Threat Intelligence Blog

Contact our Experts Now

Subscribe to our Weekly Cyber Threat Intelligence Briefing

Black Arrow Admin 30/07/2024 Black Arrow Admin 30/07/2024

Black Arrow Cyber Advisory 30 July 2024 – Proofpoint “EchoSpoofing” Phishing Campaign

Executive summary

A recent phishing incident involved scammers spoofing emails from well-known companies like Disney, IBM, Nike, Best Buy, and Coca-Cola. These emails, which appeared to be legitimate emails sent from the companies’ domains due to authenticated SPF and DKIM signatures, aimed to deceive recipients into providing their credit card details by offering fake subscription renewals. The campaign, dubbed “EchoSpoofing,” ran from January to June 2024, peaking at 14 million emails in a single day. The campaign was successful due to a misconfiguration on the client’s side Proofpoint Server. Proofpoint has since made the misconfiguration less likely by introducing a streamlined administrative interface that allows customers to specify which Microsoft 365 tenants are permitted to relay emails for their domain, through Proofpoint’s servers.

Technical Summary

The phishing campaign exploited a configuration oversight by customers of Proofpoint’s email filtering systems. Attackers took advantage of an insecure-by-default email routing feature, which allowed outbound messages to be relayed from any Microsoft 365 tenant, including those that were not a part of the organisations that were being spoofed. This enabled them to send spoofed emails with valid Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) signatures, making the emails appear legitimate to recipients. Proofpoint has since updated its configuration processes to prevent unauthorised relay abuse by default and confirmed that no customer data was compromised. Additionally, Proofpoint has launched an outreach program to notify affected customers and mitigate the risk.

What is the takeaway from this?

While all of the controls, such as SPF, DKIM, and the tool itself, worked individually, this campaign highlights several important lessons:

Awareness and Vigilance: Even if tools are designed to verify users and originate from large organisations like Disney, IBM, and Coca-Cola, employees and users must always be vigilant. They should look out for signs of malicious intent, such as a sense of urgency as in the case of the fake subscription renewals included in these malicious emails.
Constant Evolution of Threats: Attackers are continuously seeking new ways to exploit and bypass the tools and controls we put in place to protect our organisations.
Configuration Matters: In this case, the root cause of the issue was an overlooked default configuration setting not limiting email relay to only trusted tenants. This allowed billions of phishing emails to be sent. Proper configuration and regular reviews of security settings are crucial to prevent such vulnerabilities.

Further information on the research can be found here:

https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 30/07/2024 Black Arrow Admin 30/07/2024

Black Arrow Cyber Advisory 30 July 2024 – Critical Updates for ServiceNow, VMware ESXi and Apple Devices

Executive summary

ServiceNow, VMware, and Apple have addressed multiple vulnerabilities across their product ranges. ServiceNow patched two actively exploited critical vulnerabilities that allow unauthenticated remote code execution, with threat actors claiming to have harvested data from over 105 databases. VMware ESXi’s recent patch addresses a flaw exploited by ransomware groups to gain administrative access via Active Directory group manipulation. Apple released iOS/iPadOS 17.6 and MacOS 14.6, fixing 35 significant security issues in the Kernel and WebKit, urging users to update immediately to ensure maximum security. Despite the availability of patches, many systems remain vulnerable.

ServiceNow

ServiceNow, a cloud-based platform that helps manage digital workflows for enterprise operations, has recently patched two critical vulnerabilities that are being actively exploited in the wild and have been added to the Known Exploited Vulnerabilities (KEV) Catalog. The two critical vulnerabilities, CVE-2024-4879 and CVE-2024-5217, allow unauthenticated attackers to execute arbitrary code and perform remote code execution without requiring any user interaction or special conditions. Threat actors on breach forums are claiming to have harvested data from more than 105 ServiceNow databases and are selling them online. ServiceNow released the patches back on 10 July, further details on the patches can be found below.

VMware ESXi

A recently patched security flaw (CVE-2024-37085) in VMware ESXi hypervisors has been actively exploited by several ransomware groups. This vulnerability allows attackers, who have sufficient Active Directory permissions, to bypass Active Directory integration authentication to gain administrative access to vulnerable ESXi hosts. The flaw can be exploited by creating or renaming an Active Directory group named “ESX Admins” and adding users to it, even if the group did not originally exist within Active Directory. Once attackers have gained admin rights through this vulnerability, they are able to carry out data exfiltration and encryption to demand ransom.

Apple

Apple has released iOS 17.6, urging users to update immediately due to 35 significant security fixes. These fixes address serious vulnerabilities in the Kernel and WebKit, the engine behind Safari. Notably, CVE-2024-27863 and CVE-2024-40788 in the Kernel could allow attackers to determine memory layout or cause system shutdowns, requiring physical access to the device. Additionally, eight WebKit issues, including CVE-2024-40785, could lead to cross-site scripting attacks. Despite no current real-life attacks, the severity of these flaws makes updating crucial.

Apple also released iOS 16.7.9 for older devices. The iOS 17.6 update is available for iPhone XS and later, various iPad models, and iPad mini 5th generation and later. MacOS Sonoma was also updated to 14.6 and included big fixes and security improvements. Users are advised to update to ensure maximum security.

Further information on ServiceNow vulnerabilities can be found here:

https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit

Kev Catalog - https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Further information on VMware ESXi vulnerability can be found here:

https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption

Further information on Apple update can be found here:

https://support.apple.com/en-ca/HT214117

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 30/07/2024 Black Arrow Admin 30/07/2024

Black Arrow Cyber Advisory 30 July 2024 – Secure Boot Bypass identified, 200+ models from various vendors affected by PKFail Vulnerability

Executive summary

A major supply chain vulnerability known as PKFail has been discovered in hundreds of devices from numerous vendors. The flaw, which has been around for the past 12 years, revolves around a test Secure Boot master key. If exploited, it allows an attacker to bypass ‘Secure Boot’, take complete control of affected devices and install malware. Major brands like Acer, Dell, HP, Intel and Lenovo are impacted, with over 200 device models sold by Acer, Dell, Gigabyte, intel and Supermicro specifically affected.

What’s the risk to me or my business?

If successfully exploited attackers can manipulate key databases to bypass secure boot. This could potentially allow attackers to install malware at a BIOS level before booting into Windows or another operating system, steal data or cause operational disruption. This could compromise the confidentiality, integrity, and availability of your organisation’s data. An attacker would need either remote or physical access to a vulnerable device to perform the attack.

What can I do?

To address this, organisations should ensure firmware and BIOS updates are installed which address the weakness, and rekey any affected devices, assume all affected devices are compromised and thoroughly inspect the Key Exchange Key (KEK), Signature Database (db), and Forbidden Signature Database (dbx). The security researchers who first identified the vulnerability have provided a free scanning tool to help identify vulnerable devices.

Technical Summary

The PKFail vulnerability stems from a test Secure Boot "master key" created by American Megatrends International (AMI), intended to be replaced by vendors with secure keys. Many vendors did not replace this key, leaving devices vulnerable. Attackers exploiting this flaw can tamper with the Key Exchange Key (KEK) database, the Signature Database (db), and the Forbidden Signature Database (dbx), bypassing Secure Boot. This allows them to sign and execute malicious code, leading to the deployment of UEFI malware and compromising the device at a fundamental level.

Further information on PKFail vulnerability research and details can be found here:

PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem (binarly.io)

https://github.com/binarly-io/Vulnerability-REsearch/blob/main/PKfail/BRLY-2024-005.md

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 28/07/2024 Black Arrow Admin 28/07/2024

Black Arrow Cyber Threat Briefing 26 July 2024

Black Arrow Cyber Threat Intelligence Briefing 26 July 2024:

-CrowdStrike Insured Losses May Top $1.5B, MSP Insurance Expert Advises “Read the Fine Print” on Your Policy

-Fragmented and Multiplied Cyber Criminal Landscape, Warns New Europol Report

-Ransomware and BEC Make Up 60% of Cyber Incidents

-Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams

-Cyber Threat Landscape is ‘The Worst it has Been in the Past Five Years

-In Cyber Security, Mitigating Human Risk Goes Far Beyond Training

-Malware Attacks Surge 30% in First Half of 2024

-AI-generated Deepfake Attacks Force Companies to Reassess Cyber Security, as Deepfakes Demean, Defraud and Disinform

-KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware

-Low Level Cyber Criminals are Pouncing on CrowdStrike Connected Outage

-The Importance of Cyber Resilience in the Face of Global IT Failures

-Russia’s Shadow War Against Europe has Begun as Cyber Attacks Abusing Microsoft Infrastructure Increase

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Governance, Risk and Compliance

In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)

Mitigating cyber risks in mergers and acquisitions | ITPro

Cyber threats are at their most challenging level for years — and the risks may only get worse | TechRadar

Cyber threat landscape is ‘the worst it has been in the past five years’ (managementtoday.co.uk)

Unprecedented global cyber attack prevalence reported in Q2 | SC Media (scmagazine.com)

Risky security behaviours rife in the workplace | Retail Technology Review

The Changing Face of Corporate Governance in Cyber Security - Infosecurity Magazine (infosecurity-magazine.com)

Cyber Security ROI: Top metrics and KPIs - Help Net Security

CISOs and CIOs confront growing data protection challenges in the era of AI and cloud - IT Security Guru

CIOs and CISOs Battle Cyber Threats, Climate, Compliance - Compare the Cloud

CISOs are burned out – now they face personal liability too - Raconteur

Most CISOs feel unprepared for new compliance regulations - Help Net Security

How to Measure the Effectiveness of Your IT Security Solutions - DevX

Navigating Cyber Security Legal Liabilities - Security Boulevard

Risk Mitigation Beyond Remediation (forbes.com)

End-user cyber security errors that can cost you millions (bleepingcomputer.com)

SEC’s Lawsuit Against SolarWinds and CISO Dismissed | MSSP Alert

Are you a CISO who doesn’t know jack? Here’s how to bridge your own skills gap | CSO Online

Why C-Suite Executives Won’t Cut it Without Data Skills Anymore | HackerNoon

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Don’t sanction cyberweapons — sanction how they’re used | Euronews

Global cyberespionage campaign launched by novel TAG-100 operation | SC Media (scmagazine.com)

Nation State Actors

China

Chinese Hacker Gang GhostEmperor Re-Emerges After Two Years (darkreading.com)

Threat Hunting Case Study: Looking for Volt Typhoon | Intel471

Study: TikTok Lite is a 'safety hazard' for millions of users around the world | ZDNET

Chinese Hackers Target Taiwan and US NGO with MgBot Malware (thehackernews.com)

Chinese Espionage Group Upgrades Malware to Target All Major OS - Infosecurity Magazine (infosecurity-magazine.com)

Chinese hackers deploy new Macma macOS backdoor version (bleepingcomputer.com)

Updated malware arsenal leveraged in Chinese Daggerfly attacks | SC Media (scmagazine.com)

China's 'Evasive Panda' APT Spies on Taiwan Targets Across Platforms (darkreading.com)

Uncle Sam accuses telco IT pro of decade of spying for China • The Register

Microsoft: CrowdStrike's outage affected 8.5 million Windows PCs worldwide - Neowin

Chinese Crime Ring Hides Behind Stealth Tech and Soccer (darkreading.com)

Russia

Russia’s shadow war against Europe has begun as cyber attacks abusing Microsoft infrastructure increase | TechRadar

NATO, Others Targeted by Novel Hacktivist Collective | MSSP Alert

Less than two days left of Type O blood after Russian cyber attack, NHS warns as health... - LBC

Russian Cyber Army members face US sanctions | SC Media (scmagazine.com)

Kaspersky Is an Unacceptable Risk Threatening the US's Cyber Defence (darkreading.com)

FrostyGoop malware used to shut down heat in Ukraine attack • The Register

Ukraine's military intelligence behind cyber attack on Russian banks, source says (kyivindependent.com)

Russia Adjusts Cyber Strategy for the Long Haul in Ukraine War (darkreading.com)

Russia Shifts Cyber Focus to Battlefield Intelligence in Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

Three 'pro-Russian' hackers arrested in Spain over cyber attacks | Reuters

Russians plead guilty to involvement in LockBit ransomware attacks (bleepingcomputer.com)

North Korea

North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (thehackernews.com)

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA

North Korean hacking group makes waves to gain Mandiant, FBI spotlight | CyberScoop

Kim Jong Un-Led North Korea Has Found The Crypto Industry An Easy Target, Former FBI Agent Says Hacks Part Of 'Grand Internal Vision' - Benzinga

North Korean hacker used hospital ransomware attacks to fund espionage | CyberScoop

US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks (bleepingcomputer.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

NATO, Others Targeted by Novel Hacktivist Collective | MSSP Alert

DDoS: The tool of Hacktivism | TechRadar

Tools and Controls

In Cyber Security, Mitigating Human Risk Goes Far Beyond Training (darkreading.com)

Massive IT outage spotlights major vulnerabilities in the global information ecosystem (theconversation.com)

Without Backup Plans, Global IT Outages Will Happen Again (claimsjournal.com)

Stop following the herd to start fighting ransomware | TechRadar

Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams - IT Security Guru

Why mobile security audits are important in the enterprise | TechTarget

Cyber insurance 2.0: The systemic changes required for future security - Help Net Security

Large US banks are failing on operational risk, secret OCC report finds | Fortune

The Importance of Red Teaming - DevX

Fighting Third-Party Risk With Threat Intelligence (darkreading.com)

Cyber Security ROI: Top metrics and KPIs - Help Net Security

Don't Leave The Door Open: The API Model To Defend Against Intruders (forbes.com)

Chrome Browser to Better Explain Why It Blocked a File Download (pcmag.com)

This new Google Chrome security warning is very important | Digital Trends

Types of MDR security services: MEDR vs. MNDR vs. MXDR | TechTarget

Small Businesses Need Default Security in Products Now (darkreading.com)

How CISOs enable ITDR approach through the principle of least privilege - Help Net Security

The Imperative of Threat Hunting for a Mature Security Posture | Binary Defence

Understanding Threat Intelligence: Exploring The Cyber Realm (informationsecuritybuzz.com)

How to Measure the Effectiveness of Your IT Security Solutions - DevX

The Future Of Cyber Security In A Net-Zero World (forbes.com)

Microsoft's licensing practices harm cyber security, coalition says - Global Competition Review

Preparing for Cyber Security Audits: Insights from US Regulations | UpGuard

Reports Published in the Last Week

Internet Organised Crime Threat Assessment (IOCTA) 2024 | Europol (europa.eu)

Other News

Google abandons plan to drop third-party cookies in Chrome • The Register

Living off the land: the silent cyber threat to critical infrastructure | The Strategist (aspistrategist.org.au)

Risky security behaviours rife in the workplace | Retail Technology Review

Privilege escalation: unravelling a novel cyber attack technique - IT Security Guru

Cyber security measures 'cost SMEs £60,000 a year' - CIR Magazine

End-user cyber security errors that can cost you millions (bleepingcomputer.com)

75% of US companies prone to cyber attack – report | Insurance Business America (insurancebusinessmag.com)

Study reveals cyber attack response times in UK CNI - CIR Magazine

Is Our Water Safe to Drink? Securing Our Critical Infrastructure (darkreading.com)

Vulnerability Management

The complexities of cyber security update processes (welivesecurity.com)

CrowdStrike Explains Why Bad Update Was Not Properly Tested - Security Week

Poor patch posture isn't just a problem in your office • The Register

Microsoft's new way of updating Windows will hopefully be a hit (xda-developers.com)

Are You Configured for Failure? - Security Boulevard

Vulnerabilities

One faulty CrowdStrike update caused a global outage | AP News

Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers (thehackernews.com)

Secure Boot is completely broken on 200+ models from 5 big device makers | Ars Technica

Cisco patches critical flaw in Secure Email Gateway appliances (computing.co.uk)

US CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog (securityaffairs.com)

Critical Splunk Vulnerability CVE-2024-36991 Exploited Using Crafted GET Commands (cybersecuritynews.com)

SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software (thehackernews.com)

Juniper Networks Critical Security Update Released - Security Boulevard

Now-patched Telegram for Android vulnerability exposed users to malicious videos - SiliconANGLE

Chrome 127 Patches 24 Vulnerabilities - Security Week

Organisations Warned of Exploited Twilio Authy Vulnerability - Security Week

PHP Vulnerability Used For Malware And DDOS Attacks - Security Boulevard

CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software (thehackernews.com)

Windows: latest security update is causing huge issues for some users - gHacks Tech News

Progress warns of critical RCE bug in Telerik Report Server (bleepingcomputer.com)

Critical ServiceNow RCE flaws actively exploited to steal credentials (bleepingcomputer.com)

Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins (thehackernews.com)

Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 - Security Week

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin 25/07/2024 Black Arrow Admin 25/07/2024

Black Arrow Cyber Advisory 25 July 2024 - Guernsey Businesses Experiencing a Spike in Cyber Attacks

We are aware of Guernsey businesses experiencing a spike in cyber attacks. We know from helping firms respond to incidents how devastating the impact can be financially as well as at a human level. At the end of the day, it is people who are affected through loss and stress, and the experience can be traumatic.

We work with many organisations on their cyber security journey. Our advice to everyone remains unchanged: all businesses should first focus on three things to help prevent and be resilient to an attack.

Firstly, ensure your leadership team truly understands your cyber risks and how to manage them. Understand what you are up against, how attackers are operating today, and the most proportionate way to address the risks. This means a boardroom level conversation with cyber security experts.

Secondly, ensure you have an objective assessment of how good your security controls are in protecting you against those risks. Make sure the person doing the assessment is independent enough to tell you where they are gaps that you need to address.

Finally, recognising that we live in the real world and that you can never be 100% bullet proof, prepare to respond to a cyber incident. Make sure you know who will do what, and that you have the resources available to help including out of hours. Rehearse this annually in a boardroom setting; a well-designed rehearsal is also a great way of upskilling the Board.

We are happy to share the benefits of our experience and qualifications in cyber security. Stay vigilant and reach out to us if we can help.

More info: Warning after spike in cyber-attacks in Guernsey - BBC News

Black Arrow Admin 23/07/2024 Black Arrow Admin 23/07/2024

Black Arrow Cyber Advisory 23 July 2024 – Splunk Path Traversal Vulnerability

Executive summary

Organisations using Splunk Enterprise on Windows are advised to apply patches for a high severity vulnerability (CVE-2024-36991) as more than 230,000 internet exposed servers have been identified with this flaw. The vulnerability, which has had a proof of concept released, allows an attacker to performing a directory listing on the Splunk endpoint, which will allow the threat actor to gain unauthorised access to sensitive files in the system.

What’s the risk to me or my business?

While there are currently no reports of this vulnerability being exploited in the wild, there have been several proof of concept (PoC) exploits including one that performs bulk scanning for vulnerable internet-facing endpoints. If the Splunk instance has Splunk Web turned on, an attacker successfully exploiting the vulnerability can gain unauthorised access to sensitive files in the system.

What can I do?

Splunk has released a patch for the affected products which should be applied as soon as possible. The affected products are; Splunk Enterprise versions 9.2, 9.1, and 9.0 on Windows. It is advised to upgrade to 9.2.2, 9.1.5, and 9.0.10, or higher.

Technical Summary

CVE-2024-36991 – This exploit uses a crafted GET request which takes advantage of a vulnerability associated with Path traversal on the “/modules/messaging/” endpoint on Splunk Enterprise for Windows. The vulnerability exists because the Python “os.path.join” function removes the drive letter from path tokens if the drive in the token matches the drive in the built path.

Further information on the Splunk vulnerability can be found here:

https://advisory.splunk.com/advisories/SVD-2024-0711

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 22/07/2024 Black Arrow Admin 22/07/2024

Black Arrow Cyber Advisory 22 July 2024 – Critical Cisco Secure Email Gateway File Write Vulnerability

Black Arrow Cyber Advisory 22 July 2024 - Critical Cisco Secure Email Gateway File Write Vulnerability

Executive summary

Cisco has released a patch for a critical vulnerability in their Secure Email Gateway (SEG) which could allow attackers to replace any file on the underlying system, add users with root privileges, modify the device configuration or cause permanent denial of service (DoS) conditions on the affected device by sending an email with crafted malicious attachments when file and content analysis is enabled.

