2023-38408 - VULNERA

• New AMI BMC Flaws Allowing Takeover and Physical Damage Could Impact Millions of Devices - SecurityWeek

• Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability (thehackernews.com)

• Cisco fixed a critical flaw in SD-WAN vManage - Security Affairs

• Hacking campaign targets sites using WordPress WooCommerce Payments Plugin - Security Affairs

• Microsoft hit by Storm season – a tale of two semi-zero days – Naked Security (sophos.com)

• Chrome 115 Patches 20 Vulnerabilities - SecurityWeek

• 'METIOR' Defence Blueprint Against Side-Channel Vulnerabilities Debuts | Tom's Hardware (tomshardware.com)

• 5 Major Takeaways From Microsoft's July Patch Tuesday (darkreading.com)

• Two Jira Plugin Vulnerabilities in Attacker Crosshairs - SecurityWeek

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Google says Apple employee found a zero-day but did not report it | TechCrunch

Tools and Controls

• Human Cyber Risk Can Be Demonstrably Mitigated by Behaviour Changing Training: Analysis - SecurityWeek

• CISOs under pressure: Protecting sensitive information in the age of high employee turnover - Help Net Security

• Network, IAM, cloud are 2023's top cyber security spend priorities | VentureBeat

• Stress, data privacy, zero trust to shape cyber security trends | SC Media (scmagazine.com)

• Reducing Security Debt in the Cloud (darkreading.com)

• Leverage Threat Intelligence, AI, and Data at Scale to Boost Cyber Defences (darkreading.com)

• A Few More Reasons Why RDP is Insecure (Surprise!) (thehackernews.com)

• Enterprise communication security a growing risk, priority | TechTarget

• SBOMs Still More Mandate Than Security (darkreading.com)

• MIT’s Cyber security Metior: A Secret Weapon Against Side-Channel Attacks (scitechdaily.com)

• NCSC Shares Alternatives to Using a SOC - Infosecurity Magazine (infosecurity-magazine.com)

• Building resilience through DevSecOps - Help Net Security

• Microsoft's security roadmap: Protect Azure DevOps secrets • The Register

• CISA shares free tools to help secure data in the cloud (bleepingcomputer.com)

• What is the new Enhanced Safe Browsing for Gmail (and should you enable it)? | ZDNET

• Insider Risk Management Starts With SaaS Security (darkreading.com)

• What is Real-Time Monitoring? | Definition from TechTarget

• How to Manage Your Attack Surface? (thehackernews.com)

• What is attack surface management? | Intruder

• 67% of daily security alerts overwhelm SOC analysts - Help Net Security

• Technical Aspects Of Modern SIEM Systems (forbes.com)

• Gmail encouraging users to enable Enhanced Safe Browsing (9to5google.com)

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats (thehackernews.com)

• 3 Ways AI Could Improve Authentication (darkreading.com)

• Microsoft makes cloud security logs available for free • The Register

• Security Awareness Training Isn’t Working - How Can We Improve It? - SecurityWeek

• The XDR Payoff: Better Security Posture (trendmicro.com)

• API keys: Weaknesses and security best practices | TechTarget

• 10 Steps to Help Secure Your APIs - SecurityWeek

• Threat Actors are Targeting Your Web Applications – Here’s How To Protect Them (bleepingcomputer.com)

Other News

• Google restricting internet access to some employees for security (cnbc.com)

• Enterprise communication security a growing risk, priority | TechTarget

• Healthcare organisations in the crosshairs of cyber attackers - Help Net Security

• Broadband consumers demand security and sustainability - Help Net Security

• Microsoft Exchange Online hit by new outage blocking emails (bleepingcomputer.com)

• Famed Hacker Kevin Mitnick Dead at 59 - SecurityWeek

• Most CNI Firms Think Climate Tech is Increasing Cyber Risk - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security measures SMBs should implement - Help Net Security

• Satellites Are Rife With Basic Security Flaws | WIRED

• How Hackers Can Hijack a Satellite (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive Summary

A remote code execution vulnerability has been discovered in OpenSSH’s forwarded ssh-agent. This vulnerability could potentially enable a remote attacker to execute arbitrary commands on a vulnerable system. Whilst this vulnerability has currently not been given a CVSS rating it is embedded in to a significant amount of systems and devices. A proof of concept (PoC) has also been made public by Qualys Threat Research Unit.

Technical Summary

CVE-2023-38408 – Successful exploitation of this vulnerability allows a remote attacker to execute commands on vulnerable OpenSSH forwarded ssh-agents.

What’s the risk to me or my business?

Successful exploitation of this vulnerability can compromise the confidentiality, integrity, and availability of the data in your organisation. This can result in a malicious actor gaining unauthorised access to sensitive data, manipulation, or deletion of important information, or even a complete system takeover. The publicly released PoC exploits focus on Ubuntu Desktop 22.04 and 21.10, however Qualys Threat Research Unit have advised other Linux distributions are “likely vulnerable and probably exploitable”.

the patch for this vulnerability is available in OpenSSH 9.3p2.

What can I do?

Given the widespread use of OpenSSH's forwarded ssh-agent in devices, software and applications, it is important prioritise the application of patches provided by OpenSSH for this vulnerability. Black Arrow recommends performing vulnerability scanning to identify any devices and software that have been impacted by this vulnerability.

More information on the OpenSSH vulnerability can be found here:

https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent

An in-depth breakdown of the vulnerability can be found here:

https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Executive Summary

Citrix have released a patch for three vulnerabilities, including one critical vulnerability in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). If exploited, the critical vulnerability allows an unauthenticated malicious actor to perform remote code execution. The other two vulnerabilities allow an attacker to gain root administrator permissions and deliver malicious files and links to a victim.

Technical Summary

CVE-2023-3519 – This is a critical vulnerability which allows an unauthenticated attacker to perform remote code execution. For it to work it requires the appliance to be configured as a gateway.

CVE-2023-3466 – This vulnerability, categorised as high, allows an attacker to perform reflected cross-site scripting, allowing them to deliver malicious files, links, and emails. For it to work, it requires the victim to access an attacker-controlled link in the browser while being on the network.

CVE-2023-3467 – This vulnerability, categorised as high, allows an attacker to perform privilege escalation to gain the highest available. For successful exploitation the attacker needs to have authenticated access to the management interface access.

 What’s the risk to me or my business?

The vulnerabilities allow for a range of attacks such as unauthenticated remote code execution, privilege escalation to root as well as enabling an attacker the ability to distribute malicious files, links, and emails to users. All of which compromise the confidentiality, integrity, and availability of the data in your organisation.

Impacted versions of the products include the following:

• NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13 

• NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13 

• NetScaler ADC 13.1-FIPS before 13.1-37.159

• NetScaler ADC 12.1-FIPS before 12.1-55.297

• NetScaler ADC 12.1-NDcPP before 12.1-55.297

NetScaler ADC and NetScaler Gateway version 12.1 is now End Of Life (EOL). Citrix advises customers to upgrade their appliances to one of the supported versions that address the vulnerabilities. 

 What can I do?

Citrix has recommended to apply patches which they have made available for the following versions:

• NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases

• NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0  

• NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS  

• NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS  

• NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP 

 More information on the Citrix ADC and Gateway flaw vulnerability can be found here:

https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity 

Executive Summary

A critical vulnerability has been identified and addressed in Cisco's network management software, SD-WAN vManage. The vulnerability allows a remote unauthenticated attacker to gain read or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the command line interface.

What’s the risk to me or my business?

A successful exploitation of the critical vulnerability allows a remote unauthenticated threat actor to read sensitive information from the compromised system, modify certain configurations, disrupt network operations. This will compromise the confidentiality, integrity, and availability of data in your organisation.

The following Cisco SD-WAN vManage versions are affected by the vulnerability:

• v20.6.3.3 – fixed in v20.6.3.4

• v20.6.4 – fixed in v20.6.4.2

• v20.6.5 – fixed in v20.6.5.5

• v20.7 – Migrate to fixed version v20.8 – Migrate to fixed version

• v20.9 – fixed in v20.9.3.2

• v20.10 – fixed in v20.10.1.2

• v20.11 – fixed in v20.11.1.2

What can I do?

There are no workarounds for the critical vulnerability. As such, it is advised that patches are applied immediately. For versions v20.7 and v20.8, Cisco advises customers to migrate to a fixed release. Cisco has given advice on how to reduce the attack surface for this attack, this includes actions such as monitoring logs for the REST API and limiting instances to specified instances. If you are unsure check with your MSP or network team to ensure these are in place.