What’s the risk to me or my business?

While this vulnerability has not yet been exploited in the wild, the ingress point through emails is of concern since the product is designed to receive and scan emails for malicious content, meaning that an attacker simply has to send a specially crafted email to compromise the device, potentially exposing any emails that are sent/received through the device.

What can I do?

Cisco has released a patch which should be applied as soon as possible, following the organisations software and firmware update procedures, including testing as necessary. Devices which are in the permanently DoS condition will need support from Cisco’s Technical Assistance Center to recover the device to a working state.

Technical Summary

CVE-2024-20401 – This vulnerability, caused by incorrect handling of email attachments with enabled file analysis and content filters, could allow an attacker to replace system files. This could lead to adding root users, altering device settings, running arbitrary code, or causing a permanent DoS condition on the device.

Further information on the Cisco vulnerability can be found here:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 21/07/2024 Black Arrow Admin 21/07/2024

Black Arrow Cyber Threat Briefing 19 July 2024

Black Arrow Cyber Threat Intelligence Briefing 19 July 2024:

-Crowdstrike: Software Update Triggered Worldwide Microsoft IT Outages

-Nearly Half of SMEs Fell Victim to Cyber Attack in Last Six Months

-Cyber Criminals Exploit AI for Near-Perfect Phishing Emails

-Hotel Wi-Fi: a Hotspot for Cyber Threats

-Cyber Security Can Be a Businesses Enabler

-Navigating Insider Risks: Are your Employees Enabling External Threats?

-How Tabletop Exercises Can Sharpen Incident Response from Chaos to Calm

-Gap Found Between Data Security Perceptions and Breach Reality

-Why Top Leadership Must Foster a Security-Conscious Culture

-Hackers Use PoC Exploits in Attacks 22 Minutes After Release

-There's No Margin for Error in Cyber Security

-UK to Introduce Watered-Down Version of Mandatory Reporting for Ransomware Attacks

-CISOs Must Shift from Tactical Defence to Strategic Leadership

-One-Third of Dev Professionals Unfamiliar with Secure Coding Practices

Governance, Risk and Compliance

Cyber Security Can Be a Businesses Enabler - InfoRiskToday

Half of SMEs Unprepared for Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)

How Tabletop Exercises Can Sharpen Incident Response From Chaos To Calm (forbes.com)

Gap found between data security perceptions & breach reality (securitybrief.co.nz)

There's No Margin for Error in Cyber Security — Here's How to Build a Strong Online Defence through Everyday Habits | Entrepreneur

Why top leadership must foster a security-conscious culture | SC Media (scmagazine.com)

Survey: Nearly Half of SMEs Fell Victim to Cyber Attack in Last Six Months - Security Boulevard

CISOs must shift from tactical defence to strategic leadership - Help Net Security

What savvy hiring execs look for in a CISO today | CSO Online

New Ivanti Research Reveals 55% of IT & Security Professionals Believe That Non-IT Leaders Don’t Understand Vulnerability Management and 47% of Leaders Agree | Business Wire

The Cyber Security Maelstrom Of 2024: A Dizzying Dance Of Threats And Defences (informationsecuritybuzz.com)

SMEs vulnerable to cyber security breaches, report reveals - NZ Herald

What business leaders need to know about the Cyber Security and Resilience Bill - Raconteur

Why CISOs should report to the CEO—and not the CIO | Fortune

7 Tips for Navigating Cyber Security Risks in M&As (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks (thehackernews.com)

UK to introduce watered-down version of mandatory reporting for ransomware attacks (therecord.media)

Year-Old Veeam Vulnerability Exploited in Fresh Ransomware Attacks - Security Week

RansomHub Ransomware - What You Need To Know | Tripwire

New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection (thehackernews.com)

BianLian Ransomware Leveraging RDP Credentials To Gain Initial Access (cybersecuritynews.com)

SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks (bleepingcomputer.com)

HardBit Ransomware - What You Need to Know | Tripwire

Digging Into FIN7's Latest Tools and Tactics | Decipher (duo.com)

Using Threat Intelligence to Predict Potential Ransomware Attacks - Security Week

This new ransomware tries to stop victims recovery by using passphrases | TechRadar

Office of Public Affairs | Two Foreign Nationals Plead Guilty to Participating in LockBit Ransomware Group | United States Department of Justice

Ransomware attacks are hitting energy, oil and gas sectors especially hard, report finds | CyberScoop

Ransomware costs at critical infrastructure orgs soar • The Register

Ransomware Victims

NHS Trusts cancelled over 6,000 appointments after Qilin cyber attack | Computer Weekly

Costs From UnitedHealth's Ransomware Attack Soar to at Least $2.3 Billion (pcmag.com)

CDK Global said to have paid $25M ransom after cyber attack • The Register

Indiana County Files Disaster Declaration Following Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

AT&T reportedly pays $370K to hackers to delete stolen customer data - SiliconANGLE

'NHS cyber attack delayed my baby son’s life-saving kidney transplant' (inews.co.uk)

AT&T Breach Linked to American Hacker, Telecom Giant Paid $370k Ransom: Reports - Security Week

CDK Global car dealership cyber attack could cost industry $1 billion (qz.com)

London Borough of Hackney reprimanded over cyber attack | Cybernews

A Negligence Case Has Been Filed Against CDK Over Cyber Attack (jalopnik.com)

UK national blood stocks in 'very fragile' state following ransomware attack (therecord.media)

MediSecure reveals about 12.9 million Australians had personal data stolen by hackers in April | Australia news | The Guardian

Rite Aid confirms data breach after June ransomware attack (bleepingcomputer.com)

Furniture giant shuts down manufacturing facilities after ransomware attack (therecord.media)

Phishing & Email Based Attacks

Cyber criminals exploit ChatGPT for near-perfect phishing emails (securitybrief.co.nz)

New phishing tactic hijacks email protections to mask links | SC Media (scmagazine.com)

URL protection services used to mask phishing attacks (betanews.com)

Beware of the Latest Phishing Tactic Targeting Employees - Security Boulevard

How to protect your startup from email scams | TechCrunch

Phishing Threat Actor Leverages AI to Target Multiple Crypto Brands - Security Boulevard

Shadowroot Ransomware Lures Turkish Victims via Phishing Attacks (darkreading.com)

Other Social Engineering

Social Engineering Defence - An Emerging Career (govinfosecurity.com)

Artificial Intelligence

Cyber criminals exploit ChatGPT for near-perfect phishing emails (securitybrief.co.nz)

Weaponized AI: The Malicious Mind of Hackers (financemagnates.com)

US Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation (thehackernews.com)

Why deepfakes are set to be one of 2024’s biggest cyber security dangers | TechRadar

SAP security holes raise questions about the rush to AI | CSO Online

ChatGPTriage: How can CISOs see and control employees’ AI use? - Help Net Security

The Hidden Pitfalls Of AI: Why Implementing AI Without A Strategic Vision Could Harm Your Business (informationsecuritybuzz.com)

White House urged to probe $1.5B G42-Microsoft AI deal • The Register

AI’s ‘Oppenheimer moment’: autonomous weapons enter the battlefield | Artificial intelligence (AI) | The Guardian

Mark Cuban: Social media algorithms' influence in 2024 election

Protect AI warns of increasing security risks in open-source AI and ML tools - SiliconANGLE

Phishing Threat Actor Leverages AI to Target Multiple Crypto Brands - Security Boulevard

SMEs looking to MSPs to help with AI and security challenges | Microscope (computerweekly.com)

Mixed reaction from the AI community on King's Speech (datacentrenews.uk)

Malware

Zeus Banking Malware Player Gets 9-Year Prison Term (inforisktoday.com)

DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign (thehackernews.com)

10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit (thehackernews.com)

Facebook ads for Windows desktop themes push info-stealing malware (bleepingcomputer.com)

Macs under threat from info-stealing malware — don’t fall for this Microsoft Teams scam | Tom's Guide (tomsguide.com)

DarkGate malware sees boom after the Feds crush Qbot • The Register

Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice | Ars Technica

Iranian MuddyWater Upgrades Arsenal With New Custom Backdoor - Infosecurity Magazine (infosecurity-magazine.com)

'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins (thehackernews.com)

SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts - Help Net Security

DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls (darkreading.com)

This New "Cluster Bomb" Malware Sounds Deadly, but You Can Avoid It (makeuseof.com)

Iraq-based cyber criminals deploy malicious Python packages to steal data (therecord.media)

Weaponized AWS Packages That Deliver Malware Via JPEG Files (cybersecuritynews.com)

Malware scammers gearing up for 2024 summer Olympics in Paris | SC Media (scmagazine.com)

Microsoft-Signed Chinese Adware Opens the Door to Kernel Privileges (darkreading.com)

Revolver Rabbit gang registers 500,000 domains for malware campaigns (bleepingcomputer.com)

Mobile

What is juice jacking? Why you shouldn't use public USB chargers (androidauthority.com)

'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins (thehackernews.com)

Denial of Service/DoS/DDOS

DDoS attacks see a huge rise as criminals get braver and more ambitious | TechRadar

Hacktivist Groups Target Romania Amid Geopolitical Tensions - Infosecurity Magazine (infosecurity-magazine.com)

Telecom sees fastest increase in DDoS attacks: Report - RCR Wireless News

Data Breaches/Leaks

AT&T says criminals stole phone records of 'nearly all' customers in new data breach | TechCrunch

AT&T cyber security breach potentially posed 'risk to national security' (lexch.com)

Major data breaches that have rocked organisations in 2024 - Help Net Security

US Data Breach Victim Numbers Surge 1170% Annually - Infosecurity Magazine (infosecurity-magazine.com)

US Data Breach Victim Numbers Increase by 1,000%, Literally (darkreading.com)

Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages | WIRED

Snowflake Account Attacks Driven by Exposed Legitimate Credentials (darkreading.com)

Millions of Trello user accounts leaked online — personal info available for basically nothing, here's what we know | TechRadar

MediSecure reveals about 12.9 million Australians had personal data stolen by hackers in April | Australia news | The Guardian

Australians affected by MediSecure hack may never know their personal details have been compromised | Cyber crime | The Guardian

Over 400,000 Life360 user phone numbers leaked via unsecured API (bleepingcomputer.com)

Rite Aid confirms data breach after June ransomware attack (bleepingcomputer.com)

Stalkerware vendor mSpy breached for a third time • The Register

Organised Crime & Criminal Actors

Weaponized AI: The Malicious Mind of Hackers (financemagnates.com)

Thousands of Indians forced into cyber crime at Chinese-run ‘scam centres’ in Southeast Asia: CBI (scroll.in)

Well-Established Cyber Criminal Ecosystem Blooms in Iraq (darkreading.com)

Digging Into FIN7's Latest Tools and Tactics | Decipher (duo.com)

Iraq-based cyber criminals deploy malicious Python packages to steal data (therecord.media)

Why OT has become a hot target for cyber criminals | SC Media (scmagazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

DNS hijacks target crypto platforms registered with Squarespace (bleepingcomputer.com)

Dough Finance loses $1.8M in flash loan attack (cointelegraph.com)

North Korean Cyber Threats Escalate with Crypto Job Posting Hacks, Report Reveals (bitcoinist.com)

WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach (thehackernews.com)

North Korea may have attacked Indian crypto exchange WazirX • The Register

Phishing Threat Actor Leverages AI to Target Multiple Crypto Brands - Security Boulevard

Insider Risk and Insider Threats

How to Protect Your Business From Insider Threats | HackerNoon

Navigating Insider Risks: Are your Employees Enabling External Threats? (thehackernews.com)

Australian Defence Force Private and Husband Charged with Espionage for Russia (thehackernews.com)

Australian Spycatchers Snatch Pair of Married Russian Operatives (darkreading.com)

Pentagon Leaker Jack Teixeira to Face Military Court-Martial, Air Force Says - Security Week

Insurance

Cyber insurance evolves to cover financial losses due to cyber attacks and breaches | The Straits Times

Cyber insurance: How to achieve the right coverage | SC Media (scmagazine.com)

Supply Chain and Third Parties

NHS Trusts cancelled over 6,000 appointments after Qilin cyber attack | Computer Weekly

AT&T cyber security breach potentially posed 'risk to national security' (lexch.com)

AT&T data breach affected nearly all customers after info downloaded to 3rd-party platform | CBC News

AT&T reportedly paid ransom for deletion of stolen call logs after culprit allegedly detained (therecord.media)

Cloud/SaaS

Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice | Ars Technica

Weaponized AWS Packages That Deliver Malware Via JPEG Files (cybersecuritynews.com)

Encryption

Encrypted traffic: A double-edged sword for network defenders - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

Snowflake Account Attacks Driven by Exposed Legitimate Credentials (darkreading.com)

Social Media

Facebook ads for Windows desktop themes push info-stealing malware (bleepingcomputer.com)

North Korean hackers are infiltrating crypto job boards in a ‘quiet war’ that rakes in $600m – DL News

SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts - Help Net Security

My LinkedIn account was hacked: I don't use it but I fixed it fast. Here's why and how | ZDNET

Is Musk’s X Using Dark Patterns To Trick Users? EU Says ‘Yes’

Mark Cuban: Social media algorithms' influence in 2024 election

Malvertising

Macs under threat from info-stealing malware — don’t fall for this Microsoft Teams scam | Tom's Guide (tomsguide.com)

'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins (thehackernews.com)

SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts - Help Net Security

What is malvertising? And how to protect yourself against it | PCWorld

Microsoft-Signed Chinese Adware Opens the Door to Kernel Privileges (darkreading.com)

Regulations, Fines and Legislation

The Impact of SEC Cyber Rules on Corporate Risk Management - Security Boulevard

What business leaders need to know about the Cyber Security and Resilience Bill - Raconteur

UK to introduce watered-down version of mandatory reporting for ransomware attacks (therecord.media)

Will Smaller Companies Buckle Under the SEC's New Requirements? (darkreading.com)

CDK hack shows SEC disclosure standards are unsettled | CyberScoop

Labour unveils AI, cyber security goals in King’s Speech (techmonitor.ai)

The Strategic Defence Review must maintain a cyber focus - LBC

London Borough of Hackney reprimanded over cyber attack | Cybernews

Judge dismisses much of SEC suit against SolarWinds over cyber security disclosures | CyberScoop

Preparing for the EU Cyber Resilience Act (techuk.org)

Models, Frameworks and Standards

What is NIST Compliance? A Guide to NIST Standards, Framework & Controls - Security Boulevard

Decoding NIS2 to Secure Your Supply Chain - Infosecurity Magazine (infosecurity-magazine.com)

5 Things We've Learned From 10 Years Of Cyber Essentials (forbes.com)

Careers, Working in Cyber and Information Security

What savvy hiring execs look for in a CISO today | CSO Online

Managing exam pressure: Tips for certification preparation - Help Net Security

Social Engineering Defence - An Emerging Career (govinfosecurity.com)

The Need to Recruit Cyber Talent in the Government (darkreading.com)

3 Free Online Cyber Security Courses With Certificates (forbes.com)

Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills (darkreading.com)

What a cyber security analyst does and how to become one | TechTarget

Teams facing 'alert fatigue' need certainty | Professional Security

The cyber security skills gap and breaches | SC Media (scmagazine.com)

Law Enforcement Action and Take Downs

Zeus Banking Malware Player Gets 9-Year Prison Term (inforisktoday.com)

DarkGate malware sees boom after the Feds crush Qbot • The Register

AT&T reportedly paid ransom for deletion of stolen call logs after culprit allegedly detained (therecord.media)

Student jailed over cyber attacks on government and company websites | The Herald (heraldscotland.com)

Interpol Arrests 300 People in a Global Crackdown on West African Crime Groups Across 5 Continents - Security Week

Global Police Swoop on Black Axe Cyber Crime Syndicate - Infosecurity Magazine (infosecurity-magazine.com)

Ukraine police arrest suspected cyber criminals accused of theft from industrial companies (therecord.media)

Pentagon Leaker Jack Teixeira to Face Military Court-Martial, Air Force Says - Security Week

Office of Public Affairs | Two Foreign Nationals Plead Guilty to Participating in LockBit Ransomware Group | United States Department of Justice

Misinformation, Disinformation and Propaganda

US Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation (thehackernews.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Weaponised AI: The Malicious Mind of Hackers (financemagnates.com)

UK and its allies face ‘deadly quartet’ of nations, says defence expert | Defence policy | The Guardian

NATO to Establish Integrated Cyber Security Centre in Europe (thedefensepost.com)

IDF Has Rebuffed 3B Cloud Cyber Attacks Since Oct. 7, Colonel Claims (darkreading.com)

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks (thehackernews.com)

Nation State Actors

China

‘GhostEmperor’ returns: Mysterious Chinese hacking group spotted for first time in two years (therecord.media)

Microsoft-Signed Chinese Adware Opens the Door to Kernel Privileges (darkreading.com)

Chinese Hacking Group APT41 Infiltrates Global Shipping and Tech Sectors, Mandiant Warns - Security Week

China-linked APT17 Targets Italian Companies with 9002 RAT Malware (thehackernews.com)

Thousands of Indians forced into cyber crime at Chinese-run ‘scam centres’ in Southeast Asia: CBI (scroll.in)

London council hit by 70,000 attempted cyber attacks 'mostly from China and Russia' in last month - MyLondon

Russia

APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer - Security Week

For MSPs, Kaspersky’s US exit is a reminder to not ignore geopolitics - Security - CRN Australia

US Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation (thehackernews.com)

Kaspersky Exits US Market Following Commerce Department Ban (thehackernews.com)

Surge in cyber attacks after Romania donates Patriot to Ukraine - Verdict

Void Banshee APT exploited "lingering Windows relic" in zero-day attacks - Help Net Security

Putin's Spies Are a Threat to Paris Olympics, Google Warns - Newsweek

London council hit by 70,000 attempted cyber attacks 'mostly from China and Russia' in last month - MyLondon

Australian Spycatchers Snatch Pair of Married Russian Operatives (darkreading.com)

Hacktivist Groups Target Romania Amid Geopolitical Tensions - Infosecurity Magazine (infosecurity-magazine.com)

Kaspersky offers free security software for six months in US goodbye (bleepingcomputer.com)

Iran

IDF computer chief: 3 billion cyber attacks against Israel since beginning of war | The Times of Israel

Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks (thehackernews.com)

Iranian MuddyWater Upgrades Arsenal With New Custom Backdoor - Infosecurity Magazine (infosecurity-magazine.com)

New BugSleep malware implant deployed in MuddyWater attacks (bleepingcomputer.com)

IDF Has Rebuffed 3B Cloud Cyber Attacks Since Oct. 7, Colonel Claims (darkreading.com)

North Korea

DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls (darkreading.com)

Defending against APTs: A learning exercise with Kimsuky (securitybrief.co.nz)

North Korean Cyber Threats Escalate with Crypto Job Posting Hacks, Report Reveals (bitcoinist.com)

WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

For MSPs, Kaspersky’s US exit is a reminder to not ignore geopolitics - Security - CRN Australia

Damaged Internet Subsea Cables Repaired in Red Sea Amid Militant Attacks on Ships – BNN Bloomberg

Hacktivist Groups Target Romania Amid Geopolitical Tensions - Infosecurity Magazine (infosecurity-magazine.com)

Disney faces potential data breach, hacker group claims massive leak (computing.co.uk)

Stalkerware vendor mSpy breached for a third time • The Register

Tools and Controls

How Tabletop Exercises Can Sharpen Incident Response From Chaos To Calm (forbes.com)

The Impact of SEC Cyber Rules on Corporate Risk Management - Security Boulevard

Decoding NIS2 to Secure Your Supply Chain - Infosecurity Magazine (infosecurity-magazine.com)

Encrypted traffic: A double-edged sword for network defenders - Help Net Security

Cyber insurance evolves to cover financial losses due to cyber attacks and breaches | The Straits Times