More information on the Cisco SD-WAN vManage vulnerability can be found here:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Are a War We'll Never Win, But We Can Defend Ourselves

The cyber threat landscape is constantly evolving, with hackers becoming more creative in their exploitation of businesses and personal data. As the frequency and sophistication of cyber attacks increase, it's clear that the cyber security war is an endless series of battles that demand constant innovation and vigilance. Recognising the necessity of having built-in security, organisations should integrate security measures into their systems and foster a culture of security awareness.

Acknowledging that breaches are an inevitable risk, an orchestrated team response, well-practiced recovery plan, and effective communication strategy are key to managing crises. Organisations must also invest in proactive security measures, including emerging technologies to spot intrusions early. Ultimately, cyber security isn't just a technical concern, it's a cultural and organisational imperative, requiring the incorporation of security measures into every aspect of an organisation's operations and philosophy.

https://www.darkreading.com/attacks-breaches/cyberattacks-are-a-war-we-ll-never-win-but-we-can-defend-ourselves

• Helping Boards Understand Cyber Risks

A difference in perspective is a fundamental reason board members and the cyber security team are not always aligned. Board members typically have a much broader view of the organisation’s goals, strategies, and overall risk landscape, where CISOs are responsible for assessing and mitigating cyber security risk.

It’s often a result of the board lacking cyber security expertise among its members, the complexity with understanding the topic and CISOs who focus too heavily on technical language during their discussions with the board which can cause a differing perspective. For organisations to be most effective in their approach to cyber security, they should hire CISOs or vCISOs who wear more than one hat and are able to understand cyber in context to the business. In addition, having cyber expertise on the board will pay dividends; this can be achieved by direct hiring or upskilling of board members.

Black Arrow supports clients as their vCISO or Non-Executive Director (NED) with specialist experience in cyber security risk management in a business context.

https://www.helpnetsecurity.com/2023/07/11/david-christensen-plansource-board-ciso-communication/

• Enterprise Risk Management Should Inform Cyber Risk Strategies

While executives and boards once viewed cyber security as a primarily technical concern, many now recognise it as a major business issue. A single serious data breach could result in debilitating operational disruptions, financial losses, reputational damage, and regulatory penalties.

Cyber security focuses on protecting digital assets from threats, while enterprise risk management adopts a wider approach, mitigating diverse risks across several domains beyond the digital sphere. Rather than existing in siloes, enterprise risk management and cyber risk management strategies should complement and inform each other. By integrating cyber security into their risk management frameworks, organisations can more efficiently and effectively protect their most valuable digital assets.

https://www.techtarget.com/searchsecurity/tip/Enterprise-risk-management-should-inform-cyber-risk-strategies

• Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention

Three of the largest US law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people. All three law firms feature on Cl0p’s leak site, which lists organisations who Cl0p have breached.

This comes as the UK National Cyber Security (NCSC) noted in a report the threat to the legal sector. Law firms are a particularly attractive target for the depth of sensitive personal information they hold from individuals and companies, plus the dual threat of publishing it publicly should a ransom demand go unmet. In Australia, law firm HWL Ebsworth confirmed several documents relating to its work with several Victorian Government departments and agencies had been released by cyber criminals to the dark web following a data breach announced in April 2023.

The extortion of law firms allows extra opportunities for an attacker, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. Based on the above, it is no wonder the Solicitors Regulation Authority (SRA) in the UK found that 75% of the law firms they visited has been a victim of a cyber attack.

https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/cl0p-hackers-hit-three-of-the-biggest-u-s-law-firms-in-large-ransomware-attack/

https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/

• 20% of Malware Attacks Bypass Antivirus Protection

In the first half of 2023, researchers found that 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution. Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.

The researchers found that the common entry points for malware are permitting employees to sync browser data between personal and professional devices (57%), struggling with shadow IT due to employees' unauthorised use of applications and systems (54%), and allowing unmanaged personal or shared devices to access business applications (36%).

Such practices expose organisations to subsequent attacks, like ransomware, resulting from stolen access credentials. Malware detection and quick action on exposures are critical; however, many organisations struggle with response and recovery with many firms failing to have robust incident response plans.

https://www.helpnetsecurity.com/2023/07/13/malware-infections-responses/

• Ransomware Payments and Extortion Spiked Compared to 2022

A recent report from Chainalysis found that ransomware activity is on track to break previous records, having extorted at least $449.1 million through June. For all of 2022, that number didn’t even reach $500 million. Similarly, a separate report using research statistics from Action Fraud UK, the UK’s national reporting centre for fraud, found cyber extortion cases surged 39% annually.

It’s no wonder both are on the rise, as the commonly used method of encrypting data behind a ransom is being combined with threatening to leak data; this gives bad actors two opportunities to gain payment. With this, the worry about the availability of your data now extends to the confidentiality and integrity of it.

https://www.infosecurity-magazine.com/news/cyber-extortion-cases-surge-39/

https://www.bleepingcomputer.com/news/security/ransomware-payments-on-record-breaking-trajectory-for-2023/

• AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers

Business leaders have been warned to expect more instability and uncertainly following on from the unpredictable nature of events during the past few years, from COVID-19 to business restructurings, the Russian invasion of Ukraine and the rise of generative artificial intelligence (AI). A recent report found that customers feel they lack appropriate guidance from their financial providers during times of economic uncertainty; the lack of satisfactory experience and a desire for a better digital experience is causing 25% of customers to switch banks.

The report also found that 23% of customers do not trust AI and 56% are neutral. This deficit in trust can swing in either direction based on how Financial Services Institutions (FSIs) use and deliver AI-powered services. While the benefits of AI are unclear, an increased awareness of personal data security has made trust between providers and customers more crucial than ever. In fact, 78% of customers say they would switch financial service providers if they felt their data was mishandled.

https://www.zdnet.com/article/ai-trust-and-data-security-are-key-issues-for-finance-firms-and-their-customers/

• Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available

Russian spies and cyber criminals are actively exploiting still-unpatched security flaws in Microsoft Windows and Office products, according to an urgent warning from Microsoft. While Microsoft recently released patches for 130 vulnerabilities, including 9 criticals, 6 which are actively being exploited (see our advisory here), a series of remote code execution vulnerabilities were not addressed, and attackers have been actively exploiting them because the patches are not yet available.

An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. All an attacker would have to do is to convince the victim to open the malicious file. Microsoft have stated that a security update may be released out of cycle to address these flaws.

https://www.securityweek.com/microsoft-warns-of-office-zero-day-attacks-no-patch-available/

• Scam Page Volumes Surge 304% Annually

Security researchers have recorded a 62% year-on-year increase in phishing websites and a 304% surge in scam pages in 2022. The Digital Risk Trends 2023 report classifies phishing as a threat resulting in the theft of personal information and a scam as any attempt to trick a victim into voluntarily handing over money or sensitive information.

It found that the average number of instances in which a brand’s image and logo was appropriated for use in scam campaigns increased 162% YoY, rising to 211% in APAC. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cyber criminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future.

https://www.infosecurity-magazine.com/news/scam-page-volumes-surge-304/

• Financial Industry Faces Soaring Ransomware Threat

The financial industry has been facing a surge in ransomware attacks over the past few years, said cyber security provider SOCRadar in a threat analysis post. This trend started in the first half of 2021, when Trend Micro saw a staggering 1,318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020. Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020.

https://www.infosecurity-magazine.com/news/financial-industry-faces-soaring/

• The Need for Risk-Based Vulnerability Management to Combat Threats

Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last 5 years. This is a result of unpatched and poorly configured systems as 75% of organisations believe they are vulnerable to a cyber attack due to unpatched software. As vulnerabilities continue to rise and security evolves, it is becoming increasingly apparent that conventional vulnerability management programs are inadequate for managing the expanding attack surface. In comparison, a risk-based strategy enables organisations to assess the level of risk posed by vulnerabilities. This approach allows teams to prioritise vulnerabilities based on their assessed risk levels and remediate those with higher risks, minimising potential attacks in a way that is continuous, and automated.

By enhancing your vulnerability risk management process, you will be able to proactively address potential issues before they escalate and maintain a proactive stance in managing vulnerabilities and cloud security. Through the incorporation of automated threat intelligence risk monitoring, you will be able to identify significant risks before they become exploitable.

https://www.bleepingcomputer.com/news/security/the-need-for-risk-based-vulnerability-management-to-combat-threats/

• Government Agencies Breached in Microsoft 365 Email Attacks

Microsoft disclosed an attack against customer email accounts that affected US government agencies and led to stolen data. While questions remain about the attacks, Microsoft provided some details in two blog posts on Tuesday, including attribution to a China-based threat actor it tracks as Storm-0558. The month long intrusion began on 15 May and was first reported to Microsoft by a federal civilian executive branch (FCEB) agency in June.