The Hidden Pitfalls Of AI: Why Implementing AI Without A Strategic Vision Could Harm Your Business (informationsecuritybuzz.com)

BianLian Ransomware Leveraging RDP Credentials To Gain Initial Access (cybersecuritynews.com)

API Transformation Cyber Risks and Survival Tactics - Security Boulevard

Threat Prevention & Detection in SaaS Environments - 101 (thehackernews.com)

Overlooked essentials: API security best practices - Help Net Security

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums (thehackernews.com)

Cloudflare reports almost 7% of internet traffic is malicious | ZDNET

Using Threat Intelligence to Predict Potential Ransomware Attacks - Security Week

Teams facing 'alert fatigue' need certainty | Professional Security

One-third of dev professionals unfamiliar with secure coding practices - Help Net Security

20 Million Trusted Domains Vulnerable to Email Hosting Exploits (darkreading.com)

6 Steps to Build an Incident Response Workflow for Your Business - Security Boulevard

DNS hijacks target crypto platforms registered with Squarespace (bleepingcomputer.com)

Cyber insurance: How to achieve the right coverage | SC Media (scmagazine.com)

Firms skip security reviews of updates about half the time • The Register

Securing datacenters may soon need sniffer dogs • The Register

Reports Published in the Last Week

Huntress Cyber Threat Report: Hackers Hiding in Plain Sight | MSSP Alert

How Bad Is It Out There? Our Thoughts on Verizon’s 2024 Data Breach Investigations Report (DBIR) | Wiley Rein LLP - JDSupra

Other News

There's No Margin for Error in Cyber Security — Here's How to Build a Strong Online Defence through Everyday Habits | Entrepreneur

The Cyber Security Maelstrom Of 2024: A Dizzying Dance Of Threats And Defences (informationsecuritybuzz.com)

SMEs vulnerable to cyber security breaches, report reveals - NZ Herald

IT providers must navigate AI, cyber security, efficiency and economic fluctuations – Channel EYE

Hotel Wi-Fi: A Hotspot for Cyber Threats - Security Boulevard

How Startups Can Bolster Defences as Cyber Threats Loom in Cloud Era | HackerNoon

Cyber: Understanding the threats to national security – Defence Talks: Securing UK Advantage (geostrategy.org.uk)

Staying Safe on the Go: Insider Risk and Travel Security Tips - Security Boulevard

US military project aims to prevent hackers targeting satellites and recognizes rising threat of cyber attacks in space | Space

CISA broke into US federal agency, wasn't spotted for months • The Register

UK Retailers Most Concerned About Cyber, Data Security Risks, Study Finds | ESM Magazine

Improving cyber resilience of frontline forces in Europe - GOV.UK (www.gov.uk)

Defending OT Requires Agility, Proactive Controls (darkreading.com)

MSP security confidence remains high despite facing a torrent of cyber threats | ITPro

Paris 2024 Olympics to face complex cyber threats - Help Net Security

Automated Threats Pose Increasing Risk to the Travel Industry (thehackernews.com)

Vulnerability Management

Hackers use PoC exploits in attacks 22 minutes after release (bleepingcomputer.com)

ZDI shames Microsoft for coordinated vuln disclosure snafu • The Register

Microsoft is changing how it delivers Windows updates: 4 things you need to know | ZDNET

Firms skip security reviews of updates about half the time • The Register

Vulnerabilities

CrowdStrike code update bricking PCs around the world • The Register

Critical Exim bug bypasses security filters on 1.5 million mail servers (bleepingcomputer.com)

Year-Old Veeam Vulnerability Exploited in Fresh Ransomware Attacks - Security Week

GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln (darkreading.com)

Microsoft Issues Update Warning For All Outlook Users As ‘Dangerous’ New Threat Confirmed (forbes.com)

APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer - Security Week

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (thehackernews.com)

Attacks Exploiting Internet Explorer Persist | MSSP Alert

Chrome 126 Updates Patch High-Severity Vulnerabilities - Security Week

Oracle Patches 240 Vulnerabilities With July 2024 CPU - Security Week

A critical flaw in Cisco SSM On-Prem allows attackers to change any user's password (securityaffairs.com)

Recent Adobe Commerce Vulnerability Exploited in Wild - Security Week

Cyber Security teams advised to look out for critical Adobe, Cisco bugs | SC Media (scmagazine.com)

20 Million Trusted Domains Vulnerable to Email Hosting Exploits (darkreading.com)

Cisco Releases Security Updates for Multiple Products | CISA

Netgear warns users to patch auth bypass, XSS router flaws (bleepingcomputer.com)

Void Banshee APT exploited "lingering Windows relic" in zero-day attacks - Help Net Security

CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (bleepingcomputer.com)

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 19/07/2024 Black Arrow Admin 19/07/2024

Updated: Black Arrow Cyber Alert 19 July 2024 – IT outages causing chaos worldwide, airports, airlines, hospitals, emergency services, shipping, media, banks affected - CrowdStrike blamed

Black Arrow Cyber Alert 19 July 2024 – IT outages causing chaos worldwide, airports, airlines, hospitals, emergency services, shipping, media, banks affected - CrowdStrike and Microsoft Azure blamed

Update: We can now confirm from statements provided by both Microsoft and CrowdStrike that a Crowdstrike content update was the cause of the outage

Executive summary

Black Arrow is aware of ongoing outages affecting airlines, media outlets, stock exchanges, shipping, hospitals, emergency services, banks globally.

This is an ongoing and unfolding situation which we will continue to monitor and update.

These disruptions appear to have occurred due to recent updates from both CrowdStrike and Microsoft, resulting in device access issues and Blue Screen errors. CrowdStrike has identified the problematic update and taken corrective action. For affected users,the advice is to boot into Safe Mode or the Windows Recovery Environment, navigating to the C:\Windows\System32\drivers\CrowdStrike directory, and deleting the file corresponding to C-0000029*.sys.

For the latest updates on this story further information can be found on the BBC:
https://www.bbc.co.uk/news/live/cnk4jdwp49et?post=asset%3Aaaba3e5c-a8b0-4d60-bcde-32c1e3a6c2a3#post

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 14/07/2024 Black Arrow Admin 14/07/2024

Black Arrow Cyber Threat Briefing 12 July 2024

Black Arrow Cyber Threat Intelligence Briefing 12 July 2024:

-New Study Reveals UK Businesses at Risk from Imminent Cyber Attacks

-The Escalating War Against Email-Based Espionage and Fraud

-Trade the Comfort of Security Theatre for True Security

-Traditional Cyber Security Measures are No Longer Enough

-Threats to NATO Countries Escalate, as NATO Outlines Internet Doomsday Plan

-In Ransomware Attacks, Expect to Lose 43 Percent of Affected Data Even if You Pay

-New Ransomware Scam Will Hassle You with Phone Calls Until You Pay Up

-China's APT40 Gang is Attacking Vulnerabilities Within Hours of Public Release

-New Survey: Generative AI and Phishing Concerns, Employees Put Corporate Data at Risk

-The Urgent Need for Digital Executive Protection: A CEO’s Perspective

-Businesses Must do Better to Understand Complexity of Business Email Compromise

-Ransomware Surges Annually Despite Law Enforcement Takedowns

Governance, Risk and Compliance

Traditional cyber security measures are no longer enough | TechRadar

Cloudflare Study: UK Businesses are at Risk of Cyber Attacks (itsecuritywire.com)

The Escalating War Against Email-Based Espionage and Fraud | AFCEA International

5 Key Questions CISOs Must Ask Themselves About Their Cyber Security Strategy (thehackernews.com)

Cyber security pros don't like being ignored (betanews.com)

Trade the Comfort of Security Theater for True Security (darkreading.com)

The Urgent Need for Digital Executive Protection: A CEO's Perspective - Security Boulevard

More than a CISO: the rise of the dual-titled IT leader | CSO Online

Cyber Threats And The Growing Complexity Of Cyber Security And IT Infrastructure Management (forbes.com)

Survey Sees Modern CISOs Becoming More Comfortable With Risk - Security Boulevard

A CISO's Guide to Avoiding Jail After a Breach (darkreading.com)

5 Steps CISOs Can Take to Ensure Resilience (informationweek.com)

It’s Time to Reassess Your Cyber Security Priorities - Security Week

Three pillars of cyber | Professional Security

The Future Of Cyber Security: Emerging Threats And How To Combat Them (forbes.com)

Top priorities for compliance leaders this year - Help Net Security

Deconstructing Security Assumptions to Ensure Future Resilience (darkreading.com)

Managing cyber attack fallout: Financial and operational damage - Help Net Security

Cyber attacks to increase as technology aids criminals - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

Applying Bloch’s Philosophy to Cyber Security - Security Boulevard

Cyber Security Success Hinges on Leadership, Not Just Tech (inforisktoday.com)

Cyber – unsung hero of business | Professional Security

Threats

Ransomware, Extortion and Destructive Attacks

This new ransomware scam will hassle you with phone calls until you pay up | TechRadar

Victims of cyber extortion and ransomware increase in 2024 | SC Media (scmagazine.com)

LockBit 3.0: The Rising Costs of Ransomware Attacks - Security Boulevard

Ransomware gangs invest in custom data stealing malware • The Register

New Ransomware Group Exploiting Veeam Backup Software Vulnerability (thehackernews.com)

Ransomware Surges Annually Despite Law Enforcement Takedowns - Infosecurity Magazine (infosecurity-magazine.com)

Ransomware gangs increasingly exploiting vulnerabilities | TechTarget

Akira Ransomware: Lightning-Fast Data Exfiltration in 2-Ish Hours (darkreading.com)

In ransomware attacks, expect to lose 43 percent of affected data - eCampus News

NHS cyber security: Ex security chief warns of future attacks - BBC News

New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems (thehackernews.com)

Eldorado Ransomware Cruises Onto the Scene to Target VMware ESXi (darkreading.com)

CISA Advises Against Paying Ransom, But Rules Out a Ban | MSSP Alert

Risk & Repeat: Hacks, lies and LockBit | TechTarget

An In-Depth Look at Crypto-Crime in 2023 Part 1 | Trend Micro (US)

Evolving ransomware attack techniques examined | SC Media (scmagazine.com)

Fujitsu Suffers Worm-Like Attack From Something That Wasn't Ransomware (darkreading.com)

Ransomware: Activity Levels Remain High Despite Disruption | Symantec Enterprise Blogs (security.com)

Envisioning cyber resilience beyond ransom payments - SiliconANGLE

Avast releases DoNex ransomware decryptor • The Register

CISA director says banning ransomware payments is off the table (securityintelligence.com)

Cisco Talos: Top Ransomware TTPs Exposed (techrepublic.com)

Emulating the Long-Term Extortionist Nefilim Ransomware - Security Boulevard

Ransomware Victims

Evolve Bank says ransomware gang stole personal data on millions of customers | TechCrunch

The untold impact of Qilin's attack on London hospitals • The Register

Nearly 800,000 affected by children’s hospital ransomware attack | Security Magazine

Patelco faces multiple lawsuits over ransomware attack | American Banker

Hackers leak 170k Taylor Swift ’s ERAS Tour Barcodes (securityaffairs.com)

Indonesian National Data Center Breach Traced to Weak Password: 'Admin#1234' (jakartaglobe.id)

STORMOUS Ransomware Group Claiming Breach of HITC Telecom (cybersecuritynews.com)

‘Serious hacker attack’ forces Frankfurt university to shut down IT systems (therecord.media)

Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events (bleepingcomputer.com)

Ransomware attack on blood-testing service puts lives in danger in South Africa (bitdefender.com)

NTT Data Romania, hacked (romaniajournal.ro)

Phishing & Email Based Attacks

Generative AI and phishing lead concerns in new cyber security experts survey - NotebookCheck.net News

The Escalating War Against Email-Based Espionage and Fraud | AFCEA International

New 'FishXProxy' phishing kit lowers entry bar for cyber attacks - SiliconANGLE

Spear phishing techniques in mass phishing: a new trend | Securelist

Why You Might Be Getting Spam Emails From Yourself (slashgear.com)

How do cryptocurrency drainer phishing scams work? (talosintelligence.com)

The New Battlefield in Banking: Defending Against Phishing Scams (financemagnates.com)

The 9 most common phishing scam types, explained | PCWorld

Businesses must do better to understand complexity of Business Email Compromise: GC - Reinsurance News

Microsoft emails that warned customers of Russian hacks criticized for looking like spam and phishing | TechCrunch

State, local governments facing deluge of phishing attacks | SC Media (scmagazine.com)

The FIA has been hacked after workers fell for a phishing attack | TechRadar

BEC

Business email compromise continues to be overlooked as a major cyber threat – Guy Carpenter | Insurance Business America (insurancebusinessmag.com)

Businesses must do better to understand complexity of Business Email Compromise: GC - Reinsurance News

The 9 most common phishing scam types, explained | PCWorld

Other Social Engineering

This new ransomware scam will hassle you with phone calls until you pay up | TechRadar

Euro Vishing Fraudsters Add Physical Intimidation to Arsenal (darkreading.com)

Serious warning to all iPhone users as cyber attacks seek to lock them out of their devices - PhoneArena

Google Fi's 'Number Lock' adds protection against SIM swaps - here's how to enable it | ZDNET

Revealed the cyber security risks of working in public places | theHRD (thehrdirector.com)

The 9 most common phishing scam types, explained | PCWorld

Leveraging Social Engineering for Successful Cyber Operations: Enhancing the Minds of Decision-Makers | AFCEA International

Artificial Intelligence

Generative AI and phishing lead concerns in new cyber security experts survey - NotebookCheck.net News

OpenAI was hacked, revealing internal secrets and raising national security concerns — year-old breach wasn't reported to the public | Tom's Hardware (tomshardware.com)

OpenAI breach is a reminder that AI companies are treasure troves for hackers | TechCrunch

Study results on threats and impacts of generative artificial intelligence on cyber security (admin.ch)

Bring Your Own AI to Work Creates a Haven for Cyber Attackers (technewsworld.com)

Human Vigilance is Required Amid AI-Generated Cyber Security Threats - Security Boulevard

Top 10 AI Security Risks for 2024 | Trend Micro (US)

Security, privacy, and generative AI | InfoWorld

Russian Media Uses AI-Powered Software to Spread Disinformation - Infosecurity Magazine (infosecurity-magazine.com)

Report reveals that three quarters of UK businesses have been impacted by AI-powered cyber threats - IT Security Guru

Winner takes Al | Professional Security

ChatGPT for Mac app flaw left users' chat history exposed (bitdefender.com)

Can AI be Meaningfully Regulated, or is Regulation a Deceitful Fudge? - Security Week

ChatGPT 4 exploits 87% of vulnerabilities (devx.com)

When implementing AI, first train your managers | ZDNET

Privacy & Security Concerns With AI Meeting Tools (darkreading.com)

Cyber Security Success Hinges on Leadership, Not Just Tech (inforisktoday.com)

Most Security Pros Admit Shadow SaaS and AI Use - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

Authy Users Urged to Stay Alert After Hack Exposes 33 Million Phone Numbers - MacRumors

Hackers abused API to verify millions of Authy MFA phone numbers (bleepingcomputer.com)

Multifactor Authentication Shouldn't Be Optional (govinfosecurity.com)

Gmail Users Offered Free Top Tier Security Upgrade—Say Goodbye To 2FA (forbes.com)

Malware

Botnets are being sold on the dark web for as little as $99 | ITPro

GootLoader is still active and efficient (securityaffairs.com)

Security Bite: Mac Malware wreaking the most havoc in 2024 - 9to5Mac

Ransomware gangs invest in custom data stealing malware • The Register

GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel (thehackernews.com)

ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks (thehackernews.com)

Fujitsu Suffers Worm-Like Attack From Something That Wasn't Ransomware (darkreading.com)

Hackers Resurrect Internet Explorer to Attack Windows PCs (pcmag.com)

Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk (thehackernews.com)

350 million people downloaded insecure browser extensions over two years | Cybernews

Hackers Weaponizing Shortcut Files With Zero-day Tricks (cybersecuritynews.com)

Fujitsu says "advanced" malware was to blame for cyber attack, confirms customer data leaked | TechRadar

Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison | WIRED

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack (thehackernews.com)

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware (securityaffairs.com)

GuardZoo spyware used by Houthis to target military personnel - Help Net Security

Mac Security: How secure is a Mac, is macOS more secure than Windows? | Macworld

Mobile

New Google Play Store Warning As Dangerous Threat Returns (forbes.com)

Europol says mobile roaming tech is hampering crimefighters • The Register

Hackers abused API to verify millions of Authy MFA phone numbers (bleepingcomputer.com)

Serious warning to all iPhone users as cyber attacks seek to lock them out of their devices - PhoneArena

Examining the impact of cyber crime and online fraud | TechRadar

A simple firmware update completely hides a device's Bluetooth fingerprint (techxplore.com)

Apple warns iPhone users in 98 countries of spyware attacks | TechCrunch

Every Phone Can ID Your Router—Here's How to Stop It | PCMag

Google is opening its dark web reports to all users free of charge | TechSpot

How to protect Apple ID and avoid scams - 9to5Mac

How to clear your Google search cache on Android (and why you should) | ZDNET

Denial of Service/DoS/DDOS

OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers (thehackernews.com)

Internet of Things – IoT

How to clear the cache on your TV (and why you should do it) | ZDNET

Data Breaches/Leaks

OpenAI was hacked, revealing internal secrets and raising national security concerns — year-old breach wasn't reported to the public | Tom's Hardware (tomshardware.com)

OpenAI breach is a reminder that AI companies are treasure troves for hackers | TechCrunch

51% of Cyber Attacks in the Managed Service Provider (MSP) Sector Lead to Unplanned Expenses to Fix Security Gaps (prnewswire.com)

Hacker Stole Secrets From OpenAI - Security Week

Hackers stole OpenAI secrets in a 2023 security breach (securityaffairs.com)

Authy Users Urged to Stay Alert After Hack Exposes 33 Million Phone Numbers - MacRumors

OpenAI hit by two big security issues this week (engadget.com)

Shopify denies it was hacked, links stolen data to third-party app (bleepingcomputer.com)

Fujitsu Suffers Worm-Like Attack From Something That Wasn't Ransomware (darkreading.com)

The FIA has been hacked after workers fell for a phishing attack | TechRadar

Cyber Confidence at MSPs high, despite falling victim to data breaches - IT Security Guru

General Motors reports “suspicious activity” within certain GM accounts | Cybernews

Ticketmaster hack: Customers told to sign up to security service - BBC News

Fujitsu says "advanced" malware was to blame for cyber attack, confirms customer data leaked | TechRadar

Hackers leak 170k Taylor Swift ’s ERAS Tour Barcodes (securityaffairs.com)

NTT Data Romania, hacked (romaniajournal.ro)

Top cyber agency still unsure of fallout months after hack - Washington Times

Former Nuance Employee Arrested After Geisinger Data Breach Exposed 1.2 Million Records - Security Week

Computer maker Zotac exposed customers' RMA info on Google Search (bleepingcomputer.com)

Fujitsu confirms customer data exposed in March cyber attack (bleepingcomputer.com)

Neiman Marcus data breach: 31 million email addresses found exposed (bleepingcomputer.com)

Philhealth: Victims of data leak not yet notified of hacking’s extent (inquirer.net)

ChatGPT for Mac app flaw left users' chat history exposed (bitdefender.com)

Heritage Foundation Exec Threatens 'Gay Furry Hackers' in Unhinged Texts (rollingstone.com)

Mastodon: Security flaw allows unauthorized access to posts (stackdiary.com)

Advance Auto Parts data breach impacts 2.3 million people (bleepingcomputer.com)

Organised Crime & Criminal Actors

New 'FishXProxy' phishing kit lowers entry bar for cyber attacks - SiliconANGLE

An In-Depth Look at Crypto-Crime in 2023 Part 1 | Trend Micro (US)

Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison | WIRED

How AI helps decode cyber criminal strategies - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Hackers Have Stolen $1.38 Billion in Crypto So Far This Year (pcmag.com)

Crypto Thefts Double to $1.4 Billion, TRM Labs Finds - Infosecurity Magazine (infosecurity-magazine.com)

How do cryptocurrency drainer phishing scams work? (talosintelligence.com)

An In-Depth Look at Crypto-Crime in 2023 Part 1 | Trend Micro (US)

Insider Risk and Insider Threats

Fears escalate that employees will put corporate data at risk | theHRD (thehrdirector.com)

Former Nuance Employee Arrested After Geisinger Data Breach Exposed 1.2 Million Records - Security Week

Insurance

Cyber Insurance Prices Plummet as Market Competition Grows (darkreading.com)

Supply Chain and Third Parties

Shopify denies it was hacked, links stolen data to third-party app (bleepingcomputer.com)

Supply Chain Crisis: 384,000 Sites Compromised in Major Attack - Supply Chain World magazine (scw-mag.com)

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack (thehackernews.com)

Companies still need to work on security fundamentals to win in the supply chain security fight - SD Times

Are SOC 2 Reports Sufficient for Vendor Risk Management? (darkreading.com)

Addressing third-party security risks - FreightWaves

Cloud/SaaS

OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers (thehackernews.com)

SaaS Security in Europe: A Report Card - Infosecurity Magazine (infosecurity-magazine.com)

Multifactor Authentication Shouldn't Be Optional (govinfosecurity.com)

The Crucial Role Of Browser Context In Modern Cyber Security (forbes.com)

Most Security Pros Admit Shadow SaaS and AI Use - Infosecurity Magazine (infosecurity-magazine.com)

Security pros use unauthorized SaaS apps despite the risk (betanews.com)

73% of security pros use unauthorized SaaS applications - Help Net Security

Encryption

Mysterious quantum computing restrictions spread across multiple nations — UK cites national security risks and refuses to elaborate | Tom's Hardware (tomshardware.com)

Microsoft patents a system that encrypts documents so you can read them in public without being visually hacked | TechSpot

Linux and Open Source

New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems (thehackernews.com)

OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable • The Register

Do you need antivirus on Linux? | ZDNET

Passwords, Credential Stuffing & Brute Force Attacks

Indonesian National Data Center Breach Traced to Weak Password: 'Admin#1234' (jakartaglobe.id)

General Motors reports “suspicious activity” within certain GM accounts | Cybernews

Back to Basics of Automated Attacks: Account Takeover | Fastly

Time to see past the blind spots of account takeover | SC Media (scmagazine.com)

New threat group CRYSTALRAY seen using variety of off-the-shelf tools to steal credentials (computing.co.uk)

Self-service password reset: How the cure could introduce more security ills (betanews.com)

Training, Education and Awareness

Human Vigilance is Required Amid AI-Generated Cyber Security Threats - Security Boulevard

When implementing AI, first train your managers | ZDNET

Training, awareness key to preventing cyber attacks | Country 94

Regulations, Fines and Legislation

Vinted Fined €2.3m Over Data Protection Failure - Infosecurity Magazine (infosecurity-magazine.com)

What You Need to Know About the EU Cyber Resilience Act - Security Boulevard

How to Prepare for the EU’s NIS2 Directive - Security Boulevard

CISA Advises Against Paying Ransom, But Rules Out a Ban | MSSP Alert

The New Battlefield in Banking: Defending Against Phishing Scams (financemagnates.com)

A CISO's Guide to Avoiding Jail After a Breach (darkreading.com)

A Comprehensive Guide to the Digital Operational Resilience Act (DORA) - Security Boulevard

CISA director says banning ransomware payments is off the table (securityintelligence.com)

Supreme Court Ruling Threatens the Framework of Cyber Security Regulation - Security Week

Can AI be Meaningfully Regulated, or is Regulation a Deceitful Fudge? - Security Week

A CISO's Summary Of The Cyber Resilience Act (forbes.com)

Models, Frameworks and Standards

OWASP Penetration Testing: Methodology, Kit, Checklist (Downloadable) - Security Boulevard

A Comprehensive Guide to the Digital Operational Resilience Act (DORA) - Security Boulevard

Are SOC 2 Reports Sufficient for Vendor Risk Management? (darkreading.com)

Data Protection

Vinted Fined €2.3m Over Data Protection Failure - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

What Kind of People Do Cyber Security for a Living? (databreachtoday.co.uk)

5 Ways to Run Security as a Meritocracy (darkreading.com)

Diversifying cyber teams to tackle complex threats - Help Net Security

Three critical steps to close the cyber security talent gap, once and for all | VentureBeat

Organisations change recruitment strategies to find cyber talent - Help Net Security

Exploring the root causes of the cyber security skills gap - Help Net Security

Most Security Pros Admit Shadow SaaS and AI Use - Infosecurity Magazine (infosecurity-magazine.com)

Security pros use unauthorized SaaS apps despite the risk (betanews.com)

73% of security pros use unauthorized SaaS applications - Help Net Security

Law Enforcement Action and Take Downs

Europol says mobile roaming tech is hampering crimefighters • The Register

Risk & Repeat: Hacks, lies and LockBit | TechTarget

Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison | WIRED

Cyber stalking expert jailed after 'grotesque' online threats • The Register

Cheshire man arrested in police investigation into illegal streaming - Cheshire Live (cheshire-live.co.uk)

FBI, cyber cops zap 968 'Russian AI disinfo' Twitter bots • The Register

Misinformation, Disinformation and Propaganda

How Disinformation From a Russian AI Spam Farm Ended up on Top of Google Search Results | WIRED

Russian Media Uses AI-Powered Software to Spread Disinformation - Infosecurity Magazine (infosecurity-magazine.com)

US intel officials: Kremlin once again prefers Trump | CyberScoop

Feds Uncover Sprawling, GenAI-Enabled Russian Troll Farm (darkreading.com)

FBI, cyber cops zap 968 'Russian AI disinfo' Twitter bots • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

The Escalating War Against Email-Based Espionage and Fraud | AFCEA International

Escalating Cyber Threats Faced by NATO Countries | MSSP Alert

NATO members increasingly targeted by state-sponsored cyber attacks | SC Media (scmagazine.com)

NATO countries can ask for protection under Article 5 in case of Russian hybrid or cyber attacks / The New Voice of Ukraine (nv.ua)

NATO outlines Internet doomsday plan — researching tech to reroute subsea Internet traffic via satellite in case of attack | Tom's Hardware (tomshardware.com)

Allies Agree New NATO Integrated Cyber Defence Center – Eurasia Review

How nation-state cyber attacks disrupt public services and undermine citizen trust - Help Net Security

Allies Agree New NATO Integrated Cyber Defence Center – Eurasia Review

Leveraging Social Engineering for Successful Cyber Operations: Enhancing the Minds of Decision-Makers | AFCEA International

Nation State Actors

China

China’s APT40 gang can attack new vulns within hours • The Register

A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too - The New York Times (nytimes.com)

OpenAI was hacked, revealing internal secrets and raising national security concerns — year-old breach wasn't reported to the public | Tom's Hardware (tomshardware.com)

Eight Nations Issue Warning About Speed Of Chinese Hackers’ Operations (forbes.com)

Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk (thehackernews.com)

Australia accuses China-backed hackers of breaching government networks (ft.com)

Mandiant Highlights Russian and Chinese Cyber Threats to NATO on Eve of 75th Anniversary Summit - Security Week

Global Coalition Blames China’s APT40 for Hacking Government Networks - Security Week

China-Made Tech Discovered at Taiwanese Army Base (thedefensepost.com)

Germany finally gets round to banning Huawei, sort of (telecoms.com)

Chinese cyber agency accused of 'false and baseless' claims about US interfering in Volt Typhoon research (therecord.media)

Russia

Russian-Linked Cyber Campaigns Put a Bull’s-Eye on France. Their Focus? The Olympics and Elections | Pulitzer Center

A recent Microsoft data breach also let Russian hackers compromise US federal agencies | TechRadar

Teamviewer Discloses Investigation Update Following Cyber Attack (cybersecuritynews.com)

Mandiant Highlights Russian and Chinese Cyber Threats to NATO on Eve of 75th Anniversary Summit - Security Week

How Disinformation From a Russian AI Spam Farm Ended up on Top of Google Search Results | WIRED

Russian Media Uses AI-Powered Software to Spread Disinformation - Infosecurity Magazine (infosecurity-magazine.com)

The Stark Truth Behind the Resurgence of Russia’s Fin7 – Krebs on Security

Feds Uncover Sprawling, GenAI-Enabled Russian Troll Farm (darkreading.com)

CloudSorcerer hackers abuse cloud services to steal Russian govt data (bleepingcomputer.com)

New APT Group "CloudSorcerer" Targets Russian Government Entities (thehackernews.com)

French political turmoil, cyber attacks and protests threaten to disrupt Olympics (inews.co.uk)

US intel officials: Kremlin once again prefers Trump | CyberScoop

Microsoft emails that warned customers of Russian hacks criticized for looking like spam and phishing | TechCrunch

Intelligence on Russian sabotage threat prompted increase in security at US military bases in Europe | CNN Politics

Alert Level Raised at US Bases in Europe Over Russian Threats - The New York Times

North Korea

Japan warns of attacks linked to North Korean Kimsuky hackers (bleepingcomputer.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Heritage Foundation Exec Threatens 'Gay Furry Hackers' in Unhinged Texts (rollingstone.com)

'Gay furry hackers' take credit for Project 2025 cyber attack (thepinknews.com)

Furry Hackers SiegedSec Suspended from X Amid Leak Spree (dailydot.com)

Tools and Controls

Why Firewalls Are Not Enough in Today’s Cyber Security Landscape | MSSP Alert

5 Key Questions CISOs Must Ask Themselves About Their Cyber Security Strategy (thehackernews.com)

Cloudflare blames recent outage on BGP hijacking incident (bleepingcomputer.com)

Cyber Security 101: MDR vs. XDR | MSSP Alert

Authy Users Urged to Stay Alert After Hack Exposes 33 Million Phone Numbers - MacRumors

Blueprint for Success: Implementing a CTEM Operation (thehackernews.com)

Human Vigilance is Required Amid AI-Generated Cyber Security Threats - Security Boulevard

How API attacks work, plus 5 common types | TechTarget

Selfie-based authentication is on the rise, alarming security experts | TechSpot

The Crucial Role Of Browser Context In Modern Cyber Security (forbes.com)

Training, awareness key to preventing cyber attacks | Country 94

Survey Sees Modern CISOs Becoming More Comfortable With Risk - Security Boulevard

5 Steps CISOs Can Take to Ensure Resilience (informationweek.com)

How Observability Leads to Better Cyber Security | eWEEK

NATO outlines Internet doomsday plan — researching tech to reroute subsea Internet traffic via satellite in case of attack | Tom's Hardware (tomshardware.com)

Deconstructing Security Assumptions to Ensure Future Resilience (darkreading.com)

Cyber Insurance Prices Plummet as Market Competition Grows (darkreading.com)

2024 SANS SOC Survey Reveals Critical Trends and Technologies in Cyber Defence (darkreading.com)

ChatGPT 4 exploits 87% of vulnerabilities (devx.com)

When implementing AI, first train your managers | ZDNET

Real criminals, fake victims: how chatbots are being deployed in the global fight against phone scammers | Artificial intelligence (AI) | The Guardian

Fake network traffic is on the rise — here's how to counter it | CSO Online

Self-service password reset: How the cure could introduce more security ills (betanews.com)

Strengthening cyber security preparedness with defence in depth - Help Net Security

Navigating Europe’s digital identity crossroads • The Register

Do you need antivirus on Linux? | ZDNET

How to Create a Vendor Risk Management Process | UpGuard

Other News

39% of MSPs report major setbacks when adapting to advanced security technologies (securityintelligence.com)

Euro 2024 Becomes Latest Sporting Event to Attract Cyber Attacks (darkreading.com)

Cyber Security Checklist: Preparing Your Devices for Summer Travel - Security Boulevard

Halton Council 'at mercy of criminal hacker gangs' - report - BBC News

The Future Of Cyber Security: Emerging Threats And How To Combat Them (forbes.com)

Russian-Linked Cyber Campaigns Put a Bull’s-Eye on France. Their Focus? The Olympics and Elections | Pulitzer Center

Labour’s next steps: Cyber security, AI, & Open-Source industry leaders weigh in (techinformed.com)

Microsoft’s cyber security dilemma: An open letter to Satya Nadella - Help Net Security

Checking in on the state of cyber security and the Olympics (talosintelligence.com)

MSPs confident they can fend off cyber threat | Microscope (computerweekly.com)

From Iron Dome To Cyber Dome: Defending Israel’s Cyber Space – Analysis – Eurasia Review

'Gay furry hackers' take credit for Project 2025 cyber attack (thepinknews.com)

Why 'change' for the UK must include cyber security (computing.co.uk)

Is Your Gaming Setup Safe? Gaming Security Musts (cgmagonline.com)

Protecting against cyber attacks in space (mybroadband.co.za)

Vulnerability Management

China’s APT40 gang can attack new vulns within hours • The Register

Ransomware gangs increasingly exploiting vulnerabilities | TechTarget

Blueprint for Success: Implementing a CTEM Operation (thehackernews.com)

ChatGPT 4 exploits 87% of vulnerabilities (devx.com)

Introducing a New Vulnerability Class: False File Immutability — Elastic Security Labs

What's Bugging the NSA? A Vuln in Its 'SkillTree' Training Platform (darkreading.com)

Vulnerabilities

Attackers Already Exploiting Flaws in Microsoft's July Security Update (darkreading.com)

‘Blast-RADIUS’ Critical Bug Blows Up IT Vacation Plans - Security Boulevard

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack - Help Net Security

US CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog (securityaffairs.com)

The Windows Security Updates of July 2024 are now available - gHacks Tech News

Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited (thehackernews.com)

Microsoft Warns of Windows Hyper-V Zero-Day Being Exploited - Security Week

Blast RADIUS attack can bypass authentication for clients • The Register

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk (thehackernews.com)

Citrix Patches Critical NetScaler Console Vulnerability - Security Week

Veeam flaw becomes malware target a year after patching • The Register

Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it | Ars Technica

Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool - Security Week

Bust this Ghostscript bug or risk a big breach, say experts • The Register

Apache fixed a source code disclosure flaw in Apache HTTP Server (securityaffairs.com)

PoC Exploit Released for HTTP File Server Remote Code Execution Vulnerability (cybersecuritynews.com)

MongoDB Compass Code Injection Flaw Exposes Systems to Hacking (cybersecuritynews.com)

New Ransomware Group Exploiting Veeam Backup Software Vulnerability (thehackernews.com)

Adobe Issues Critical Patches for Multiple Products, Warns of Code Execution Risks - Security Week

Cisco Warns of regreSSHion RCE Impacting Multiple Products (cybersecuritynews.com)

Hackers Resurrect Internet Explorer to Attack Windows PCs (pcmag.com)

Citrix NetScaler Vulnerability Allows Attackers to Access Sensitive Information (cybersecuritynews.com)

SAP Patches High-Severity Vulnerabilities in PDCE, Commerce - Security Week

CISA Takedown of Ivanti Systems Is a Wake-up Call (darkreading.com)

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware (securityaffairs.com)

Hackers target WordPress calendar plugin used by 150,000 sites (bleepingcomputer.com)

GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs (thehackernews.com)

VMware Patches Critical SQL-Injection Flaw in Aria Automation - Security Week

Introducing a New Vulnerability Class: False File Immutability — Elastic Security Labs

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 11/07/2024 Black Arrow Admin 11/07/2024

Black Arrow Cyber Advisory 11 July 2024 – BlastRADIUS Authentication Bypass Vulnerability

Black Arrow Cyber Advisory 11 July 2024 – Blast-RADIUS Authentication Bypass Vulnerability

Executive summary

A vulnerability, known as BlastRADIUS, affecting the RADIUS networking protocol, a networking protocol used across various applications, including VPNs, Wi-Fi and home connections from ISPs, has recently been disclosed by researchers. The vulnerability (CVE-2024-3596) potentially allows a malicious actor to bypass authentication via man-in-the-middle (MITM) attacks.

What’s the risk to me or my business?

If an attacker successfully exploits this vulnerability, they can escalate privileges from partial network access to be able to log into any device that uses RADIUS for authentication, or to assign itself arbitrary network privileges. To exploit this vulnerability an attacker would require network access to a network that is utilising RADIUS.

What can I do?

In the short term, implementers and vendors are advised to mandate that both clients and servers consistently send and require Message-Authenticator attributes for all requests and responses, with the Message-Authenticator being the first attribute included in Access-Accept or Access-Reject responses. Researchers have noted that this mitigation strategy has been adopted by all known RADIUS patches. This recommendation is set to be included in an upcoming RADIUS RFC. For long-term mitigations, the implementation of RADIUS over TLS (RadSec) is suggested, as it provides a stronger encrypted stream to protect RADIUS packets.

Technical Summary

CVE-2024-3569 – This vulnerability is in the RADIUS protocol and allows a malicious local actor to perform forgery attacks, modifying any valid response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against an MD5 Response authenticator signature.

Further information on the Blast-RADIUS vulnerability can be found here:

https://www.theregister.com/2024/07/10/radius_critical_vulnerability/

https://uk.pcmag.com/security/153186/blast-radius-flaw-compromises-decades-old-network-security-protocol

https://www.criticalinsight.com/vulnerabilities/cve-2024-3596-radius-protocol-forgery-vulnerability-blastradius

Further information on the technical breakdown on this vulnerability can be found here:

https://www.blastradius.fail/pdf/radius.pdf

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 10/07/2024 Black Arrow Admin 10/07/2024

Black Arrow Cyber Advisory 10 July 2024 – Microsoft Patch Tuesday, Adobe and Citrix Updates

Executive summary

Microsoft’s July Patch Tuesday provides updates to address 143 security issues across its product range, including two actively exploited zero-day vulnerabilities (CVE-2024-38080 and CVE-2024-38112). The exploited zero-day vulnerabilities are a privilege escalation vulnerability in Hypervisor (CVE-2024-38080) and a spoofing vulnerability (CVE-2024-38112), both of which have been added the US Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog. Also, among the updates provided by Microsoft were 5 critical vulnerabilities.

In addition to the Microsoft updates this week also saw Adobe fix 7 vulnerabilities across various products, Citrix have also addressed multiple vulnerabilities including a critical in NetScaler Console.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker with access, to gain SYSTEM privileges or use malicious sites and spoof them to appear trusted. Both vulnerabilities if exploited could have a high impact on the confidentiality, integrity and availability of the organisations data on affected systems.

What can I do?

Black Arrow recommends applying the available security updates for all supported versions of Windows and Adobe products impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have a critical severity rating.

Technical Summary

Microsoft

CVE-2024-38080 – This vulnerability is an integer overflow affecting Hyper-V. If successfully exploited it allows an attacker to gain SYSTEM privileges on the host machine, however initial access to the local machine is required to exploit the flaw.

CVE-2024-38112 – This vulnerability is a spoofing vulnerability which affects Windows MSHTML Platform and can be exploited with a specially crafted HTML file. If successfully exploited it will allow an attacker to render malicious content as trusted, misleading users to divulge sensitive information like login credentials or to install malware.

Adobe

This month, Adobe released fixes for a total of 7 vulnerabilities across several of its products. Out of these, 6 were rated as critical. The affected products and their respective vulnerabilities are as follows: Adobe Premier Pro had 1 critical vulnerability, Adobe Bridge also had 1 critical vulnerability, and Adobe InDesign had 4 critical vulnerabilities. Currently, Adobe is not aware of any active exploitation of these vulnerabilities. The types of vulnerabilities addressed include arbitrary code execution and memory leaks.

Citrix

Citrix have released patches to fix multiple security vulnerabilities including a critical and high vulnerability in the NetScaler Console and Agent product. The critical vulnerability (CVE-2024-6235) if successfully exploited is an improper authorisation bug that could allow attackers to access sensitive information.