Microsoft said attackers gained access to approximately 25 organisations, including government agencies. While Microsoft has mitigated the attack vector, the US Government Cybersecurity and Infrastructure Security Agency (CISA) was first to initially detect the suspicious activity. The government agency published an advisory that included an attack timeline, technical details and mitigation recommendations. CISA said an FCEB agency discovered suspicious activity in its Microsoft 365 (M365) environment sometime last month.

https://www.techtarget.com/searchsecurity/news/366544735/Microsoft-Government-agencies-breached-in-email-attacks

• Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China

Britain’s spy watchdog has slammed the UK Government for a “completely inadequate” response to Chinese espionage and interference which risked an “existential threat to liberal democratic systems”. In a bombshell 207 page report, Parliament’s Intelligence and Security Committee issued a series of alarming warnings about how British universities, the nuclear sector, Government and organisations alike were being targeted by China.

https://www.standard.co.uk/news/politics/britain-risk-china-intelligence-security-committee-report-government-b1094118.html

• Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years

Hackers have developed a list of sophisticated tricks that allow them to weasel their way into the networks of possible targets, including organisations. Sometimes a North Korean hacker would pose as a recruitment officer to get an employee’s attention. The cyber criminal would then share an infected file with the unsuspecting company employee. This was the case of the famous 2021’s Axie Infinity hack that allowed the North Koreans to steal more than $600 million after one of the game developers was offered a fake job by the hackers.

https://www.pandasecurity.com/en/mediacenter/security/north-korea-stolen-crypto/

Governance, Risk and Compliance

• CISO perspective on why boards don't fully grasp cyber attack risks - Help Net Security

• Top Takeaways From Table Talks With Fortune 100 CISOs (darkreading.com)

• AI, trust, and data security are key issues for finance firms and their customers | ZDNET

• Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies - SecurityWeek

• Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves (darkreading.com)

• Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)

• Enterprise risk management should inform cyber-risk strategies | TechTarget

Threats

Ransomware, Extortion and Destructive Attacks

• Clop: Behind MOVEit Lies a Loud, Adaptable and Persistent Threat Group - Infosecurity Magazine (infosecurity-magazine.com)

• Cl0p Hackers Hit Three of the Biggest US Law Firms in Large Ransomware Attack - MSSP Alert

• UK battles hacking wave as ransomware gang claims ‘biggest ever’ NHS breach | TechCrunch

• Cl0p has yet to deploy ransomware while exploiting MOVEit zero-day | SC Media (scmagazine.com)

• Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch

• Cyber Extortion Cases Surge 39% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Financial Industry Faces Soaring Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware payments on record-breaking trajectory for 2023 (bleepingcomputer.com)

• Beware of Big Head Ransomware: Spreading Through Fake Windows Updates (thehackernews.com)

• Deutsche Bank confirms provider breach exposed customer data (bleepingcomputer.com)

• BigHead and RedEnergy ransomware, more MOVEIt problems (cisoseries.com)

• Staying ahead of the "professionals": The service-oriented ransomware crime industry - Help Net Security

• Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs

• Same code, different ransomware? Leaks kick-start myriad of new variants - Help Net Security

• Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley

• Ransomware, From a Different Perspective (darkreading.com)

• BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days (thehackernews.com)

Ransomware Victims

• Capita admits hackers also stole staff’s personal details (thetimes.co.uk)

• Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch

• Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)

• Barts NHS hack leaves folks on tenterhooks over extortion • The Register

• Deutsche Bank customer data leaked | Cybernews

• Scottish university cyber attack under investigation | The National

Phishing & Email Based Attacks

• New Phishing Attack Spoofs Microsoft 365 Authentication System (hackread.com)

• Number of email-based phishing attacks surges 464% - Help Net Security

• Chinese hackers compromised emails of US Government agencies- -Security Affairs

• Microsoft: Government agencies breached in email attacks | TechTarget

• RomCom hackers target NATO Summit attendees in phishing attacks (bleepingcomputer.com)Facebook and Microsoft remain prime targets for spoofing - Help Net Security

• Top 10 Email Security Best Practices in 2023 (gbhackers.com)

Other Social Engineering; Smishing, Vishing, etc

• Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)

• Evil QR - A new QR Jacking Attack to Take Over User Accounts (cybersecuritynews.com)

• How hackers are now targeting your voice and how to protect yourself | Fox News

Artificial Intelligence

• How the EU AI Act Will Affect Businesses, Cyber Security (darkreading.com)

• Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)

• NIST Launches Generative AI Working Group (darkreading.com)

• ChatGPT and Cyber Security : 5 Cyber Security Risks of ChatGPT (gbhackers.com)

• WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)

• How to Safely Architect AI in Your Cyber Security Programs (darkreading.com)

• ‘Police are going to have a very difficult time with AI,’ says cyber security advisor – Channel 4 News

• ChatGPT users drop for the first time as people turn to uncensored chatbots | Ars Technica

• Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop

• Civil society, labor and rights groups express concerns about AI at White House meeting | CyberScoop

2FA/MFA

• Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)

Malware

• 20% of malware attacks bypass antivirus protection - Help Net Security

• Malware delivery to Microsoft Teams users made easy - Help Net Security

• WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)

• Truebot Malware Variants Abound, According to CISA Advisory (darkreading.com)

• Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)

• USB drive malware attacks spiking again in first half of 2023 (bleepingcomputer.com)

• Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)

• What’s up with Emotet? | WeLiveSecurity

• Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign (darkreading.com)

• Over 100 malicious signed Windows drivers blocked by Microsoft - NotebookCheck.net News

• New 'ShadowVault' macOS malware steals passwords, crypto, credit card data | Macworld

• BlackLotus UEFI Bootkit Source Code Leaked on GitHub - SecurityWeek

• PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)

• AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)

• Serious Security: Rowhammer returns to gaslight your computer – Naked Security (sophos.com)

• Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)

Mobile

• Crooks Evolve Antidetect Tooling for Mobile OS-Based Fraud-Security Affairs

• The FCC aims to stop SIM swappers with new rules - The Verge

• Google Play will enforce business checks to curb malware submissions (bleepingcomputer.com)

• Clever Letscall vishing malware targets Android phones | SC Media (scmagazine.com)

Denial of Service/DoS/DDOS

• Industry responses and strategies for navigating the tides of DDoS attacks - Help Net Security

• Archive Of Our Own Down: AO3 DDoS Attack Explained - Dataconomy

Internet of Things – IoT

• Compliance seizes spotlight in the connected devices arena - Help Net Security

Data Breaches/Leaks

• So you gave personal info to a company caught in a data breach. Now what? | CBC News

• HCA confirms breach after hacker steals data of 11 million patients (bleepingcomputer.com)

• US on Track For Record Number of Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Twitter User Exposes Nickelodeon Data Leak - Infosecurity Magazine (infosecurity-magazine.com)

• Capita attackers reportedly stole data from pension fund • The Register

• IT vendor appeals against US$6.5 million in damages awarded to gaming firm Razer over data leak - CNA (channelnewsasia.com)

• Twenty Manx public authorities reprimanded for data breach - BBC News

• Bangladesh government website leaked data of millions of citizens-Security Affairs

Organised Crime & Criminal Actors

• British teens accused of hacks against Uber and Rockstar Games's Grand Theft Auto 6 (bitdefender.com)

• Staying ahead of the "professionals": The service-oriented ransomware crime industry - Help Net Security

• BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop

• Crimeware Group Asylum Ambuscade Ventures Into Cyber-Espionage - Infosecurity Magazine (infosecurity-magazine.com)

• What’s up with Emotet? | WeLiveSecurity

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Hackers have stolen $3 billion in crypto - Panda Security

• Cyber security professional accused of stealing $9M in crypto | TechCrunch

• Central Bankers Develop Framework For Securing Digital Currencies - Infosecurity Magazine (infosecurity-magazine.com)

• SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)

Insider Risk and Insider Threats

• How To Protect Your Business From The Security Risks Freelancers Pose (forbes.com)

• Former employee charged for attacking water treatment plant (bleepingcomputer.com)

• Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley

Fraud, Scams & Financial Crime

• E-commerce Fraud Surges By Over 50% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Amazon Prime Day Draws Out Cyber Scammers (darkreading.com)

• Scam Page Volumes Surge 304% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Fewer Than 100 Scammers Responsible For Global Email Extortion - Infosecurity Magazine (infosecurity-magazine.com)

• The FCC aims to stop SIM swappers with new rules - The Verge

• Hackers have stolen $3 billion in crypto - Panda Security

Insurance

• Zurich Unwraps New Cyber Insurance for Mid-Market Companies - MSSP Alert

• Rethinking Cyber Insurance | Mimecast

Dark Web

• Understanding Dark Web vs. Deep Web (geekflare.com)

• BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop

Supply Chain and Third Parties

• Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)

• Capita attackers reportedly stole data from pension fund • The Register

• MOVEit: Testing the Limits of Supply Chain Security - SecurityWeek

• IT vendor appeals against US$6.5 million in damages awarded to gaming firm Razer over data leak - CNA (channelnewsasia.com)

Cloud/SaaS

• Only 45% of cloud data is currently encrypted - Help Net Security

• Microsoft alleges China behind attack on Exchange Online • The Register

• For stronger public cloud data security, use defence in depth | TechTarget

• Silentbob Campaign: Cloud-Native Environments Under Attack (thehackernews.com)

• Global Retailers Must Keep an Eye on Their SaaS Stack (thehackernews.com)

• SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)

• Decentralized storage emerging as solution to cloud-based attacks | Cybernews

Hybrid/Remote Working

• Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)

Attack Surface Management

• Attack Surface Management: Identify and protect the unknown - Help Net Security

Identity and Access Management

• Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)

• less than half of SMBs use Privileged Access Management- IT Security Guru

Encryption

• Only 45% of cloud data is currently encrypted - Help Net Security

API

• Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)

• API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek

Open Source

• Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)

• The EU’s Product Liability Directive could kill open source | TechRadar

• Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)

• AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Popular WordPress Security Plugin Caught Logging Plaintext Passwords - SecurityWeek

Social Media

• Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek

• Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use? (darkreading.com)

Travel

• Cyber security best practices while working in the summer - Help Net Security

Regulations, Fines and Legislation

• Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US - SecurityWeek

• How the EU AI Act Will Affect Businesses, Cyber security (darkreading.com)

• A Cyber Security Wish List Ahead of NATO Summit - SecurityWeek

• Central Bankers Develop Framework For Securing Digital Currencies - Infosecurity Magazine (infosecurity-magazine.com)

• The EU’s Product Liability Directive could kill open source | TechRadar

• Microsoft and AWS caution Ofcom against referring UK cloud market over to CMA | Computer Weekly

Models, Frameworks and Standards

• NIST Launches Generative AI Working Group (darkreading.com)

• How to map security gaps to the Mitre ATT&CK framework | TechTarget

• Get started: Threat modeling with the Mitre ATT&CK framework | TechTarget

Data Protection

• Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US - SecurityWeek

• Twenty Manx public authorities reprimanded for data breach - BBC News

Careers, Working in Cyber and Information Security

• Global Hacking Competition Addresses Critical Increase in Cybersecurity Threats for Businesses (darkreading.com)

• Free entry-level cyber security training and certification exam - Help Net Security

Law Enforcement Action and Take Downs

• Former employee charged for attacking water treatment plant (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• France 's government is giving the police more surveillance power-Security Affairs

Misinformation, Disinformation and Propaganda

• Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Storm-0978 attacks reveal financial and espionage motives | Microsoft Security Blog

• NATO Countries Must Work Together to Counter the Russian Cyber-Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Russia-based actor exploited unpatched Office zero day | TechTarget

• SolarWinds Attackers Dangle BMWs to Spy on Diplomats (darkreading.com)

• Russian state hackers lure Western diplomats with BMW car ads (bleepingcomputer.com)

• Killnet Tries Building Russian Hacktivist Clout With Media Stunts (darkreading.com)

• Mandiant Unveils Russian GRU’s Cyber Playbook Against Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs

• APT Profile: FIN7 - SOCRadar® Cyber Intelligence Inc.

• Killer ‘tracked Russian sub commander using Strava jogging app’ (thetimes.co.uk)

• Inside the murky world accelerating Russia’s economic meltdown (telegraph.co.uk)

• Cyber attacks Against Ukrainians Adjoin NATO Summit in Lithuania - MSSP Alert

• Russian Hackers Find Sneaky Way to Infiltrate Embassy Networks in Kyiv (kyivpost.com)

• PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)

China

• China 'aggressively' targeting UK – but government has 'no strategy' to tackle it, Intelligence and Security Committee of MPs says | Politics News | Sky News

• Chinese hackers compromised emails of US Government agencies-Security Affairs

• UK has ‘no strategy’ to tackle China threat as spies target Britain, report warns | The Independent

• Cabinet tensions emerge over labelling China a threat to UK national security (inews.co.uk)

Iran

• Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)

North Korea

• North Korean hackers have stolen $3 billion in crypto - Panda Security

Vulnerability Management

• CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security

• The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)

• Creating a Patch Management Playbook: 6 Key Questions (darkreading.com)

• Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)

Vulnerabilities

• MOVEit Transfer customers warned to patch new critical flaw (bleepingcomputer.com)

• After Zero-Day Attacks, MOVEit Turns to Security Service Packs - SecurityWeek

• Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack (thehackernews.com)

• Microsoft Warns of Office Zero-Day Attacks, No Patch Available - SecurityWeek

• Juniper Networks Patches High-Severity Vulnerabilities in Junos OS - SecurityWeek

• Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)

• SonicWall warns admins to patch critical auth bypass bugs immediately (bleepingcomputer.com)

• Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices (bleepingcomputer.com)

• Russia-based actor exploited unpatched Office zero day | TechTarget

• Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari (thehackernews.com)

• Hackers Steal $20 Million by Exploiting Flaw in Revolut's Payment Systems (thehackernews.com)

• Raising concerns over Google Authenticator’s new features | TechRadar

• Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)

• Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)

• VMware warns of exploit available for critical vRealize RCE bug (bleepingcomputer.com)

• Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion - SecurityWeek

• Zimbra urges customers to manually fix actively exploited zero-day-Security Affairs

• Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek

• New StackRot Linux kernel flaw allows privilege escalation (bleepingcomputer.com)

• Exploit Code Published for Remote Root Flaw in VMware Logging Software - SecurityWeek

• API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek

• Experts released PoC exploit for Ubiquiti EdgeRouter flaw-Security Affairs

• Critical RCE found in popular Ghostscript open-source PDF library (bleepingcomputer.com)

• Citrix fixed a critical flaw in Secure Access Client for Ubuntu-Security Affairs

OT/ICS Vulnerabilities

• Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organisations - SecurityWeek

• Critical RCE Vulnerability in Rockwell Automation PLCs Zaps ICS (darkreading.com)

• 3 Critical RCE Bugs Threaten Industrial Solar Panels (darkreading.com)

Tools and Controls

• The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)

• less than half of SMBs use Privileged Access Management- IT Security Guru

• Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)

• Enterprise risk management should inform cyber-risk strategies | TechTarget

• Infrastructure upgrades alone won't guarantee strong security - Help Net Security

• Cyber Security Leaders Report Reduction in Disruptive Cyber Incidents With MSS/MDR Solutions (darkreading.com)

• What is a Network Intrusion Protection System (NIPS)? | Definition from TechTarget

• Overcoming user resistance to passwordless authentication - Help Net Security

• Understanding The Difference Between DDR and EDR - GBHackers - Latest Cyber Security News | Hacker News

• Zero Trust Keeps Digital Attacks From Entering the Real World (darkreading.com)

• New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security (thehackernews.com)

• 3 Strategies For Simplifying And Strengthening Your Data Security (forbes.com)

• The history, evolution and current state of SIEM | TechTarget

• Attack Surface Management: Identify and protect the unknown - Help Net Security

• How to Put Generative AI to Work in Your Security Operations Center (darkreading.com)

• Guide to Operationalizing Zero Trust (trendmicro.com)

• Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)

• Platform Approach to Cyber Security: The New Paradigm (trendmicro.com)

• Intrusion Detection & Prevention Systems Guide (trendmicro.com)

• Decentralized storage emerging as solution to cloud-based attacks | Cybernews

• Wi-Fi AP placement best practices and security policies | TechTarget

• For stronger public cloud data security, use defence in depth | TechTarget

Other News

• Growing reliance on satellites requires new approach to cyber security in space, expert says | CyberScoop

• White House Urged to Quickly Nominate National Cyber Director (darkreading.com)

• The rise of cyber threats in a digital dystopia | Mint #AskBetterQuestions (livemint.com)

• Building the right collective defence against cyber attacks for critical infrastructure | CyberScoop

• Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security

• White House publishes National Cyber Security Strategy Implementation Plan - Help Net Security

• Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

Microsoft’s July 2023 Patch Tuesday provides updates to address 138 security issues across its product range, including six actively exploited zero-day vulnerability. The exploited zero-day vulnerabilities use a range of Microsoft Windows products to bypass security features, elevate privileges and perform remote code execution. Among the updates provided by Microsoft 9 addressed critical vulnerabilities.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker with standard user access, to gain elevated privileges, or install kernel drivers, depending on the exploit used. Other risks such as bypassing security features of Microsoft Outlook and performing remote code execution can occur. This could allow an attacker to further compromise the confidentiality, integrity and availability of the organisation’s information assets.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities.  Other mitigations have been provided by Microsoft and can be found below in the further detail’s section.