While Citrix has not stated that any of these vulnerabilities are being exploited in the wild, Black Arrow advises that organisations update the affected appliances as soon as possible. The affected products can be found below in the further information section.

Further details on Windows specific updates within this patch Tuesday can be found here:

https://www.securityweek.com/microsoft-warns-of-windows-hyper-v-zero-day-being-exploited/

Further details of the vulnerabilities addressed in Adobe Premiere Pro can be found here: https://helpx.adobe.com/security/products/premiere_pro/apsb24-46.html

Further details of the vulnerabilities addressed in Adobe Bridge can be found here:

https://helpx.adobe.com/security/products/bridge/apsb24-51.html

Further details of the vulnerabilities addressed in Adobe InDesign can be found here:

https://helpx.adobe.com/security/products/indesign/apsb24-48.html

Further details of the vulnerabilities addressed in Citrix NetScaler can be found here:

https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-svm-security-bulletin-for-cve20246235-and-cve20246236

Further information on US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog can be found here:

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 07/07/2024 Black Arrow Admin 07/07/2024

Black Arrow Cyber Threat Briefing 05 June 2024

Black Arrow Cyber Threat Intelligence Briefing 05 July 2024:

-Nearly 10 billion Passwords Leaked in the Largest Compilation of All-time

-Half of Employees Fear Punishment for Reporting Security Mistakes

-New RUSI Report Exposes Psychological Toll of Ransomware

-Cyber Extortion Soars: SMBs Hit Four Times Harder

-2024 Is Already the Year of the Cyber Attack

-Survey Reveals Growing Lack of Cyber Security Confidence

-Cyber Security is Worth the Spend

-Only 13% of Organisations are Cyber Mature

-Full-Blown Cyber War: a Hollywood Worthy Scenario

-Rising Risks Set to Drive Huge Investment in Cyber Security

-Authorised Push Payment Fraud Singled Out as Biggest Financial Crime Threat

-Setting the Tone at the Top to Manage Enterprise Risk

-Cyber Criminals are Free to Exploit Vulnerabilities Without Fear

Governance, Risk and Compliance

Survey Surfaces Growing Lack of Cyber Security Confidence - Security Boulevard

Half of employees afraid to report security errors (betanews.com)

Half of Employees Fear Punishment for Reporting Security Mistakes - Infosecurity Magazine (infosecurity-magazine.com)

Rising risks set to drive huge investment in cyber security (emergingrisks.co.uk)

Cyber security is worth the spend | TechRadar

Only 13% of organisations are cyber mature - Help Net Security

76% of companies enhance cyber defences to secure insurance: Sophos - Reinsurance News

Adapting cyber security strategies to the escalating threat landscape (securitybrief.co.nz)

Cyber Workforce Grows 15% at Large Organisations - Infosecurity Magazine (infosecurity-magazine.com)

Cyber crime rises putting organisations under significant stress, report reveals (holyrood.com)

Navigating the cyber security tempest in the UK organisations (thehrdirector.com)

Setting the Tone at the Top to Manage Enterprise Risk - Infosecurity Magazine (infosecurity-magazine.com)

The impossibility of “getting ahead” in cyber defence - Help Net Security

Cyber resilience - how to achieve it when most businesses – and CISOs – don’t care (diginomica.com)

Boardroom Blindspot: How New Frameworks for Cyber Metrics are Reshaping Boardroom Conversations - Security Boulevard

Companies spend more on cyber security but struggle to track expenses - Help Net Security

Cyber Crime vs. Cyber Security: Learning the Tactics of Criminals to Protect Your Interests | J.S. Held - JDSupra

Waging war on cyber criminals: should cyber strategies be active or passive? - Verdict

Cyber insurance rates drop as businesses bolster cyber security measures - FStech Financial Sector Technology

Cyber insurance rates fall as businesses improve security, report says By Reuters (investing.com)

Inside the minds of CISOs - Help Net Security

Enterprise hits and misses - cyber security is out; cyber resilience is in. Gen AI is being overestimated, and trust matters in a deep fake world (diginomica.com)

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Attack Demands Reach a Staggering $5.2m in 2024 - Infosecurity Magazine (infosecurity-magazine.com)

New RUSI Report Exposes Psychological Toll of Ransomware, Urges Action - Infosecurity Magazine (infosecurity-magazine.com)

New ransomware group uses phone calls to pressure victims, researchers say (therecord.media)

Cyber Extortion Soars: SMBs Hit Four Times Harder - Infosecurity Magazine (infosecurity-magazine.com)

2024 Is Already the Year of the Cyber Attack (pymnts.com)

‘I don’t see it happening’: CISA chief dismisses ban on ransomware payments (therecord.media)

Meet Brain Cipher — The new ransomware behind Indonesia's data center attack (bleepingcomputer.com)

Never assume the end of an attack infrastructure | TechRadar

Cyber attacks on healthcare organisations are surging – here's why | ITPro

Home Office was warned about NHS cyber hacks months before Kremlin-backed attack (inews.co.uk)

How MFA Failures are Fueling a 500% Surge in Ransomware Losses (thehackernews.com)

Ransomware payouts hit all-time high, but that’s not the whole story (securityintelligence.com)

This new ransomware group has been calling up victims to pressure them into paying – and it could be their downfall | ITPro

New Ransomware Group Phones Execs to Extort Payment - Infosecurity Magazine (infosecurity-magazine.com)

Businesses bolster defences against evolving ransomware (devx.com)

Ransomware Victims

Cyber attacks on London's hospitals continue to disrupt services - BBC News

Vladimir Putin's latest escalation has hit far too close to home (telegraph.co.uk)

cyber attack: Indonesia data hit by cyber attack not backed up, officials say - The Economic Times (indiatimes.com)

Insurance Software Vendor Notifies 6.1 Million of 2023 Hack (govinfosecurity.com)

Infosys McCamish says LockBit stole data of 6 million people (bleepingcomputer.com)

Hundreds of Thousands Impacted in Children's Hospital Cyber Attack (darkreading.com)

Evolve Bank & Trust Confirms Reports of Cyber Attack and Subsequent Data Breach | Console and Associates, P.C. - JDSupra

Leading claimant firm hit in latest 'targeted cyber campaign' | Law Gazette

Evolve Bank & Trust Faces Wave of Suits Following Cyber Attack (bloomberglaw.com)

Wise confirms impact from Evolve Bank breach | SC Media (scmagazine.com)

Evolve Bank Shares Data Breach Details as Fintech Firms Report Being Hit - Security Week

Croatia’s largest hospital KBC-Zagreb claimed by LockBit | Cybernews

Meet Brain Cipher — The new ransomware behind Indonesia's data center attack (bleepingcomputer.com)

Fintech company Wise says some customers affected by Evolve Bank data breach | TechCrunch

Fintech Frenzy: Affirm & Others Emerge as Victims in Evolve Breach (darkreading.com)

Indonesia struggles to recover after cyber attack hits 282 agencies - Nikkei Asia

NHS data in cyber breach includes names and test details as patients warned recovery ‘will take some time’ – PublicTechnology

Lockbit Ransomware Attack Exposes Affirm Customers' Data (pcmag.com)

Home Office was warned about NHS cyber hacks months before Kremlin-backed attack (inews.co.uk)

Hackers of Indonesian government apologize and give key • The Register

US new-vehicle sales growth slows after CDK cyber attack | Reuters

A cyber attack shutdown the University Hospital Centre Zagreb in Croatia (securityaffairs.com)

Striking NHS doctors to return to support cancer surgery at hospitals hit by cyber attacks (telegraph.co.uk)

Patelco shuts down banking systems following ransomware attack (bleepingcomputer.com)

“Everything’s frozen”: Ransomware locks credit union users out of bank accounts | Ars Technica

Affirm to SEC: Customer info feared stolen in Evolve breach • The Register

Cambridge University Press & Assessment hit by cyber attack (timeshighereducation.com)

Phishing & Email Based Attacks

Escalating global cyber threats require robust layered security measures | TechRadar

Formula 1 governing body discloses data breach after email hacks (bleepingcomputer.com)

Router maker's support portal hacked, replies with MetaMask phishing (bleepingcomputer.com)

Other Social Engineering

Fake SMS – many fall victim to old scam – DW – 06/28/2024

Dozens of Arrests Disrupt €2.5m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)

APP Fraud Singled Out as Biggest Financial Crime Threat - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

Generative AI is new attack vector endangering enterprises, says CrowdStrike CTO | ZDNET

AI will ‘turbocharge’ cyber crime, auditors warn - CIR Magazine

Getting the balance right between business innovation, security and AI (securitybrief.co.nz)

Deepfakes: Distorted Reality And The Growing Threat (informationsecuritybuzz.com)

The Future Of The Cyber Security Profession With The Rise Of AI (forbes.com)

Rethinking Cyber Security in the Age of AI - Security Boulevard

Friend or Foe? AI's Complicated Role in Cyber Security (darkreading.com)

How the rush to regulate AI could bring new cyber security challenges (betanews.com)

Organisations weigh the risks and rewards of using AI - Help Net Security

Financial services shun AI over job and regulatory fears

California Advances Unique Safety Regulations for AI Companies Despite Tech Firm opposition - Security Week

How Enterprises Can Safely Use Unstructured Data With LLMs (forbes.com)

Photos of Australian children found in AI training dataset, create deepfake risk | Biometric Update

Infostealing malware masquerading as generative AI tools - Help Net Security

Brazil data protection authority bans Meta from training AI models with data originating in the country (securityaffairs.com)

2FA/MFA

How MFA Failures are Fueling a 500% Surge in Ransomware Losses (thehackernews.com)

3 Ways to Chill Attacks on Snowflake (darkreading.com)

Twilio's Authy App Breach Exposes Millions of Phone Numbers (thehackernews.com)

Twilio urges users to update Authy apps after hack (siliconrepublic.com)

2FA hack exposes millions of phone numbers to hackers - Android Authority

Malware

This new threat infects devices with a dozen malware at once | TechRadar

Multi-Malware 'Cluster Bomb' Campaign Drops Widespread Cyber Havoc (darkreading.com)

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data (thehackernews.com)

This Malware Targets Those Looking for Work: Here's How (makeuseof.com)

Unmasking Rafel RAT: Understanding the Threat - Zimperium

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users (thehackernews.com)

How cyber criminals are using free IT tools, YouTube videos to spread malware - The Hindu

Fake IT support sites push malicious PowerShell scripts as Windows fixes (bleepingcomputer.com)

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (thehackernews.com)

China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware (securityaffairs.com)

Indian Software Firm's Products Hacked to Spread Data-Stealing Malware (thehackernews.com)

FakeBat Loader Malware Spreads Widely Through Drive-by Download Attacks (thehackernews.com)

South Korean ERP Vendor's Server Hacked to Spread Xctdoor Malware (thehackernews.com)

Thousands of child abuse site users potentially exposed by infostealer logs | SC Media (scmagazine.com)

Global Police Operation Shuts Down 600 Cyber Crime Servers Linked to Cobalt Strike (thehackernews.com)

NCA’s Operation Morpheus targets illicit Cobalt Strike use | Computer Weekly

Europol shuts down Cobalt Strike servers used by hackers (stackdiary.com)

Infostealing malware masquerading as generative AI tools - Help Net Security

Infostealer malware logs used to identify child abuse website members (bleepingcomputer.com)

Hackers attack HFS servers to drop malware and Monero miners (bleepingcomputer.com)

Software Productivity Tools Hijacked to Deliver Infostealers (darkreading.com)

Mobile

Security experts issue warning over new spyware variant targeting Android users | ITPro

Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug - Security Week

Phones are more like PCs than ever — here’s how to protect them from viruses and malware | Tom's Guide (tomsguide.com)

Stop Using Your Face or Thumb to Unlock Your Phone (gizmodo.com)

Denial of Service/DoS/DDOS

Source: Ukrainian cyber attack leaves at least 250,000 consumers without connection in Russian-occupied territories (kyivindependent.com)

HUR’s massive DDoS attack left 250,000 without communication in occupied territories / The New Voice of Ukraine (nv.ua)

Why every company needs a DDoS response plan - Help Net Security

Beware DDoS attacks - the raid which flies under the radar - BusinessCloud

New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks (thehackernews.com)

Internet of Things – IoT

Are smart home security systems more of a security risk than a benefit? | TechRadar

99% of IoT exploitation attempts rely on previously known CVEs - Help Net Security

Any IoT Device Can Be Hacked, Even Grills (darkreading.com)

Data Breaches/Leaks

The biggest data breaches in 2024: 1B stolen records and rising | TechCrunch

Russia's Midnight Blizzard stole email of more Microsoft customers (securityaffairs.com)

TeamViewer links corporate cyber attack to Russian state hackers (bleepingcomputer.com)

Ticketmaster Confirms User Email Addresses, Phone Numbers Stolen in Hack (pcmag.com)

Insurance Software Vendor Notifies 6.1 Million of 2023 Hack (govinfosecurity.com)

Infosys McCamish says LockBit stole data of 6 million people (bleepingcomputer.com)

Hundreds of Thousands Impacted in Children's Hospital Cyber Attack (darkreading.com)

Network Segmentation Saved TeamViewer From APT29 Attack (darkreading.com)

Panama Papers: Court acquits all 28 charged with money laundering - BBC News

Landmark Admin Discloses Data Breach Impacting Personal, Medical Information - Security Week

‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at Risk - Security Boulevard

NHS data in cyber breach includes names and test details as patients warned recovery ‘will take some time’ – PublicTechnology

Prudential said 36,000 people were affected in a February data breach – it just revised that number to 2.5 million | ITPro

3 Ways to Chill Attacks on Snowflake (darkreading.com)

Formula 1 governing body discloses data breach after email hacks (bleepingcomputer.com)

Twilio's Authy App Breach Exposes Millions of Phone Numbers (thehackernews.com)

Ethereum mailing list breach exposes 35,000 to crypto draining attack (bleepingcomputer.com)

2FA hack exposes millions of phone numbers to hackers - Android Authority

Dairy giant Agropur says data breach exposed customer info (bleepingcomputer.com)

300k Affected by Year-Old Data Breach at Florida Community Health Centers - Security Week

Healthcare fintech firm HealthEquity disclosed a data breach (securityaffairs.com)

Offshore vessel firm fined $18k after health and financial info of seamen affected in data breach | The Straits Times

Cambridge University Press & Assessment hit by cyber attack (timeshighereducation.com)

Gamers’ Data Exposed in RPG Platform Roll20 Breach - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

Cyber criminals Are Free To Exploit Vulnerabilities Without Fear | HackerNoon

Cyber crime rises putting organisations under significant stress, report reveals (holyrood.com)

Cyber Crime vs. Cyber Security: Learning the Tactics of Criminals to Protect Your Interests | J.S. Held - JDSupra

Waging war on cyber criminals: should cyber strategies be active or passive? - Verdict

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining (thehackernews.com)

Ethereum mailing list breach exposes 35,000 to crypto draining attack (bleepingcomputer.com)

Insider Risk and Insider Threats

Half of Employees Fear Punishment for Reporting Security Mistakes - Infosecurity Magazine (infosecurity-magazine.com)

A fifth of office workers have access to data from a previous employer - Business Plus

Insurance

Cyber insurance Premiums are Going Down: Here’s Why and What to Expect - Security Week

76% of companies enhance cyber defences to secure insurance: Sophos - Reinsurance News

Insurers told they need to get active in cyber risk response (emergingrisks.co.uk)

Cyber insurance Bedevils Law Firms - Above the Law

Cyber insurance rates drop as businesses bolster cyber security measures - FStech Financial Sector Technology

Cyber insurance rates fall as businesses improve security, report says By Reuters (investing.com)

Supply Chain and Third Parties

Cyber attacks on London's hospitals continue to disrupt services - BBC News

Ticketmaster Confirms User Email Addresses, Phone Numbers Stolen in Hack (pcmag.com)

Evolve Bank & Trust Faces Wave of Suits Following Cyber Attack (bloomberglaw.com)

Wise confirms impact from Evolve Bank breach | SC Media (scmagazine.com)

Evolve Bank Shares Data Breach Details as Fintech Firms Report Being Hit - Security Week

Fintech company Wise says some customers affected by Evolve Bank data breach | TechCrunch

Fintech Frenzy: Affirm & Others Emerge as Victims in Evolve Breach (darkreading.com)

Cloud/SaaS

Ticketmaster sends notifications about recent massive data breach (bleepingcomputer.com)

Security in the public cloud explained: A guide for IT and security admins | Computer Weekly

Man-In-The-Middle Attacks are Still a Serious Security Threat - Security Boulevard

Ensuring data security in an uncertain world | TechRadar

47% of corporate data stored in the cloud is sensitive - Help Net Security

Bare metal can come back, says Gartner, citing VMware prices • The Register

Identity and Access Management

Man-In-The-Middle Attacks are Still a Serious Security Threat - Security Boulevard

3 Ways to Chill Attacks on Snowflake (darkreading.com)

Compliance, Security and the Role of Identity - Security Boulevard

Encryption

Modern Cryptographic Attacks: A Guide for the Perplexed - Check Point Research

Linux and Open Source

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems (thehackernews.com)

PoC Exploit Published for Linux Kernel Privilege Escalation Flaw (cybersecuritynews.com)

Passwords, Credential Stuffing & Brute Force Attacks

Police allege ‘evil twin’ in-flight Wi-Fi used to steal info • The Register

RockYou2024: 10 billion passwords leaked in the largest compilation of all time | Cybernews

Nearly 10 billion passwords stolen by hackers — how to protect yourself | Tom's Guide (tomsguide.com)

Hackers exploit critical D-Link DIR-859 router flaw to steal passwords (bleepingcomputer.com)

Social Media

Meta’s ‘Pay or Consent’ Data Model Breaches EU Law - Infosecurity Magazine (infosecurity-magazine.com)

Cyber security researchers uncover disproportionate rise in investment scams on social media – Firstpost

Brazil data protection authority bans Meta from training AI models with data originating in the country (securityaffairs.com)

Training, Education and Awareness

Cyber security training needs a human touch (betanews.com)

Fortinet annual skills gap report - more security training needed - Verdict

Want to scale cyber defenders? Focus on AI-enabled security and organisation-wide training | CyberScoop

Regulations, Fines and Legislation

Newly Proposed Rule Expanding Cyber Incident Reporting to Affect Financial Services Companies | ArentFox Schiff - JDSupra

Banking groups balk at proposed cyber incident reporting rule | American Banker

Meta’s ‘Pay or Consent’ Data Model Breaches EU Law - Infosecurity Magazine (infosecurity-magazine.com)

European Commission consults on draft Implementing Regulation on requirements for cyber security risk management measures and significant incidents under NIS 2 Directive | Practical Law (thomsonreuters.com)

Ensuring data security in an uncertain world | TechRadar

The Critical Role of Governments in EU Cyber Resilience - IDC Europe Blog (blog-idceurope.com)

California Advances Unique Safety Regulations for AI Companies Despite Tech Firm opposition - Security Week

How the rush to regulate AI could bring new cyber security challenges (betanews.com)

Financial services shun AI over job and regulatory fears

Models, Frameworks and Standards

Cyber Essentials at 10: Success or failure? | Computer Weekly

Boardroom Blindspot: How New Frameworks for Cyber Metrics are Reshaping Boardroom Conversations - Security Boulevard

Backup and Recovery

Cyber attack: Indonesia data hit by cyber attack not backed up, officials say - The Economic Times (indiatimes.com)

Data Protection

47% of corporate data stored in the cloud is sensitive - Help Net Security

Brazil data protection authority bans Meta from training AI models with data originating in the country (securityaffairs.com)

Careers, Working in Cyber and Information Security

Fortinet annual skills gap report - more security training needed - Verdict

Finance sector facing multiple skills shortages amid wider disruption - Business Plus

The Future Of The Cyber Security Profession With The Rise Of AI (forbes.com)

Cyber Workforce Grows 15% at Large Organisations - Infosecurity Magazine (infosecurity-magazine.com)

Cyber Workforce Numbers Rise for Larger Organisations (darkreading.com)