Technical Summary

CVE-2023-32046 – The actively exploited vulnerability targets MSHTML Platform which could allow an attacker to elevate their privileges to the rights the user that is running the affected application is.

CVE-2023-32049 – This actively exploited vulnerability targets Windows SmartScreen allowing an attacker to bypass security features including the security warning prompt.

CVE-2023-36874 – This actively exploited vulnerability targets the Windows Error Reporting Service allowing an attacker to elevate privileges allowing them to gain administrator privileges.

CVE-2023-36884 – This actively exploited vulnerability targets the Office and Windows HTML allowing an attacker to perform remote code execution.

CVE-2023-35311 – This actively exploited vulnerability targets Microsoft Outlook and bypasses a security feature however to exploit this an attacker would have to have a user click in a specially crafted link through phishing or social engineering.

ADV230001 – This is a Microsoft signed driver that has been maliciously used in post-exploitation activity which abused a Windows policy loophole to install malicious kernel-mode drivers.

Adobe

This month, Adobe released fixes for 4 vulnerabilities, of which 3 were rated critical across Adobe InDesign and Adobe ColdFusion. At current, Adobe are not aware of any active exploitation of the listed vulnerabilities, however the advice is to update the affected products using their priority rating which can be found in the details below. The vulnerabilities include remote code execution, memory leak and security bypass.

Further details on other specific updates within this patch Tuesday can be found here:

https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2023-patch-tuesday-warns-of-6-zero-days-132-flaws/  

Further details about CVE-2023-32046 can be found here:                     

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32046

Further details about CVE-2023-32049 can be found here: 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32049

Further details about CVE-2023-36874 can be found here: 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874

Further details about CVE-2023-36884 can be found here:                   

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884

Further details about CVE-2023-35311 can be found here:                   

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35311

Further details about ADV230001 can be found here:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV230001

Further details of the vulnerabilities addressed in Adobe InDesign can be found here:

https://helpx.adobe.com/security/products/indesign/apsb23-38.html

Further details of the vulnerabilities addressed in Adobe ColdFusion can be found here:

https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Against Mobile Devices Growing Fast

A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year.  The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.

It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.

https://www.msspalert.com/cybersecurity-services-and-products/mobile/cyber-attacks-against-mobile-devices-growing-fast/

https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users

• One Third of Security Breaches Go Unnoticed by Security Professionals

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.

The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.

https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/

• Cyber Security Experts Have Become Targets for Board Seats

The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.

The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.

CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.

https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html

• Phishing Attack Prevention as Email Attacks Surge Over 450%

A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.

In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.

https://cybersecuritynews.com/phishing-attack-prevention-checklist/

https://www.msspalert.com/cybersecurity-research/email-cyberattacks-spiked-nearly-500-in-first-half-of-2023-acronis-reports/

• Outsmarting Business Email Compromise (BEC) Scammers

Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.

There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.

https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers

• Small Organisations Face Security Threats on a Limited Budget

Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.

The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.

https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/

• Cloud Security: Sometimes the Risks May Outweigh the Rewards

Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.

Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.

https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/

https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/

• Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks

A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.

From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.

https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks

https://techcrunch.com/2023/07/06/more-organizations-confirm-moveit-related-breaches-as-hackers-claim-to-publish-stolen-data

• 75% of Consumers Prepared to Ditch Brands Hit by Ransomware

As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.

While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.

https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/

• Scammers Using AI Voice Technology to Commit Crimes

The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.

The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.

https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/

• What are the Causes of Data Loss and What it the Impact on Your Organisation?

In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.

It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.

https://securityaffairs.com/148086/security/impacts-of-data-loss.html

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem

Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.

One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.

https://www.bleepingcomputer.com/news/security/ransomware-affiliates-triple-extortion-and-the-dark-web-ecosystem/

Governance, Risk and Compliance

• Cyber Security experts have become targets for board seats (cnbc.com)

• The Impacts of Data Loss on Your Organisation -Security Affairs

• One third of security breaches go unnoticed by security professionals - Help Net Security

• Small organisations face security threats on a limited budget - Help Net Security

• How to cultivate a culture of continuous cyber Security improvement - Help Net Security

• CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk (darkreading.com)

• Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)

• Cyber Security's Future Hinges on Stronger Public-Private Partnerships (darkreading.com)

• Center for Internet Security, CREST launch new enterprise cyber Security accreditation scheme | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

• 75% of consumers prepared to ditch brands hit by ransomware - Help Net Security

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)

• Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks (darkreading.com)

• Encryption-less ransomware: Warning issued over emerging attack method for threat actors | ITPro

• Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)

• 8Base ransomware group leaks data of 67 victim organisations - Help Net Security

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)

• BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)

• Seven ways to prepare for double extortion ransomware | SC Media (scmagazine.com)

• The rise in cyber extortion attacks and its impact on business security - Help Net Security

• University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online

• Ransomware Criminals Are Dumping Kids' Private Files Online After School Hacks - SecurityWeek

• Microsoft Can Fix Ransomware Tomorrow (darkreading.com)

• Ransomware accounts for 54% of cyber threats in the health sector- Security Affairs

• Avast released a free decryptor for Windows version of Akira ransomware- Security Affairs

• Dark Web Intelligence Shows Everest Ransomware Group Increasing Initial Access Broker Activity (yahoo.com)

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• Thirty-three US Hospitals Hit By Ransomware This Year - Infosecurity Magazine (infosecurity-magazine.com)

• How ransomware impacts the healthcare industry - Help Net Security

• Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack – Joseph Carson – ESW Vault | SC Media (scmagazine.com)

• June saw flurry of ransomware attacks on education sector | TechTarget

• Decryption tool for Akira ransomware available for free | Tripwire

• Japanese Port of Nagoya Resumes Operations After 2-Day Russian Ransomware Attack - MSSP Alert

• What is WannaCry Ransomware? | Definition from TechTarget

• FBI digital sting against Hive cyber Crime group shows the promise — and limits — of hacking hackers - POLITICO

Ransomware Victims

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• One million NHS patients’ data compromised after cyber Attack on University of Manchester | The Independent

• Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data - SecurityWeek

• Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)

• Hackers Claim $70 Million Ransomware Attack on TSMC, Hits Supplier Instead | Tom's Hardware (tomshardware.com)

• Japan’s largest port stops operations after ransomware attack (bleepingcomputer.com)

• TSMC says IT supplier extorted by LockBit • The Register

• Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)

• 8Base ransomware group leaks data of 67 victim organisations - Help Net Security

• Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• TSMC says IT supplier extorted by LockBit • The Register

• MOVEit Hacks Ensnare US Department of Health and Human Services - Bloomberg

• UCLA among victims of worldwide cyber attack – NBC Los Angeles

• BlackCat Hacking Gang Says It Stole Data from UK's Barts Health NHS Trust - Bloomberg

• Chipmaker TSMC says supplier targeted in cyber Attack | Reuters

• MOVEit hack impacts US financial services provider for academics | SC Media (scmagazine.com)

Phishing & Email Based Attacks

• Suspicious Email Reports Up a Third as NCSC Trumpets Active Defence - Infosecurity Magazine (infosecurity-magazine.com)

• Email Cyber Attacks Spiked Nearly 500% in First Half of 2023, Acronis Reports - MSSP Alert

• Phishing Attack Prevention Checklist - A Detailed Guide (cybersecuritynews.com)

• Phishing Trends and Tactics: Q1 of 2023 | Tripwire

• African Nations Face Escalating Phishing & Compromised Password Cyber Attacks (darkreading.com)

BEC – Business Email Compromise

• 6 Steps To Outsmart Business Email Compromise Scammers (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Quishing on the rise: How to prevent QR code phishing | TechTarget

• Why cyberpsychology is such an important part of effective cyber Security | CSO Online

Artificial Intelligence

• AI’s rise is ‘most profound’ tech shift to impact ‘all of our lives’, Google UK chief says | The Independent

• Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register

• Cyber Criminals can break voice authentication with 99% success rate - Help Net Security

• Dutch counterterrorism agency says Generative AI is posing new cyber threats | NL Times

• AI-generated attack vectors cyber Security should watch for (fastcompany.com)

• The EU hasn’t got its AI Act together yet - The Verge

• OpenAI Pauses ChatGPT's 'Browse With Bing' as Users Bypass Paywalls (gizmodo.com)

• Promoting responsible AI: Balancing innovation and regulation - Help Net Security

• GPT-4 is great at infuriating telemarketing scammers • The Register

• UK Citizens Wary of NHS AI Use, Citing Privacy Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• 3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)

Malware

• Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)

• Meduza Stealer Targets Windows Users With Advanced Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Fileless attacks increase 1,400% - Help Net Security

• Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs

• Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability (thehackernews.com)

• Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)

• Cyber agencies warn of new TrueBot malware variants targeting US and Canadian firms (therecord.media)

• CISA: Truebot malware infecting networks in US, Canada | TechTarget

• Mockingjay - A New Injection Technique to Bypass EDR (cybersecuritynews.com)

• Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)

• Mexican Hacker Unleashes Android Malware on Global Banks - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Android Security Updates Patch 3 Exploited Vulnerabilities - SecurityWeek

• Samsung Phone Flaws Added to CISA 'Must Patch' List Likely Exploited by Spyware Vendor - SecurityWeek

• Mobile Cyber Attacks Soar, Especially Against Android Users (darkreading.com)

• Android users at risk as banking trojan targets more apps | Fox News

• Cyber Attacks Against Mobile Devices Growing Fast - MSSP Alert

• We can’t trust the Government to protect your privacy, says boss of Signal (telegraph.co.uk)

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

• Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)

• Mexican Hacker Unleashes Android Malware on Global Banks - Infosecurity Magazine (infosecurity-magazine.com)

Botnets

• Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)

• Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)

Denial of Service/DoS/DDOS

• CISA issues DDoS warning after attacks hit multiple US orgs (bleepingcomputer.com)

• Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)

• Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics (thehackernews.com)

Data Breaches/Leaks

• More organisations confirm MOVEit-related breaches as hackers claim to publish stolen data | TechCrunch

• FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)

• Microsoft denies data breach, theft of 30 million customer accounts (bleepingcomputer.com)

• Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En

• The Impacts of Data Loss on Your Organisation- Security Affairs

• Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone (thehackernews.com)

• Report Reveals Companies Unprepared For Darknet Data Leaks - Infosecurity Magazine (infosecurity-magazine.com)

• Nickelodeon investigates breach after leak of 'decades old’ data (bleepingcomputer.com)

• OpenAI lawsuit reignites privacy debate over data scraping | CyberScoop

• 28,000 Impacted by Data Breach at Pepsi Bottling Ventures - SecurityWeek

Organised Crime & Criminal Actors

• Exploring the Dark Web Job Market (socradar.io)

• INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cyber Crime (thehackernews.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Meduza Stealer targets tens of crypto wallers and pwd managers- Security Affairs

• $7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)

• Hackers stole millions of dollars worth of crypto assets from Poly Network platform- Security Affairs

Insider Risk and Insider Threats

• Human Error the Leading Cause of Cloud Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Why cyberpsychology is such an important part of effective cyber Security | CSO Online

Fraud, Scams & Financial Crime

• Google Searches for 'USPS Package Tracking' Leads to Banking Theft (darkreading.com)

• Support from British businesses crucial in removing over... - NCSC.GOV.UK

• GPT-4 is great at infuriating telemarketing scammers • The Register

• Ex-Amazon manager who stole $9m+ gets 16 years in prison • The Register

• $7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)

• International Police Operation Dismantles Phone Scam Network - Infosecurity Magazine (infosecurity-magazine.com)

• Four Men Face 20 Years For Money Laundering Charges - Infosecurity Magazine (infosecurity-magazine.com)

Deepfakes

• Scammers using AI voice technology to commit crimes - Help Net Security

• Cyber Criminals can break voice authentication with 99% success rate - Help Net Security

AML/CFT/Sanctions

• Four Men Face 20 Years For Money Laundering Charges - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online

• Find A Cyber Insurance Policy That Fits Your Small Business Budget (forbes.com)

• Cyber insurance rates drop 10% in June, report says | Reuters

• How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)

• How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)

Dark Web

• Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)

• Report Reveals Companies Unprepared For Darknet Data Leaks - Infosecurity Magazine (infosecurity-magazine.com)

• Exploring the Dark Web Job Market (socradar.io)

• Deep Web vs Dark Web: What’s the Difference? - Keeper (keepersecurity.com)

Supply Chain and Third Parties

• Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)

• TSMC says IT supplier extorted by LockBit • The Register

• Hackers Claim $70 Million Ransomware Attack on TSMC, Hits Supplier Instead | Tom's Hardware (tomshardware.com)

Software Supply Chain

• A CISO's Guide to Paying Down Software Supply Chain Security Debt (darkreading.com)

Cloud/SaaS

• Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)

• Japan rebukes Fujitsu for cloud security fails • The Register

• Cloud security: Sometimes the risks may outweigh the rewards – Cyber Reports Cyber Security News & Information (cyber-reports.com)

• 53% of SaaS licenses remain unused - Help Net Security

• IT leaders believe hybrid cloud solutions are the future of IT - Help Net Security

• Human Error the Leading Cause of Cloud Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Ongoing Incident Prompts JumpCloud to Reset API Keys - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft investigates Outlook.com bug breaking email search (bleepingcomputer.com)

• 11 best practices for securing data in the cloud | Microsoft Security Blog

• 3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)

Attack Surface Management

• Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online

Encryption

• Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)

• Exploring the Dark Web Job Market (socradar.io)

• Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek

• Online Safety Bill: WhatsApp, Signal, Element issue stark final warning against mass snooping of messages | Evening Standard

• Security Experts Raise Major Concerns With Online Safety Bill - Infosecurity Magazine (infosecurity-magazine.com)

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

API

• Ongoing Incident Prompts JumpCloud to Reset API Keys - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Mission Linux: How the open source software is now a lucrative target for hackers | CSO Online

• Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• High school changes every student’s password to ‘Ch@ngeme!’ | TechCrunch

• Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets (thehackernews.com)

Social Media

• Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)

• EU Court Deals Blow to Meta in German Data Case - SecurityWeek

• Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns (thehackernews.com)

• Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)

Malvertising

• BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)

Training, Education and Awareness

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

Regulations, Fines and Legislation

• France passes bill to allow police remotely activate phone camera, microphone, spy on people (gazettengr.com)

• Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek

• EU Court Deals Blow to Meta in German Data Case - SecurityWeek

• Promoting responsible AI: Balancing innovation and regulation - Help Net Security

• European companies slam the EU’s incoming AI regulations in open letter - The Verge

• Stop using Google Analytics, warns Sweden’s privacy watchdog, as it issues over $1M in fines | TechCrunch

• 83% of Brits Demand Messaging Apps Remain Private, Ahead of Threat From Online Safety Bill (darkreading.com)

Models, Frameworks and Standards

• Center for Internet Security, CREST launch new enterprise cyber Security accreditation scheme | CSO Online

Careers, Working in Cyber and Information Security

• Crack the Code: How to Secure Your Dream Cyber Security Career - IT Security Guru

• 3 Ways to Build a More Skilled Cyber Security Workforce (darkreading.com)

• Make Diversity the 'How,' Not the 'What,' of Cyber Security Success (darkreading.com)

• CISO Speaks: Resilience and Avoiding Burnout - IT Security Guru

• Top 5 Free Online Cyber Security Courses in 2023 (analyticsinsight.net)

• ISACA joins ECSO to strengthen cyber Security and digital skills in Europe - Help Net Security

Law Enforcement Action and Take Downs

• INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cyber Crime (thehackernews.com)

• International Police Operation Dismantles Phone Scam Network - Infosecurity Magazine (infosecurity-magazine.com)

• FBI digital sting against Hive cyber Crime group shows the promise — and limits — of hacking hackers - POLITICO

Privacy, Surveillance and Mass Monitoring

• France passes bill to allow police remotely activate phone camera, microphone, spy on people (gazettengr.com)

• Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register

• Online Safety Bill: WhatsApp, Signal, Element issue stark final warning against mass snooping of messages | Evening Standard

• TSA hopes to expand facial recognition over next ten years • The Register

• NJ cops must get wiretap order for real-time Facebook snoop • The Register

• Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns (thehackernews.com)

• UK Citizens Wary of NHS AI Use, Citing Privacy Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Stop using Google Analytics, warns Sweden’s privacy watchdog, as it issues over $1M in fines | TechCrunch

• Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)

• Switzerland’s Security Report: Impact of Russia–Ukraine Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Satellite system used by Russian military is hacked - The Washington Post

• Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)

• Russian railway site allegedly taken down by Ukrainian hackers (therecord.media)

China

• US authorities warn on China’s new counter-espionage la' • The Register

• Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research

• Chinese threat actor attacks diplomats across Europe • The Register

• Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)

Iran

• Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools (darkreading.com)

• Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)

• Iranian hacking group impersonating nuclear experts to gain intel from Western think tanks | SC Media (scmagazine.com)

North Korea

• Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs

• North Korean satellite had no military utility for spying • The Register

Misc/Other/Unknown

• Advanced Persistent Threats: A Wake-Up Call for Cyber Security (ts2.space)

Vulnerability Management

• Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)

• Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)

Vulnerabilities

• CISA warns Samsung handset bugs and D-Link router flaws are being exploited in wild | SC Media (scmagazine.com)

• 300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug (bleepingcomputer.com)

• Microsoft puts out Outlook fire, downplays Teams flaw • The Register

• Critical Flaw Exposes ArcServe Backup to Remote Code Execution - Infosecurity Magazine (infosecurity-magazine.com)

• WordPress plugin lets users become admins – Patch early, patch often! – Naked Security (sophos.com)

• Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)

• Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities - SecurityWeek

• Microsoft fixes bug behind Windows LSA protection warnings, again (bleepingcomputer.com)

• Samsung Phone Flaws Added to CISA 'Must Patch' List Likely Exploited by Spyware Vendor - SecurityWeek

• Cisco warns of bug that lets attackers break traffic encryption (bleepingcomputer.com)

• StackRot Linux Kernel Bug Has Exploit Code on the Way (darkreading.com)

• Cisco warns of a flaw in Nexus 9000 series switches that allows modifying encrypted traffic- Security Affairs

Tools and Controls

• Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)

• Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online

• VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek

• Small organisations face security threats on a limited budget - Help Net Security

• 11 best practices for securing data in the cloud | Microsoft Security Blog

• How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)

• Mitigating Risk With Threat Intelligence (darkreading.com)

• How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)

Reports Published in the Last Week

• Phishing Trends and Tactics: Q1 of 2023 | Tripwire

• How to Use Threat Intelligence to Mitigate Third-Party Risk Free Report (tradepub.com)

Other News

• Foreign spies hacked government 20 years ago (thetimes.co.uk)

• GCHQ Reveals Details of State-Backed Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Police investigate stolen exam papers after cyber attack (schoolsweek.co.uk)

• VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek

• Why Schools are Low-Hanging Fruit for Cyber Criminals - IT Security Guru

• Hacks targeting British exam boards raise fears of students cheating (therecord.media)

• Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En

• Is your browser betraying you? Emerging threats in 2023 - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive Summary

A vulnerability has been discovered in Microsoft Teams, which allows malicious actors to circumvent the application's built-in restrictions for files originating from external sources. The ‘TeamsPhisher’ application which has been developed by the US Navy’s Red Team which is freely available, takes advantage of this technique to easily allow an attacker to send a malicious attachment to a targeted set of Teams users. Exploiting this vulnerability enables attackers to distribute malware to users using accounts that are external to a targets Microsoft Tennant, posing significant risks to individuals and businesses.

What’s the risk to me or my business?

Exploiting this vulnerability enables malicious actors to engage in social engineering and phishing attacks by leveraging Microsoft Teams as a communication platform. Furthermore, it bypasses all built-in security restrictions, allowing the delivery of malicious payloads directly to users' inboxes. Clicking or launching these payloads can grant attackers further access to your systems, compromising the confidentiality, integrity, and availability of your organization's data.

What can I do?

At this time Microsoft has not yet issued a fix to this problem but has provided the following statement to ‘Bleeping Computer’: “We’re aware of this report and have determined that it relies on social engineering to be successful.

We encourage customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers.”

To mitigate the risk, it is advised that you turn off communication with external tenants. However if this is not possible due to needing to regularly communicate with clients it is advised to change the security settings to only whitelist certain required domains. Both actions can be done in Microsoft Teams Admin Center > External Access. It is important to emphasise within your organisation that phishing attacks can happen in various forms, other than emails. Therefore, it is essential to maintain constant vigilance in all aspects of online communication. 

 More information on the Microsoft Teams Phishing can be found here:

https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/

https://github.com/Octoberfest7/TeamsPhisher

https://www.bleepingcomputer.com/news/security/new-tool-exploits-microsoft-teams-bug-to-send-malware-to-users/

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Executive Summary

Last weekend, Barts Health NHS trust was breached in a cyber attack, with Russian-linked cyber crime gang ALPHV, also known as BlackCat. The attackers claimed to have acquired seven terabytes of internal documents from the trusts’ systems.  A selection of files including copies of driving licenses, passports and correspondence have already been leaked. It is believed that more is to come. This comes after other recent cyber attacks, such as the MOVEit hack, which has impacted over 130 organisations and 15 million individuals.

What’s the risk to me or my business?

The availability of such detailed personal information poses an increased risk of threat actors exploiting it for phishing purposes, and also increases the likelihood that the information could be used for identity fraud. With access data such as previous email chains with an individual, phishing attacks can appear more authentic as responses to legitimate requests, making them more likely to succeed.

What can I do?

To help mitigate the risk, Black Arrow strongly recommend maintaining a high level of vigilance and awareness. It is crucial to understand that the presence of personal or confidential information alone does not guarantee authenticity. Take the time to double-check any suspicious communication or requests before sharing sensitive information. By remaining cautious and verifying the legitimacy of any unexpected or unusual messages, you can reduce the likelihood of falling victim to phishing attacks. It is also recommended that individuals monitor their own personal accounts for suspicious activity including the information stored with credit unions such as Equifax and Transunion to identify potential cases of identity theft.

More information on the NHS Breach can be found here: https://www.telegraph.co.uk/news/2023/06/30/russia-may-have-hacked-nhs-trust-with-two-million-patients/

More information on the MOVEit attack can be found here: https://www.securityweek.com/over-130-organizations-millions-of-individuals-believed-to-be-impacted-by-moveit-hack/

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible

Zurich Insurance Group is a major player in the insurance game, with over 55 million clients. They have recently just fixed a sensitive file that they had left publicly accessible. The file in question contained a range of credentials including database credentials, admin credentials, credentials for the actively exploited MOVEit software, credentials for their HR system and more. All of which could be utilised by threat actors to inflict serious damage. This was not the only vulnerability stemming from the insurance group; researchers found that Zurich were also running an outdated website, which contained a large number of vulnerabilities.

The case is alarming as Zurich Insurance Group provides cyber insurance and the instance above reinforces the need for organisations to be proactive in identifying cyber risks in their environment; it is simply not enough to rely on having insurance or meeting insurance requirements.

https://cybernews.com/zurich-insurance-data-leak/

• Employees Worry Less About Cyber Security Best Practices in the Summer

IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months according to a new report. The report found that 55% of employees admitted to relying solely on their mobile devices while working remotely in the summer. 25% of all respondents claim that they aren’t concerned about ensuring network connections are secure when accessing their company’s data.

In the same report, 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cyber security training and guides and even less (17%) in the US. This comes as a separate report found that the number of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022, and this is likely to continue rising. Worryingly, it was also found that the average user is between six and ten times more likely to fall for an SMS phishing attack than email.

https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/

https://www.infosecurity-magazine.com/news/mobile-malware-and-phishing-surge/

• Businesses are Ignoring Third-Party Security Risks

With 58% of companies managing over 100 vendors, 8% of which manage over 1,000, the need for a robust Third-Party Security Risk Management process becomes abundantly clear. Despite this, only 13% of organisations continuously monitor the security risks of their third parties. This is worrying, when considering the knock-on effects of third party breaches from the likes of Capita, SolarWinds and 3CX, and the recent MOVEit attack, impacting organisations whose only relationship with MOVEit was that their supplier used it.

https://www.helpnetsecurity.com/2023/06/30/third-party-relationships-risks/

• Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back

When a person is notified of a data breach involving their personal information, if they react with a feeling of fear, as opposed to anger, they’re more likely to stop using the site. A report found that positive attitudes toward the website before the breach did not meaningfully affect whether consumers reengaged with the website after the breach, as some prior research has indicated. Instead, the emotional response of fear weighed heavily on customers and outweighed any earlier positive sentiment towards the organisation.