Here are 5 of the highest-paying cyber security jobs | Fortune Education

Law Enforcement Action and Take Downs

Global Police Operation Shuts Down 600 Cyber Crime Servers Linked to Cobalt Strike (thehackernews.com)

NCA’s Operation Morpheus targets illicit Cobalt Strike use | Computer Weekly

Europol shuts down Cobalt Strike servers used by hackers (stackdiary.com)

Dozens of Arrests Disrupt €2.5m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)

Indonesia detains 103 foreigners in a raid in Bali involving suspected cyber crime - ABC News (go.com)

Misinformation, Disinformation and Propaganda

Google Thwarts Over 10,000 Attempts by Chinese Influence Operator - Infosecurity Magazine (infosecurity-magazine.com)

Cyber hacktivists issue “call to arms” to target elections in Europe, UK (verdict.co.uk)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Full-blown cyberwar: a Hollywood worthy scenario | Cybernews

The US Wants to Integrate the Commercial Space Industry With Its Military to Prevent Cyber Attacks | WIRED

Major bank raises alarm bell on cyber 'warfare': Claims 'entire community is at risk' - ABC News

Nation State Actors

China

Google Thwarts Over 10,000 Attempts by Chinese Influence Operator - Infosecurity Magazine (infosecurity-magazine.com)

China is turning to private firms for offensive cyber operations - Defense One

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (thehackernews.com)

Taiwan reports over 100 cyber security incidents in May | Taiwan News | Jun. 29, 2024 14:22

Russia

Russia's Midnight Blizzard stole email of more Microsoft customers (securityaffairs.com)

Ukraine war briefing: US charges Russian with conspiring to destroy Kyiv computer systems | Ukraine | The Guardian

Russian hackers behind NHS attack are part of Kremlin-protected cyber army (inews.co.uk)

Microsoft reveals even more emails to customers were accessed by Russia-based hackers - Neowin

Vladimir Putin's latest escalation has hit far too close to home (telegraph.co.uk)

US charges Russian civilian for allegedly helping GRU spies target Ukrainian government systems with data-destroying malware | TechCrunch

Network Segmentation Saved TeamViewer From APT29 Attack (darkreading.com)

TeamViewer attributes security incident to Russian APT group Midnight Blizzard | SC Media (scmagazine.com)

Major bank raises alarm bell on cyber 'warfare': Claims 'entire community is at risk' - ABC News

Home Office was warned about NHS cyber hacks months before Kremlin-backed attack (inews.co.uk)

‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at Risk - Security Boulevard

Poland to probe Russia-linked cyber attack on state news agency (therecord.media)

US Announces $10 Mln Bounty for Russian Hacker Behind 2022 Hack Targeting Ukraine (kyivpost.com)

Source: Ukrainian cyber attack leaves at least 250,000 consumers without connection in Russian-occupied territories (kyivindependent.com)

HUR’s massive DDoS attack left 250,000 without communication in occupied territories / The New Voice of Ukraine (nv.ua)

Alert: French Diplomats Targeted By Russian Cyber Attacks - Security Boulevard

North Korea

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data (thehackernews.com)

Major bank raises alarm bell on cyber 'warfare': Claims 'entire community is at risk' - ABC News

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Cyber hacktivists issue “call to arms” to target elections in Europe, UK (verdict.co.uk)

Tools and Controls

Cyber security training needs a human touch (betanews.com)

Rising risks set to drive huge investment in cyber security (emergingrisks.co.uk)

Cyber security is worth the spend | TechRadar

Network Segmentation Saved TeamViewer From APT29 Attack (darkreading.com)

Half of IT pros think there are devices on their network they don't know about (betanews.com)

Fortinet annual skills gap report - more security training needed - Verdict

A fifth of office workers have access to data from a previous employer - Business Plus

Escalating global cyber threats require robust layered security measures | TechRadar

Fake IT support sites push malicious PowerShell scripts as Windows fixes (bleepingcomputer.com)

Reduce security risk with 3 edge-securing steps | CSO Online

76% of companies enhance cyber defences to secure insurance: Sophos - Reinsurance News

The Future Of The Cyber Security Profession With The Rise Of AI (forbes.com)

Adapting cyber security strategies to the escalating threat landscape (securitybrief.co.nz)

Navigating the cyber security tempest in the UK organisations (thehrdirector.com)

Insurers told they need to get active in cyber risk response (emergingrisks.co.uk)

Cyber insurance Bedevils Law Firms - Above the Law

Setting the Tone at the Top to Manage Enterprise Risk - Infosecurity Magazine (infosecurity-magazine.com)

How MFA Failures are Fueling a 500% Surge in Ransomware Losses (thehackernews.com)

Boardroom Blindspot: How New Frameworks for Cyber Metrics are Reshaping Boardroom Conversations - Security Boulevard

Companies spend more on cyber security but struggle to track expenses - Help Net Security

Stress-Testing Security Assumptions in a World of New & Novel Risks (darkreading.com)

Organisations use outdated approaches to secure APIs - Help Net Security

Kaspersky software ban: CISOs must move quickly, experts say | CSO Online

Rethinking Cyber Security in the Age of AI - Security Boulevard

Friend or Foe? AI's Complicated Role in Cyber Security (darkreading.com)

Blurred lines: Securing the physical and digital sides of business - IT Security Guru

Understanding collective defence as a route to better cyber security | TechRadar

Waging war on cyber criminals: should cyber strategies be active or passive? - Verdict

Staying Ahead of Adversarial AI with Incident Response Automation - Security Boulevard

Embracing Automation: The Key to Proactive Security | MSSP Alert

SIEM-Apocalypse: Protecting Your Security Team in a Time of Turmoil | MSSP Alert

Want to scale cyber defenders? Focus on AI-enabled security and organisation-wide training | CyberScoop

US folk still buying in 3rd-party antivirus, more so the old • The Register

Four Reasons Why You Should Evaluate Your Cyber Security System (forbes.com)

Cyber insurance rates fall as businesses improve security, report says By Reuters (investing.com)

Compliance, Security and the Role of Identity - Security Boulevard

Why AI is essential to securing software and data supply chains (betanews.com)

4 key steps to building an incident response plan - Help Net Security

Reports Published in the Last Week

2024 Cyber Threat Report | Huntress

Other News

Cyber Criminals Are Free To Exploit Vulnerabilities Without Fear | HackerNoon

Google is cracking down on internet security in this big way | Digital Trends

Water supplies remain ‘too weak’ when it comes to cyber security - Digital Journal

Man-In-The-Middle Attacks are Still a Serious Security Threat - Security Boulevard

Hackers Are Hiding in Plain Sight: Insights from Our 2024 Cyber Threat Report | Huntress

Blurred lines: Securing the physical and digital sides of business - IT Security Guru

Understanding collective defence as a route to better cyber security | TechRadar

Over 380k Hosts Still Referencing Malicious Polyfill Domain: Censys - Security Week

Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies (thehackernews.com)

Cyber attack handling ‘staggeringly incompetent’ | Guernsey Press

Paris Olympics 2024: The rising threat of cyber attacks (yahoo.com)

States of Guernsey hit by attempted cyber attack on emails - BBC News

Food Security: Mitigating the Dangers of Digital Poison | AFCEA International

CISA director: US 'not afraid' to probe holes in Big Tech • The Register

Stress-Testing Security Assumptions in a World of New & Novel Risks (darkreading.com)

Kaspersky software ban: CISOs must move quickly, experts say | CSO Online

Space: The Final Frontier for Cyber Attacks (informationweek.com)

IT Security Responsibilities for Online Start-Ups - IT Security Guru

To guard against cyber attacks in space, researchers ask ‘what if?’ (theconversation.com)

Protecting our data in a world of rising cyber attacks - IT Security Guru

States hit back at deputies’ IT security criticism | Bailiwick Express

OPINION: Why cyber security urgently needs updating in transportation | Traffic Technology Today

Vulnerability Management

Stress-Testing Security Assumptions in a World of New & Novel Risks (darkreading.com)

Embracing the Absurd: Finding Freedom in Cyber Security - Security Boulevard

The Great Overcomplication | AFCEA International

99% of IoT exploitation attempts rely on previously known CVEs - Help Net Security

Smashing Silos With a Vulnerability Operations Center (VOC) - Security Boulevard

Vulnerabilities

First OpenSSH vulnerability in nearly two decades leaves over 14 million servers potentially at risk | ITPro

Over 14M servers may be vulnerable to OpenSSH's regreSSHion RCE flaw. Here's what you need to do | ZDNET

PoC Exploit Published for Linux Kernel Privilege Escalation Flaw (cybersecuritynews.com)

3 million iOS and macOS apps were exposed to potent supply-chain attacks | Ars Technica

'Almost every Apple device' vulnerable to CocoaPods • The Register

8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining (thehackernews.com)

Critical GitLab Bug Threatens Software Development Pipelines (darkreading.com)

Juniper releases out-of-cycle fix for max severity auth bypass flaw (bleepingcomputer.com)

This Windows 11 bug may break Windows Security (xda-developers.com)

Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Security Week

New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data (thehackernews.com)

Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug - Security Week

Gogs vulnerabilities may put your source code at risk | SC Media (scmagazine.com)

Hackers exploit critical D-Link DIR-859 router flaw to steal passwords (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 02/07/2024 Black Arrow Admin 02/07/2024

Black Arrow Cyber Advisory 02 July 2024 – Critical Vulnerabilities identified in OpenSSH, Juniper, and Apple App Development Supply Chain

Executive Summary

A critical security flaw that could allow unauthenticated remote code execution with root privileges has been discovered in the OpenSSH Server component when deployed in its default configuration. Critical vulnerabilities have also been discovered in Juniper Networks' ‘Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router’ product line. Additionally, vulnerabilities have been found within the CocoaPods dependency manager, which is used to manage library dependencies for many popular iOS and macOS applications. These vulnerabilities could allow attackers to claim ownership of thousands of unclaimed ‘pods’, enabling them to modify and insert malicious code into these dependencies.

Security updates have been released for the OpenSSH and Juniper vulnerabilities. Although the CocoaPods vulnerabilities have now been patched, developers are encouraged to verify the integrity of any open-source dependencies used previously within their applications, as these vulnerabilities have been present since a migration took place in 2014.

What’s the risk to me or my business?

If exploited, these vulnerabilities could compromise the confidentiality, integrity, and availability of data stored by an organisation. Specific information on each vulnerability is provided in the technical summary below.

What can I do?

Security updates are available for OpenSSH and affected Juniper products. These updates should be applied as soon as possible, especially for actively exploited vulnerabilities. It should be noted that where OpenSSH has been deployed into products managed by a hardware vendor, such as a firewall, security updates will need to be applied once released by the vendor. Software developers who rely on the CocoaPods dependency manager should verify the integrity of any dependencies, look to remove orphaned dependencies and should also conduct scans for malicious or suspicious code as part of secure development practices.

Technical Summary

OpenSSH

CVE-2024-6387: A critical race condition vulnerability may allow remote code execution with root privileges. This has been demonstrated in lab conditions to be successful after an average of 6-8 hours of continuous connections on 32-bit Linux systems. While 64-bit systems are believed to be exploitable, this was not demonstrated during testing. As OpenSSH is an included dependency for many different products, vendors will need to release their own security patches for these dependencies. Mitigation advice includes restricting SSH services to only be accessible from trusted sources or disabling the functionality if not required until a patch is available.

Further details on the OpenSSH vulnerabilities and individual vendor responses can be found here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387.

Juniper

CVE-2024-2973: An Authentication Bypass Using an Alternate Path or Channel vulnerability with a CVSS 4.0 rating of 10.0 is present in Juniper Networks' Session Smart Router or Conductor running with a redundant peer. This allows a network-based attacker to bypass authentication and take full control of the device. The vendor advises that only Routers or Conductors running in high-availability redundant configurations are affected by this vulnerability and recommends that affected products be patched as soon as possible.

Further details on the vulnerabilities addressed can be found here: https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973?language=en_US.

CocoaPods

E.V.A Information Security conducted research into the CocoaPods dependency manager, often used in the development of iOS and macOS applications that rely on Swift or Objective-C languages. Over 3 million applications have used the dependency manager, and thousands of packages have been left exposed in a state where they could have been maliciously taken over since a migration in 2014 left these in an orphaned state, where the original owner was not confirmed. Malicious actors could use a public API and an email address to claim ownership over these packages, allowing them to alter or replace the source code with their own malicious code. Developers are advised to review the dependency lists and package managers used within their applications, validate checksums, perform scans for malicious code, and limit the use of orphaned or unmaintained packages.

Further details on the vulnerabilities can be found here: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Black Arrow Admin 30/06/2024 Black Arrow Admin 30/06/2024

Black Arrow Cyber Threat Briefing 28 June 2024

Black Arrow Cyber Threat Intelligence Briefing 28 June 2024:

-Cyber Attacks on The Rise with Financial Sector a Top Target, Report Reveals

-Cloud Resources Have Become Biggest Targets for Cyber Attacks, Finds Thales

-Hackers Grow More Sinister and Brazen in Hunt for Bigger Ransoms

-1 Out of 3 Breaches Go Undetected

-Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organisations Experience Cyber Breaches and Incidents

-Why Are Threat Actors Faking Data Breaches?

-China-Sponsored Attackers Target 40K Corporate Users in 90 Days

-Cyber Security Neglect: The Silent Killer of Businesses

-Third of Organisations Have Suffered Three or More Data Breaches in the Last 24 Months

-75% of New Vulnerabilities Exploited Within 19 Days

-It’s a Hard Time to Be a CISO. Transformational Leadership is More Important Than Ever.

-Tackling The Role Human Error Plays in Data Breaches

Governance, Risk and Compliance

It’s a Hard Time to Be a CISO. Transformational Leadership is More Important Than Ever. - Security Boulevard

The NYSE's $10M Wake-up Call (darkreading.com)

Cyber Attacks on the rise with financial sector a top target, report reveals (investmentnews.com)

Cyber security Neglect: The Silent Killer of Businesses | HackerNoon

Organisations with outdated security approaches getting hammered: Cloudflare | CSO Online

Today's Most Overlooked Mergers and Acquisitions Cyber Security and Compliance Risks | Inc.com

New cyber threat research for SMB in 2024 | Securelist

Nearly half of cyber professionals do not have the budget for adequate protection – Coalition | Insurance Times

Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organisations Report Cyber Breaches and Incidents (darkreading.com)

Building a culture of security is everyone’s responsibility - Raconteur

Small Businesses Taking Proactive Steps to Prevent Cyber Attacks (smallbiztrends.com)

Is Defence Winning? A Look at Decades of Playing Catch Up (darkreading.com)

Working with a cyber security committee of the board | Microsoft Security Blog

CISOs Reveal Firms Prioritize Savings Over Long-Term Security - Infosecurity Magazine (infosecurity-magazine.com)

CISOs becoming more comfortable with risk levels - Help Net Security

Inside the Mind of a CISO: Survey and Analysis - SecurityWeek

CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed (darkreading.com)

Some strategies for CISOs freaked out by the specter of federal indictments | CSO Online

The challenges in maintaining effective cyber security (securitybrief.co.nz)

A proactive cyber security policy is not just smart — it’s essential (securityintelligence.com)

The cyber attacks which could wipe your business out | BelfastTelegraph.co.uk

Global business leaders are optimistic about growth and focused on cyber security, AI, sustainability, brand image and international outlook (cnn.com)

Evaluating crisis experience in CISO hiring: What to look for and look out for | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

The State of Ransomware 2024 | SC Media (scmagazine.com)

Ransomware threat landscape Jan-Apr 2024: insights and challenges (securityaffairs.com)

UK and US cops put Qilin ransomware crims in the crosshairs • The Register

Key Takeaways From the British Library Cyber Attack (darkreading.com)

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (thehackernews.com)

Hackers Grow More Sinister and Brazen in Hunt for Bigger Ransoms - Bloomberg

Research Reveals Two-Thirds of Organisations Infected with Ransomware Multiple Times, with One-in-Five Infected More than Ten Times | Business Wire

Ratel RAT targets outdated Android phones in ransomware attacks (bleepingcomputer.com)

Red Tape Is Making Hospital Ransomware Attacks Worse | WIRED

Cyber Attacks: An Unseen State Of Emergency In Healthcare (forbes.com)

Chinese Cyber Spies Employ Ransomware in Attacks for Diversion (bleepingcomputer.com)

Cyber attacks on healthcare: Russia’s tool for mass disruption - Medical Device Network (medicaldevice-network.com)

New ransomware, infostealers pose growing risk in 2024 - Help Net Security

Best practices for protection from ransomware in cloud storage | TechTarget

Meet the Ransomware Negotiators (darkreading.com)

Ransomware Victims

Hackers Publish 400GB Of Data After London Hospital Cyber Attack (forbes.com)

UK government weighs action against Russian hackers over NHS records theft | NHS | The Guardian

It Happened Again; A Major Cyber Attack On The NHS. Why Are Health Organisations A Prime Target? (forbes.com)

Lockbit 3.0 Claims Attack on Federal Reserve: 33 Terabytes of Sensitive Data Allegedly Compromised (redhotcyber.com)

LockBit lied: Stolen data is from a bank, not US Federal Reserve (bleepingcomputer.com)

UK and US cops put Qilin ransomware crims in the crosshairs • The Register

NHS data breach: Over 3,000 appointments and operations cancelled amid reports of potential counteraction against attackers – PublicTechnology

Key Takeaways From the British Library Cyber Attack (darkreading.com)

Security firm Accenture breached, claim cybercriminals | Cybernews

Here's what ransomware crims stole from Change Healthcare • The Register

NHS patients affected by cyber-attack may face six-month wait for blood test (yahoo.com)

Investigation of Russian Hack on London Hospitals May Take Weeks Amid Worries Over Online Data Dump - SecurityWeek

CDK Cyber Attack: What Is It, Who Is Responsible and What’s the Fallout? - Bloomberg

Hacked UK Trove Includes Data on Newborns, Cancer Patients (1) (bloomberglaw.com)

Crisis-hit firm behind vital NHS services faces uncertain future | Technology sector | The Guardian

Evolve Bank caught up in latest Russia-linked cyber attacks (paymentexpert.com)

Expert Reveals Cyber Attack ‘Paralyzed’ Over 15K US Car Dealerships (dailydot.com)

Startups scramble to assess fallout from Evolve Bank data breach | TechCrunch

Indonesia Says a Cyber Attack Has Compromised Its Data Centre but It Won't Pay the $8 Million Ransom - SecurityWeek

NHS officials warned over patients data exposed in ‘hackers honey pot’ | The Independent

CDK cyber attacks show need for world offensive against criminals | Automotive News (autonews.com)

Shoe Zone hit by cyber attack (drapersonline.com)

Phishing & Email Based Attacks

Widespread phishing attack impacts many LA County departments | SC Media (scmagazine.com)

400 million Outlook users at risk from security bug — what you need to know | Tom's Guide (tomsguide.com)

The Rising Threat of Mobile Phishing and How to Avoid It | MSSP Alert

Warning in Guernsey after phishing scam increase - BBC News

Expert Reveals Cyber Attack ‘Paralyzed’ Over 15K Dealerships (dailydot.com)

Malware Sandbox Any.Run Targeted in Phishing Attack - SecurityWeek

BEC

Australian gov supplier bank details altered in cyber attacks - Security - iTnews

Other Social Engineering

Mark Cuban claims his Gmail was hacked after receiving hoax call (cointelegraph.com)

What is shoulder surfing and how to prevent it? | Proton

Artificial Intelligence

Cloud security faces pressure from AI growth, multicloud use | CSO Online

91% of Security Leaders Believe AI Set to Outpace Security Teams, Bugcrowd Report Finds (prnewswire.com)

How are CISOs and organisations navigating AI cyber attacks? | TechFinitive

Political Deepfakes Are the Top Use of Malicious AI (pcmag.com)

Future trends in cyber warfare: Predictions for AI integration and space-based operations - Help Net Security

Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content (darkreading.com)

Cyber Security is a ‘team sport’ amid new gen AI–based cyber attacks | Fortune Asia

Microsoft: 'Skeleton Key' attack unlocks the worst of AI • The Register

Hackers expose deep cyber security vulnerabilities in AI | BBC News - YouTube

Security pros grade Apple Intelligence data privacy measures | TechTarget

Apple delays launch of AI-powered features in Europe, blaming EU rules | Apple | The Guardian

How to construct a cyber security policy that sits alongside AI (architecture.com)

2FA/MFA

The Snowflake breach tells us that passwords aren't enough | TechRadar

Multifactor Authentication Is Not Enough to Protect Cloud Data (darkreading.com)

Push Notification Fatigue Leads to LA County Health Department Data Breach - SecurityWeek

Malware

Cyber Attackers Turn to Cloud Services to Deploy Malware - Infosecurity Magazine (infosecurity-magazine.com)

Use of novel malware jumps 40% in 3 months, new report finds (techmonitor.ai)

New Unfurling Hemlock threat actor floods systems with malware (bleepingcomputer.com)

Telcos Hit Hardest by Cloud Malware, Report Finds - IT Security Guru

Oyster Backdoor Spreading via Trojanized Popular Software Downloads (thehackernews.com)

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign (thehackernews.com)

Google Chrome Web Store still has security work to do • The Register

280 Million Google Chrome Users Installed Dangerous Extensions, Study Says (forbes.com)

'Mirai-like' botnet observed attacking EOL Zyxel NAS devices • The Register

New Cyber threat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks (thehackernews.com)

Experts observed approximately 120 malicious campaigns using the Rafel RAT - Security Affairs

New Medusa malware variants target Android users in seven countries (bleepingcomputer.com)

Snowblind malware abuses Android security feature to bypass security (bleepingcomputer.com)

Novel Banking Malware Targets Customers in Southeast Asia - Infosecurity Magazine (infosecurity-magazine.com)

WordPress Fights Off Malware Attack, 5 Plugins Infected | MSSP Alert

New ransomware, infostealers pose growing risk in 2024 - Help Net Security

Mac users served info-stealer malware through Google ads | Ars Technica

Cyber attackers are using more new malware, attacking critical infrastructure | CSO Online

Korean telco allegedly infected its P2P users with malware • The Register

ISP accused of installing malware on 600,000 customer PCs to interfere with torrent traffic | TechSpot

Mobile

Forget privacy, young internet users want to be tracked (ft.com)

Here's how to keep your data private on your phone, PC, and tablet (xda-developers.com)

US government tells some Pixel users to update their phones in 10 days or stop using them - PhoneArena

The Rising Threat of Mobile Phishing and How to Avoid It | MSSP Alert

Ratel RAT targets outdated Android phones in ransomware attacks (bleepingcomputer.com)

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping (thehackernews.com)

New Medusa malware variants target Android users in seven countries (bleepingcomputer.com)

Snowblind malware abuses Android security feature to bypass security (bleepingcomputer.com)

Your Phone's 5G Connection is Vulnerable to Bypass, DoS Attacks (darkreading.com)

Denial of Service/DoS/DDOS

Don’t fall for these DDoS myths | TechFinitive

Your Phone's 5G Connection is Vulnerable to Bypass, DoS Attacks (darkreading.com)

Largest Croatian hospital under cyber attack - Help Net Security

Data Breaches/Leaks

1 out of 3 breaches go undetected - Help Net Security

Why are threat actors faking data breaches? - Help Net Security

Third of Organisations Have Suffered Three or More Data Breaches in the Last 24 Months - IT Security Guru

Microsoft Tells More Clients Russian Hackers Viewed Emails (2) (bloomberglaw.com)

All 150,000 residents of Dumfries and Galloway warned to assume data loss in NHS cyber attack – PublicTechnology

Santander Employee Data Breach Linked to Snowflake Attack - SecurityWeek

Post Office accidentally leaks names of sub-postmasters - BBC News

Sir Alan Bates hits out at Post Office ‘incompetence’ after data breach | Computer Weekly

First million breached Ticketmaster records released for free | Malwarebytes

The Snowflake latest: New victims, ShinyHunters takes credit • The Register

Security firm Accenture breached, claim cybercriminals | Cybernews

Push Notification Fatigue Leads to LA County Health Department Data Breach - SecurityWeek

Optus database compromised in 2022 by simple coding error - Mobile World Live

CISA confirms hackers may have accessed data from chemical facilities during January incident (therecord.media)

Microsoft blamed for million-record theft from Geisinger • The Register

Tackling the role human error plays in data breaches | TechRadar

NHS officials warned over patients data exposed in ‘hackers honey pot’ | The Independent

NYPD officer database had security flaws that could have let hackers covertly modify officer data - Nextgov/FCW

Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more | Malwarebytes

TeamViewer Detects Security Breach in Corporate IT Environment (thehackernews.com)

Authenticator for X, TikTok Exposes Personal User Info for 18 Months (darkreading.com)

Five things security teams need to know about the latest MOVEit Transfer bug | SC Media (scmagazine.com)

Hacker claims to have 30 million customer records from Australian ticket seller giant TEG | TechCrunch

Los Angeles Unified confirms student data stolen in Snowflake account hack (bleepingcomputer.com)

Neiman Marcus Data Breach Disclosed as Hacker Offers to Sell Stolen Information - SecurityWeek

Credential Stuffing Attack Hits 72,000 Levi’s Accounts - Infosecurity Magazine (infosecurity-magazine.com)

Designed Receivable Solutions Data Breach Impacts 585,000 People - SecurityWeek

Web scraping is not just a security or fraud problem - Help Net Security

Japan's space agency struck by multiple cyber attacks, but officials say no sensitive data was taken - Washington Times

Organised Crime & Criminal Actors

Why are threat actors faking data breaches? - Help Net Security

Why Russia Is Facing a Crime Wave When War on Ukraine Ends - Bloomberg

Russian soldiers returning home are sending crime higher | Fortune

18,000 cyber security attacks reported to Hong Kong police in 3 months | South China Morning Post (scmp.com)

Four FIN9 hackers indicted for cyber attacks causing $71M in losses (bleepingcomputer.com)

Organised crime and domestic violence perps buy trackers • The Register

Wikileaks' Julian Assange Released from UK Prison, Heads to Australia (thehackernews.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

50 Cent got hacked by someone shilling memecoins and it seemed to work | Mashable

Predators steal additional $10M from crypto scam victims • The Register

Feds put $5m bounty on 'CryptoQueen' Ignatova's whereabouts • The Register

Crypto-gang leader convicted of vicious kidnaps, robbery • The Register

Suspected North Korean Attack Drains $2m from CoinStats Wallets - Infosecurity Magazine (infosecurity-magazine.com)

Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets - SecurityWeek

CoinStats says North Korean hackers breached 1,590 crypto wallets (bleepingcomputer.com)

Insider Risk and Insider Threats

Tackling the role human error plays in data breaches | TechRadar

JPMorgan Hacker May Have Built New Fraud Empire While Working With FBI - Bloomberg

Insurance

Recovery costs of cyber attacks outpacing insurance – Sophos | Insurance Times

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

Cyber cover still seen as “nice to have” despite threats (emergingrisks.co.uk)

76% of Companies Improved Their Cyber Defences to Qualify (globenewswire.com)

UK midsize firms wary of cyber insurance: Coalition - Reinsurance News

Surge in cyber insurance market fuelled by regulatory shifts and global tensions: Morningstar DBRS - Reinsurance News

How are cyber insurance claims shaping up for 2024? | Insurance Business America (insurancebusinessmag.com)

US businesses struggle to obtain cyber insurance, lawmakers are told | CyberScoop

Supply Chain and Third Parties

It Happened Again; A Major Cyber Attack On The NHS. Why Are Health Organisations A Prime Target? (forbes.com)

Santander Employee Data Breach Linked to Snowflake Attack - SecurityWeek

The Snowflake latest: New victims, ShinyHunters takes credit • The Register

NHS patients affected by cyber-attack may face six-month wait for blood test (yahoo.com)

Investigation of Russian Hack on London Hospitals May Take Weeks Amid Worries Over Online Data Dump - SecurityWeek

Microsoft blamed for million-record theft from Geisinger • The Register

How to Respond When Your Service Provider Suffers a Cyber Attack - Dear Mary – Incidents + Investigations Cyber Security Advice Column | Troutman Pepper - JDSupra

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack (thehackernews.com)

Remove Polyfill.io code from your website immediately • The Register

Cloud/SaaS

Cyber Attackers Turn to Cloud Services to Deploy Malware - Infosecurity Magazine (infosecurity-magazine.com)

Cloud security faces pressure from AI growth, multicloud use | CSO Online

The Snowflake breach tells us that passwords aren't enough | TechRadar

Multifactor Authentication Is Not Enough to Protect Cloud Data (darkreading.com)

Cloud Resources have Become Biggest Targets for Cyber Attacks, finds Thales | Thales Group

Cloud Breaches Impact Nearly Half of Organisations - Infosecurity Magazine (infosecurity-magazine.com)

Santander Employee Data Breach Linked to Snowflake Attack - SecurityWeek

Telcos Hit Hardest by Cloud Malware, Report Finds - IT Security Guru

The Snowflake latest: New victims, ShinyHunters takes credit • The Register

UK government’s M365 use under scrutiny after Microsoft’s ‘no guarantee of sovereignty’ disclosure | Computer Weekly

Police Scotland did not consult ICO about high-risk cloud system | Computer Weekly

SAP customers warned on risks in unofficial route to cloud • The Register

Best practices for protection from ransomware in cloud storage | TechTarget

Crafting a Robust Cloud Security Strategy in 2024 | MSSP Alert

Are rainy days ahead for cloud computing? - BBC News

Encryption

Europe and Australia both back down on CSAM scanning (9to5mac.com)

Telegram says it has 'about 30 engineers'; security experts say that's a red flag | TechCrunch

Passwords, Credential Stuffing & Brute Force Attacks

The Snowflake breach tells us that passwords aren't enough | TechRadar

Credential Stuffing Attack Hits 72,000 Levi’s Accounts - Infosecurity Magazine (infosecurity-magazine.com)

Levi's Data Breach: 72,000+ Customers' Data Exposed (cybersecuritynews.com)

Social Media

50 Cent got hacked by someone shilling memecoins and it seemed to work | Mashable

Authenticator for X, TikTok Exposes Personal User Info for 18 Months (darkreading.com)

Malvertising

Mac users served info-stealer malware through Google ads | Ars Technica

Regulations, Fines and Legislation

The NYSE's $10M Wake-up Call (darkreading.com)

A New Cyber Security Executive Order Puts the Heat on Critical Infrastructure Suppliers (securityintelligence.com)

Cyber Security | UK Regulatory Outlook June 2024 - Osborne Clarke | Osborne Clarke

Police Scotland did not consult ICO about high-risk cloud system | Computer Weekly

Surge in cyber insurance market fuelled by regulatory shifts and global tensions: Morningstar DBRS - Reinsurance News

What qualifies as a material cyber security incident? | TechTarget

Apple delays launch of AI-powered features in Europe, blaming EU rules | Apple | The Guardian

Some strategies for CISOs freaked out by the specter of federal indictments | CSO Online

Consulting firms settle $11.3M cyber security case (devx.com)

CMM 2.0 - What UK-Based Contractors Need to Know (techuk.org)

American Privacy Rights Act is now weak sauce, critics warn • The Register

The UK Government Announces Ambitious Proposals to Improve Software Security and Resilience | Pillsbury - Global Sourcing Practice - JDSupra

Models, Frameworks and Standards

Catching Up on Innovation With NIST CSF 2.0

Implementing CIS Controls in Small and Medium Enterprises | UpGuard

PCI DSS 4.0.1: New Clarifications on Client-Side Security – What You Need to Know - Security Boulevard

Backup and Recovery

Why immutable data storage is key to cyber security strategy | TechRadar

Data Protection

Apple delays launch of AI-powered features in Europe, blaming EU rules | Apple | The Guardian

American Privacy Rights Act is now weak sauce, critics warn • The Register

Careers, Working in Cyber and Information Security

12 hottest IT security certs for higher pay today | CSO Online

Gaining and Retaining Security Talent: A Cheat Sheet for CISOs - SecurityWeek

Fortinet report highlights global cyber security skills shortage (securitybrief.co.nz)

Employers urged to find cyber security talent differently (devx.com)

Evaluating crisis experience in CISO hiring: What to look for and look out for | CSO Online

Removal of Certain Degree Requirements To Boost Federal Cyber Workforce | AFCEA International

How to become a cyber security architect | TechTarget

Law Enforcement Action and Take Downs

UK's largest nuclear site denies being hacked but pleads guilty over cyber security failures (therecord.media)

Five men convicted for operating illegal streaming site Jetflicks (bleepingcomputer.com)

UK and US cops put Qilin ransomware crims in the crosshairs • The Register

Sellafield Pleads Guilty to Historic Cyber Security Offenses - Infosecurity Magazine (infosecurity-magazine.com)

Sellafield pleads guilty to criminal charges over cyber security | Computer Weekly

Four FIN9 hackers indicted for cyber attacks causing $71M in losses (bleepingcomputer.com)

Crypto-gang leader convicted of vicious kidnaps, robbery • The Register

Russian national indicted for role in cyber attacks on Ukraine | CyberScoop

Russian Charged With Ukrainian Cyber Attack Before Invasion - Law360

Ukraine war briefing: US charges Russian with conspiring to destroy Kyiv computer systems | Ukraine | The Guardian

War Crime Prosecutions Enter a New Digital Age | WIRED

Operation First Light Seizes $257m in Global Scam Bust - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

The inside view of spyware’s 'dirty interference,' from two recent Pegasus victims (therecord.media)

Political Deepfakes Are the Top Use of Malicious AI (pcmag.com)

Supreme Court rejects effort to limit government communication on misinformation | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Cyber operations create additional risks for people’s security and well-being | ICRC

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

Future trends in cyber warfare: Predictions for AI integration and space-based operations - Help Net Security

US military project aims to prevent hackers targeting satellites and recognises rising threat of cyber attacks in space (theconversation.com)

Nation State Actors

China

China-Sponsored Attackers Target 40K Corporate Users in 90 Days (darkreading.com)

China-Russia alignment: a threat to Europe's security | Merics

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

'SneakyChef' APT Slices Up Foreign Affairs With SugarGh0st (darkreading.com)

Chinese hackers have stepped up attacks on Taiwanese organisations, cyber security firm says (yahoo.com)

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign (thehackernews.com)

Protecting America’s cyber security demands showing our teeth | CyberScoop

Chinese Cyber Spies Employ Ransomware in Attacks for Diversion (bleepingcomputer.com)

Beyond TikTok: Navigating the cyber security landscape of tomorrow (federaltimes.com)

China-Linked Espionage Groups Target Asian Telecoms (darkreading.com)

Chinese Hackers Have Stepped Up Attacks on Taiwanese Organisations, Cyber Security Firm Says - SecurityWeek

18,000 cyber security attacks reported to Hong Kong police in 3 months | South China Morning Post (scmp.com)

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack (thehackernews.com)

Russia

Microsoft Tells More Clients Russian Hackers Viewed Emails (2) (bloomberglaw.com)

China-Russia alignment: a threat to Europe's security | Merics

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

US Treasury Sanctions 12 Kaspersky Executives Amid Software Ban (thehackernews.com)

Why Russia Is Facing a Crime Wave When War on Ukraine Ends - Bloomberg

Russian soldiers returning home are sending crime higher | Fortune

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (thehackernews.com)

European Union Sanctions Russian State Hackers (govinfosecurity.com)

Protecting America’s cyber security demands showing our teeth | CyberScoop

Russian used US systems for pre-invasion attack on Ukraine, US says - Defense One

UK government weighs action against Russian hackers over NHS records theft | NHS | The Guardian

Evolve Bank & Trust Confirms Data Was Stolen in Cyber Attack (claimsjournal.com)

Cyber attacks on healthcare: Russia’s tool for mass disruption - Medical Device Network (medicaldevice-network.com)

Russian national indicted for role in cyber attacks on Ukraine | CyberScoop

Russian Charged With Ukrainian Cyber Attack Before Invasion - Law360

Ukraine war briefing: US charges Russian with conspiring to destroy Kyiv computer systems | Ukraine | The Guardian

Kaspersky Denies Security Risk, After US Sales Ban | Silicon UK

The US bans Kaspersky products, citing security risks - what this means for you | ZDNET

US Bans Kaspersky Over Alleged Kremlin Links - Infosecurity Magazine (infosecurity-magazine.com)

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor (thehackernews.com)

FBI joins hunt for hackers who stole NHS records (thetimes.com)

HUR Cyber Attack Hits Russian Internet Providers in Occupied Crimea (kyivpost.com)

Evolve Bank caught up in latest Russia-linked cyber attacks (paymentexpert.com)

North Korea

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (thehackernews.com)

Protecting America’s cyber security demands showing our teeth | CyberScoop

Cyber operations create additional risks for people’s security and well-being | ICRC

Suspected North Korean Attack Drains $2m from CoinStats Wallets - Infosecurity Magazine (infosecurity-magazine.com)

Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets - SecurityWeek

CoinStats says North Korean hackers breached 1,590 crypto wallets (bleepingcomputer.com)

Tools and Controls

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

Recovery costs of cyber attacks outpacing insurance – Sophos | Insurance Times

Four steps to build cyber resilience in the public sector | TechRadar

US bans Kaspersky and hands out sanctions to execs — 100 days until class-leading antivirus ban takes effect | Tom's Hardware (tomshardware.com)

Conditional Access - The ultimate starter guide (oceanleaf.ch)

Hybrid work prompts spike in network security threats | Computer Weekly

Why immutable data storage is key to cyber security strategy | TechRadar

What Application Security Within Shadow IT Looks Like (darkreading.com)

Cyber cover still seen as “nice to have” despite threats (emergingrisks.co.uk)

76% of Companies Improved Their Cyber Defences to Qualify (globenewswire.com)

Nearly half of cyber professionals do not have the budget for adequate protection – Coalition | Insurance Times

DMARC: Why It's Moving from a Best Practice to Must-Have | Proofpoint US

UK midsize firms wary of cyber insurance: Coalition - Reinsurance News

IT Leaders Are Fifty-Fifty on Using GenAI For Cyber Security - Infosecurity Magazine (infosecurity-magazine.com)

Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organisations Report Cyber Breaches and Incidents (darkreading.com)

The four phases of emergency management | TechTarget

CISOs Reveal Firms Prioritize Savings Over Long-Term Security - Infosecurity Magazine (infosecurity-magazine.com)

How are cyber insurance claims shaping up for 2024? | Insurance Business America (insurancebusinessmag.com)

CISOs becoming more comfortable with risk levels - Help Net Security

CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed (darkreading.com)

Crafting a Robust Cloud Security Strategy in 2024 | MSSP Alert

US businesses struggle to obtain cyber insurance, lawmakers are told | CyberScoop

Cisco's enterprise firewall receives ‘caution’ rating from CyberRatings - SDxCentral

A proactive cyber security policy is not just smart — it’s essential (securityintelligence.com)

The dos and don’ts of gamified cyber security training - Security Boulevard

Benefits of dark web monitoring (techtarget.com)

Google's Naptime Framework to Boost Vulnerability Research with AI - Infosecurity Magazine (infosecurity-magazine.com)

A Watershed Moment for Threat Detection and Response (darkreading.com)

Creating a proactive incident response plan | Microsoft Security Blog

Building an incident response strategy in 2024 | ITPro

Conducting a Comprehensive Security Posture Assessment in 2024 (att.com)

Best practices for protection from ransomware in cloud storage | TechTarget

How to construct a cyber security policy that sits alongside AI (architecture.com)

Meet the Ransomware Negotiators (darkreading.com)

Cyber Security Report Examples (3 Common Styles) | UpGuard

Other News

We analysed the entire web and found a cyber security threat lurking in plain sight (theconversation.com)

UK's largest nuclear site denies being hacked but pleads guilty over cyber security failures (therecord.media)

Post Office expert IT witness Gareth Jenkins resigns BCS membership | Computer Weekly