When a company has been breached in the past they have dealt with angry customers and negative press. To do so, companies may engage crisis managers to contain the damage, partner with identity protection services, pay fines or settlements, or try to lure back customers with free services. However, the study shows that companies need to address fearful customers differently after a data breach has occurred if they want to avoid customer loss. To do this, companies can work with their IT departments to identify customers who are no longer active after a breach and then reach out to them directly to assuage their fears.

https://theconversation.com/fear-trumps-anger-when-it-comes-to-data-breaches-angry-customers-vent-but-fearful-customers-dont-come-back-203109

• Over 130 Organisations and Millions of Individuals Believed to be Impacted by MOVEit Hack, it Keeps Growing

The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. These join others, including PwC, Sony and EY. If the attack has shown us one thing, it’s that any organisation can be a victim.

https://www.securityweek.com/over-130-organizations-millions-of-individuals-believed-to-be-impacted-by-moveit-hack/

https://arstechnica.com/security/2023/06/casualties-keep-growing-in-this-months-mass-exploitation-of-moveit-0-day/

• Widespread BEC Attacks Threaten European Organisations

Based on an analysis of email attack trends between June 2022 and May 2023, total email attacks in Europe increased by 7 times and the US 5 times. For business email compromise (BEC) specifically, Europe saw an alarming 10 times the amount it had previously and the US saw a 2 times increase.

BEC continues to remain a high priority threat for many organisations and if someone already has a legitimate business email which they have compromised to use for BEC attacks on your organisation, it is very likely that your technical processes will be ineffective, leaving your people and operational processes to stop an attack. Is your organisation cyber aware? Are they undergoing regular awareness training?

This is one of many areas that Black Arrow can help improve your organisation’s security through robust employee cyber security Awareness Behaviour and Culture training.

https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency/

• Lloyd’s Syndicates Sued Over Cyber Insurance

The University of California (UCLA) is suing a number of insurance firms for refusing to pay out on cyber policies nearly 10 years after hackers breached data on millions of patients at its health system. The dispute is over a cyber attack from 2014 through 2015 that exposed personal information of patients at UCLA Health.

UCLA Health allege that the syndicates refused to engage in dispute resolution by asserting that the statue of limitations applying to the claims had expired. The insurers, who could not be named, are said to have refused every claim saying that UCLA Health failed to satisfy cyber security requirements under the contract terms. It’s important for organisations with cyber insurance to understand their insurance in detail and to know where they stand in the event of a cyber incident.

https://www.wsj.com/articles/university-of-california-sues-lloyds-syndicates-over-cyber-insurance-da4675f5

• 95% Fear Inadequate Cloud Security Detection and Response

A recent report found 95% of respondents expressed concern in their organisation’s ability to detect and respond to a security event in their cloud environment. The same study also found that 50% of total respondents had reported a data breach due to unauthorised access to their cloud environment.

It is often the case that issues in the cloud come from the perception of the responsibility of the cloud environment. Organisations must realise that they share responsibility for securing their cloud environment, including its configuration. The report found that, despite the number of breaches and concerns in their organisation’s ability, more than 80% of respondents still felt their existing tooling and configuration would sufficiently cover their organisation from an attack. Organisations must ask themselves what they are doing to protect their cloud environment.

https://www.helpnetsecurity.com/2023/06/27/cloud-environment-security/

• The Growing Use of Generative AI and the Security Risks They Pose

A recent survey by Malwarebytes revealed 81% of people are concerned about the security risks posed by ChatGPT and generative AI, and 52% of respondents are calling for a pause on ChatGPT for regulations to catch up, while 7% think it will improve internet security. A key concern about the data produced by generative AI platforms is the risk of "hallucinations" whereby machine learning models produce untruths. This becomes a serious issue for organisations if its content is heavily relied upon to make decisions, particularly those relating to threat detection and response.

Another recent report on the risks brought by Large Language Model AIs showed that the rise in opensource AI adoption is developed insecurely; this results in an increased threat with substantial security risks to organisation.

https://www.csoonline.com/article/643516/survey-reveals-mass-concern-over-generative-ai-security-risks.html

https://www.darkreading.com/operations/malwarebytes-chatgpt-survey-reveals-81-are-concerned-by-generative-ai-security-risks

https://www.darkreading.com/vulnerabilities-threats/generative-ai-projects-cybersecurity-risks-enterprises

• The CISO’s Toolkit Must Include Political Capital Within The C-Suite

Over the past 18 months, there has been a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is responsible for the protection of an entity's information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cyber security risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board's oversight of cyber security risk. Couple this with the former CISO of Uber being found guilty on charges of "obstruction of the proceedings of the Federal Trade Commission" and it is clear that the hand at the helm must be able to navigate all types of seas in their entity's political milieu. In this regard, the CISO needs to acquire political capital. CISO’s should have the capability to talk in understandable terms and clearly demonstrate value to the other board members.

https://www.csoonline.com/article/643199/the-cisos-toolkit-must-include-political-capital-within-the-c-suite.html

• Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime

Russia's diminishing position on the world stage has limited its physical options on the ground, leaving Putin's regime increasingly reliant on cyber crime to carry out its oppositional activities against Ukraine and Europe. Microsoft has disclosed that it has detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.

This comes as Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment, predicting that Russia will increasingly launch cyber attacks as part of its war strategy not just in Ukraine, but against NATO member states as well.

https://www.darkreading.com/threat-intelligence/russia-reliant-on-cybercrime-as-international-pariah

https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html

• SMB’s Plagued as Cyber Attackers Still Rely on Decades Old Security Weaknesses and Tactics

Despite best cyber security efforts, small and mid-sized businesses (SMBs) continue to struggle to thwart attacks and harden defences in response to remote working and other newer challenges.

This future focus can lead to a neglection of older weaknesses. Cyber attackers are typically relying on tried-and-tested tactics and old security weaknesses to target organisations, a recent Barracuda threat spotlight found. Hackers are returning to proven methods to gain remote control of systems, install malware, steal information and disrupt or disable business operations through denial-of-service attacks, Barracuda reports. The report found that between February to April 2023, the top malicious tactics found to be used were vulnerabilities from 2008.

The report highlights the fact that there are no cutoff dates for vulnerabilities and attackers will use whatever is at their disposal to try and infiltrate your organisation. This can be protected by having strong policies and controls in place alongside frequent penetration testing to ensure these vulnerabilities are being patched.

https://www.msspalert.com/cybersecurity-research/cyberattackers-still-rely-on-decades-old-security-weaknesses-tactics-barracuda-reports/

https://www.scmagazine.com/news/malware/smbs-plagued-by-exploits-trojans-and-backdoors

Governance, Risk and Compliance

• Businesses are ignoring third-party security risks - Help Net Security

• Employees worry less about cyber security best practices in the summer - Help Net Security

• Digital-First Economy Has Transformed Role of CISO- IT Security Guru

• SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)

• Companies Call for Changes to UK’s Cyber Essentials Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Fear trumps anger when it comes to data breaches – angry customers vent, but fearful customers don't come back (theconversation.com)

• The CISO’s toolkit must include political capital within the C-suite | CSO Online

• NCSC Launches Cyber Risk Management Toolbox - Infosecurity Magazine (infosecurity-magazine.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Over 130 Organisations, Millions of Individuals Believed to Be Impacted by MOVEit Hack - SecurityWeek

• MOVEit hackers may have found simpler business model beyond ransomware | SC Media (scmagazine.com)

• Dozens of Businesses Hit Recently by '8Base' Ransomware Gang - SecurityWeek

• UK cyber spies warn ransomware criminals targeting law firms • The Register

• How Dangerous Is Smartphone Ransomware? (makeuseof.com)

• Cl0p in Your Network? Here's How to Find Out (darkreading.com)

• Sixth anniversary of NotPetya - IT Security Guru

• July is Ransomware Month: Reminder to Prepare, Defend Against Hijackers - MSSP Alert

• LockBit Dominates Ransomware World, New Report Finds - Infosecurity Magazine (infosecurity-magazine.com)

• The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)

• Linux version of Akira ransomware targets VMware ESXi servers (bleepingcomputer.com)

• 'Wagner' Ransomware Targets Computers in Russia | PCMag