Cyber Attacks: An Unseen State Of Emergency In Healthcare (forbes.com)

New cyber threat research for SMB in 2024 | Securelist

Is Defence Winning? A Look at Decades of Playing Catch Up (darkreading.com)

Beat the Heat and Cyber Threats this Summer | MSSP Alert

Cyber Europe 2024 tests resilience of EU Energy Sector (techmonitor.ai)

Hijacked spacecraft, hacked life support systems: the cyber risks of space | Cybernews

New Trends in Maritime Cyber Security in 2024 (maritime-executive.com)

Estimated cyber crime up almost 120 per cent in four years | The Herald (heraldscotland.com)

Japan's space agency struck by multiple cyber attacks, but officials say no sensitive data was taken - Washington Times

Windows 10 will get five years of additional support thanks to 0patch - Neowin

Cracking down on cybercrime: Who you gonna call? - Help Net Security

Inmarsat Maritime Whitepaper Recommends Holistic Approach To Cyber Security Ahead Of New Iacs Requirements (gcaptain.com)

Chemical Facilities Told of Possible Data Exfiltration in CISA Breach - Infosecurity Magazine (infosecurity-magazine.com)

Why cyber attack cases against journalists are increasing | WKMS

Securing the skies: IBS Software’s Alex Haynes on cyber security in air travel - Airport Technology (airport-technology.com)

Japan's Space Agency Was Hit by Multiple Cyber Attacks, but Officials Say No Sensitive Data Was Taken - SecurityWeek

How to navigate retail’s changing cyber threats | Retail Technology Review

Cyber Threats in Construction and Manufacturing: Securing your Organisation (att.com)

Cyber security for schools: What you need to know | Edexec

Nine ways construction companies can modernize and mitigate cyber risks | SC Media (scmagazine.com)

Vulnerability Management

75% of new vulnerabilities exploited within 19 days - Help Net Security

Google's Naptime Framework to Boost Vulnerability Research with AI - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerabilities

MOVEit Transfer Flaws Push Security Defence Into a Race With Attackers (darkreading.com)

Phoenix UEFI bug affects long list of Intel chip families • The Register

New attack uses MSC files and Windows XSS flaw to breach networks (bleepingcomputer.com)

Fresh MOVEit Bug Under Attack Mere Hours After Disclosure (darkreading.com)

VMware ESXi Flaw Allows Attackers to Bypass Authentication (cybersecuritynews.com)

MoveIt Transfer vulnerability targeted amid disclosure drama | TechTarget

New MOVEit Transfer critical bug is actively exploited (securityaffairs.com)

ESET Security Products - Windows Vulnerable Privilege Escalation (cybersecuritynews.com)

Chrome 126 Update Patches Memory Safety Bugs - SecurityWeek

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts (thehackernews.com)

US government tells some Pixel users to update their phones in 10 days or stop using them - PhoneArena

Plugins on WordPress.org backdoored in supply chain attack (bleepingcomputer.com)

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping (thehackernews.com)

Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released (bleepingcomputer.com)

WordPress Fights Off Malware Attack, 5 Plugins Infected | MSSP Alert

GitLab Security Updates Patch 14 Vulnerabilities - SecurityWeek

Windows 10 will get five years of additional support thanks to 0patch - Neowin

'Mirai-like' botnet observed attacking EOL Zyxel NAS devices • The Register

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 23/06/2024 Black Arrow Admin 23/06/2024

Black Arrow Cyber Threat Briefing 21 June 2024

Black Arrow Cyber Threat Intelligence Briefing 21 June 2024:

-Hackers Switch Focus to Cloud Apps for Data Theft, as Cloud Services Increasingly Seen as Huge Soft Target by Attackers

-The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe, 1 in 10 Email-Based Attacks are Now Business Email Compromise

-Regulatory Changes Are on the Horizon. Are Companies Ready?

-How Hackers Can Crack Your Password in an Hour

-US Bans Kaspersky Software, Citing National Security Risks

-Quarter of Firms Suffer an API-Related Breach

-More than 70% of Companies Increased Spending on Proactive Security

-The Resurgence of Major Data Breaches?

-Is Cyber Becoming a Primary Domain of Warfare?

-Cyber Threats Present Ever Greater Risks to International Peace and Security: UK Statement at UN Security Council

-Cyber Security and AI at Top of Risk List for UK Trustees

-Qilin: We Knew Our Synnovis Attack Would Cause a Healthcare Crisis at London Hospitals

-Ransomware Attacks Are Getting Worse

Governance, Risk and Compliance

Cyber security and AI at top of risk list for trustees, LCP says (professionalpensions.com)

Regulatory Changes Are on the Horizon. Are Companies Ready? (govinfosecurity.com)

More than 70% of companies increased spending on proactive security | Security Magazine

Regulators urged to promote cyber security investment - Risk.net

The Perilous Role of the CISO: Navigating Modern Minefields - SecurityWeek

Cyber security Deserves the Proverbial Seat at the Table (govinfosecurity.com)

Pressure mounts on CISOs as SEC bares teeth with legal action - Help Net Security

Why Regulated Industries are Turning to Military-Grade Cyber Defenses (thehackernews.com)

Cyber Security Burnout Crisis: Burnout in Next 12 Months (thehrdirector.com)

9 ways CSOs lose their jobs | CSO Online

Why Resilience Is More Than Just Cyber Security (inforisktoday.com)

How will the Merck settlement affect the insurance industry? (securityintelligence.com)

How Cyber Security Can Steer Organisations Toward Sustainability (darkreading.com)

Your firm's reputation depends on strong data security. Don't undervalue it - spectator.sme.sk

Closing the Readiness Gap: How to Ensure a Fast Recovery From the Inevitable Cyber Attack - Security Boulevard

Why Your Business Needs To Level Up Its Defence Life Cycle Management (forbes.com)

The High Cost of Downtime and How to Reduce It | MSSP Alert

Is it time to split the CISO role? | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

Scattered Spider hackers switch focus to cloud apps for data theft (bleepingcomputer.com)

Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating | Ars Technica

Ransomware Attacks Are Getting Worse | WIRED

Notorious cyber gang UNC3944 attacks vSphere and Azure • The Register

Why ransomware is still important to business resilience - IT Security Guru

UK Man Suspected of Being 'Scattered Spider' Leader Arrested - Security Week

What to do about the rise of unknown attack vectors in the ransomware playbook | SC Media (scmagazine.com)

Ransomware resurgence gives small businesses cause for concern | TechFinitive

The Financial Dynamics Behind Ransomware Attacks (securityaffairs.com)

Data breaches brought on by ransomware escalate. – Channel EYE

LockBit Ransomware Again Most Active - Real Attack Surge or Smokescreen? - Security Week

Ransomware attacks skyrocket, with LockBit 3.0 at the forefront - Exponential-e Blog

New ransomware over browser threat targets uploaded files (securityintelligence.com)

CISA warns of Windows bug exploited in ransomware attacks (bleepingcomputer.com)

Zero-Day Exploits and Ransomware Trends for 2024 (govinfosecurity.com)

How will the Merck settlement affect the insurance industry? (securityintelligence.com)

Qilin Ransomware: What You Need To Know | Tripwire

Linux version of RansomHub ransomware targets VMware ESXi VMs (bleepingcomputer.com)

Ransomware Victims

London hospitals postpone 1,600 operations and appointments after Russian cyber attack (newsbytesapp.com)

London Hospitals Knew of Cyber Vulnerabilities Years Before Hack (claimsjournal.com)

More than 100,000 patients ‘likely’ impacted by NHS cyber attack (holyrood.com)

London Ransomware Attack Led to 1500 Cancelled Ops and Appointments - Infosecurity Magazine (infosecurity-magazine.com)

Cyber criminals publish data from attack on NHS | UKAuthority

Change Healthcare to Start Notifying Customers Who Had Data Exposed in Cyber Attack - Security Week

512,000 radiology patient records accessed in cyber attack • The Register

Tally of victims reaches 100,000 in NHS cyber attack (thetimes.com)

Hackers demand $50M ransom payment from UK lab provider following hospital disruption - SiliconANGLE

Qilin has ‘no regrets’ over the healthcare crisis it caused • The Register

Don't blame us for people suffering - London hospital hackers - BBC News

Borders: NHS board warns patients over stolen personal details | The National

Cyber attack on a UK staffing company: a 'war story' - Osborne Clarke | Osborne Clarke

Hospital cyber attack turns deadly as drugs given to wrong patients - Washington Times

British Library to renew entire IT system as it reveals £1.6m cyber attack loss (civilsociety.co.uk)

Panera Bread likely paid a ransom in March ransomware attack (bleepingcomputer.com)

NHS boss says Scottish trust didn't meet attackers' demands • The Register

Cyber attack shuts down Israeli pharma company's distribution | Ctech (calcalistech.com)

Phishing & Email Based Attacks

The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe - Security Boulevard

Nigerian national faces prison for $1.5M phishing scam • The Register

Conversation hijacking up 70%, and 1 in 10 email-based attacks are now business email compromise (prnewswire.com)

Email threats are becoming more dangerous than ever — so keep an eye on your inbox | TechRadar

Worldwide 2023 Email Phishing Statistics and Examples | Trend Micro (US)

Your company needs a BEC policy and five other email security trends (betanews.com)

Malicious emails trick consumers into false election contributions - Help Net Security

Convicted BEC scammer could face over 100 years in prison (bitdefender.com)

Security bug allows anyone to spoof Microsoft employee emails | TechCrunch

Why You Shouldn't Unsubscribe From Spam Emails | HackerNoon

Cyber Criminals Target Trump Supporters with Donation Scams - Security Boulevard

Latest Cyber Insurance Policy Takes Aim at Phishing Attacks (inforisktoday.com)

BEC

The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe - Security Boulevard

Conversation hijacking up 70%, and 1 in 10 email-based attacks are now business email compromise (prnewswire.com)

Your company needs a BEC policy and five other email security trends (betanews.com)

Convicted BEC scammer could face over 100 years in prison (bitdefender.com)

Other Social Engineering

Cyber Criminals Turn to Multichannel Attacks—Alongside 'Quishing and 'Smishing'—to Dupe Targets | Corporate Counsel (law.com)

Notorious cyber gang UNC3944 attacks vSphere and Azure • The Register

Malware peddlers love this one social engineering trick! - Help Net Security

Fake Google Chrome errors trick you into running malicious PowerShell scripts (bleepingcomputer.com)

92% of Orgs Hit by Credential Compromise from Social Engineering - Infosecurity Magazine (infosecurity-magazine.com)

Explained: Android overlays and how they are used to trick people | Malwarebytes

Cyber Criminals Target Trump Supporters with Donation Scams - Security Boulevard

Artificial Intelligence

Cyber threats will present an ever greater number of risks to international peace and security: UK statement at the UN Security Council - GOV.UK (www.gov.uk)

'Sleepy Pickle' Exploit Subtly Poisons ML Models (darkreading.com)

Tech Policy Expert Calls for Law Overhaul to Combat Deepfakes - Infosecurity Magazine (infosecurity-magazine.com)

Majority of cyber security professionals unable to identify deepfake attacks - Singapore News (theindependent.sg)

Criminals, too, see productivity gains from AI | CSO Online

AI’s impact on data privacy remains unclear - Help Net Security

Can governments turn AI safety talk into action? | ZDNET

Chinese firm sought to use UK university links to access AI for possible military use | Imperial College London | The Guardian

How to bypass ChatGPT restrictions (androidpolice.com)

Cyber Threat Intelligence Pros Assess AI Threats Readiness - Infosecurity Magazine (infosecurity-magazine.com)

Apple Intelligence Could Introduce Device Security Risks (darkreading.com)

How big is the AI threat to the cyber security of tech companies? | TechRadar

NIS2 Directive: Stronger EU Cyber Security in the AI era | News | GRC World Forums

Hallucinated Packages, Malicious AI Models, and Insecure AI-Generated Code - Security Boulevard

Microsoft's Recall changes might be too little, too late | TechTarget

Meta Pauses AI Training on EU User Data Amid Privacy Concerns (thehackernews.com)

CISA leads first tabletop exercise for AI cyber security | CyberScoop

AI is not a magic wand – it has built-in problems that are difficult to fix and can be dangerous (theconversation.com)

How AI lies, cheats, and grovels to succeed - and what we need to do about it | ZDNET

2FA/MFA

The absence of multi factor authentication led to the Medibank hack, regulator alleges - ABC News

Medibank breach: Security failures revealed (lack of MFA among them) - Help Net Security

Scathing report on Medibank cyber attack highlights unenforced MFA (bleepingcomputer.com)

'ONNX' MFA Bypass Targets Microsoft 365 Accounts (darkreading.com)

Malware

Hackers have found a clever way to use emojis in their attacks — but it’s not what you think | Tom's Guide (tomsguide.com)

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor (thehackernews.com)

The art of concealment: how hackers hide malware | Cybernews

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining (thehackernews.com)

New ransomware over browser threat targets uploaded files (securityintelligence.com)

Clever macOS malware delivery campaign targets cryptocurrency users - Help Net Security

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration (thehackernews.com)

NiceRAT Malware Targets South Korean Users via Cracked Software (thehackernews.com)

Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework | Trend Micro (US)

Mobile

Explained: Android overlays and how they are used to trick people | Malwarebytes

Internet of Things – IoT

IoT password ban a start, but admins can’t afford to wait for regulators | TechRadar

Data Breaches/Leaks

Blackbaud must pay $6.75 million, improve security after lying about scope of 2020 hack (therecord.media)

Hackers Demand as Much as $5 Million From Snowflake Clients | Company Business News (livemint.com)

Cyber criminals publish data from attack on NHS | UKAuthority

Scathing report on Medibank cyber attack highlights unenforced MFA (bleepingcomputer.com)

The Resurgence of Major Data Breaches? - Security Boulevard

Insurance giant Globe Life investigating web portal breach (bleepingcomputer.com)

Truist Bank confirms breach after stolen data shows up on hacking forum (bleepingcomputer.com)

More than 100,000 patients ‘likely’ impacted by NHS cyber attack (holyrood.com)

Total Fitness database exposed 474k member and staff images • The Register

Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED

Dark-web kingpin puts 'stolen' internal AMD data up for sale • The Register

AMD Investigates Possible Breach Amid Hacker’s Sale of Company Data (pcmag.com)

Optus cyber attack could have been prevented four years prior, says telecoms watchdog - ABC News

T-Mobile denies it was hacked, links leaked data to vendor breach (bleepingcomputer.com)

Threat actor claims to have breached Apple, allegedly stealing source code of several internal tools - 9to5Mac

Threat Actor Claims AMD and Apple Breaches - Infosecurity Magazine (infosecurity-magazine.com)

Change Healthcare to Start Notifying Customers Who Had Data Exposed in Cyber Attack - Security Week

512,000 radiology patient records accessed in cyber attack • The Register

Coding error in forgotten API blamed for massive data breach • The Register

Panera Notifies Employees of Compromised Data (darkreading.com)

Los Angeles Public Health Department Discloses Large Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

Cyber Attack Exposes Freelancer Personal Data - Freelance Informer

Hackers Derail Amtrak Guest Rewards Accounts in Breach (darkreading.com)

Organised Crime & Criminal Actors

UK Man Suspected of Being 'Scattered Spider' Leader Arrested - Security Week

Are We Turning the Corner in the Fight Against Cyber Crime? It’s Complicated. - Security Boulevard

Convicted BEC scammer could face over 100 years in prison (bitdefender.com)

Microsoft hacker avoids jail over multiple cyber attacks - BBC News

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining (thehackernews.com)

Clever macOS malware delivery campaign targets cryptocurrency users - Help Net Security

"Researchers" exploit Kraken exchange bug, steal $3 million in crypto (bleepingcomputer.com)

Insider Risk and Insider Threats

The Rise of the Outside Insider Threat | AFCEA International

Former IT employee gets 2.5 years for wiping 180 virtual servers (bleepingcomputer.com)

10 Ways Employees Are Sabotaging Your Cyber Security Stance (informationweek.com)

Want To Stop Cyber Attacks? Start With The Human Edge (forbes.com)

Insurance

Latest Cyber Insurance Policy Takes Aim at Phishing Attacks (inforisktoday.com)

How will the Merck settlement affect the insurance industry? (securityintelligence.com)

Supply Chain and Third Parties

Blackbaud must pay $6.75 million, improve security after lying about scope of 2020 hack (therecord.media)

Hackers Demand as Much as $5 Million From Snowflake Clients | Company Business News (livemint.com)

Hackers demand $50M ransom payment from UK lab provider following hospital disruption - SiliconANGLE

London Hospitals Knew of Cyber Vulnerabilities Years Before Hack (claimsjournal.com)

Cyber attacks on London's hospitals affect 800 planned operations - BBC News

Tally of victims reaches 100,000 in NHS cyber attack (thetimes.com)

Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED

T-Mobile denies it was hacked, links leaked data to vendor breach (bleepingcomputer.com)

Cloud/SaaS

Cyber Criminals Turn to Multichannel Attacks—Alongside 'Quishing and 'Smishing'—to Dupe Targets | Corporate Counsel (law.com)

The Huge Threat Posed by Increased Targeting of Cloud Services - Infosecurity Magazine (infosecurity-magazine.com)

Scattered Spider hackers switch focus to cloud apps for data theft (bleepingcomputer.com)

Hackers Demand as Much as $5 Million From Snowflake Clients | Company Business News (livemint.com)

Notorious cyber gang UNC3944 attacks vSphere and Azure • The Register

Microsoft admits no guarantee of sovereignty for UK policing data | Computer Weekly

The rise of SaaS security teams - Help Net Security

The Annual SaaS Security Report: 2025 CISO Plans and Priorities (thehackernews.com)

Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED

'ONNX' MFA Bypass Targets Microsoft 365 Accounts (darkreading.com)

The NCSC’s Take on SaaS - Adaptive Shield (adaptive-shield.com)

Encryption

Stop playing games with online security, Signal president warns EU lawmakers | TechCrunch

Signal, MEPs urge EU Council to drop encryption-eroding law • The Register

Linux and Open Source

New Linux malware is controlled through emojis sent from Discord (bleepingcomputer.com)

New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (bleepingcomputer.com)

Linux version of RansomHub ransomware targets VMware ESXi VMs (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

What is a password spraying attack? | Proton

Scathing report on Medibank cyber attack highlights unenforced MFA (bleepingcomputer.com)

Hackers can crack 59% of passwords in an hour | Kaspersky official blog

92% of Orgs Hit by Credential Compromise from Social Engineering - Infosecurity Magazine (infosecurity-magazine.com)

Criminals are Easily Bypassing Passkeys – How Organisations Can Stay Safe - Security Boulevard

Social Media

Why Trading Privacy for 'Free' Web Services Must End (darkreading.com)

4 ways oversharing on social media puts your privacy at risk | TechRadar

New Linux malware is controlled through emojis sent from Discord (bleepingcomputer.com)

Hackers have found a clever way to use emojis in their attacks — but it’s not what you think | Tom's Guide (tomsguide.com)

US surgeon general wants social media warning labels - BBC News

Meta Pauses AI Training on EU User Data Amid Privacy Concerns (thehackernews.com)

Malvertising

Google Chrome Will Track You For The Next 200 Days—Then It May Get Worse (forbes.com)

Training, Education and Awareness

Want To Stop Cyber Attacks? Start With The Human Edge (forbes.com)

Regulations, Fines and Legislation

Blackbaud must pay $6.75 million, improve security after lying about scope of 2020 hack (therecord.media)

Regulatory Changes Are on the Horizon. Are Companies Ready? (govinfosecurity.com)

Regulators urged to promote cyber security investment - Risk.net

UK organisations are confident they will meet the NIS 2 compliance timeline | The Independent

Pressure mounts on CISOs as SEC bares teeth with legal action - Help Net Security

Why Regulated Industries are Turning to Military-Grade Cyber Defences (thehackernews.com)

Can governments turn AI safety talk into action? | ZDNET

NIS2 Directive: Stronger EU Cyber Security in the AI era | News | GRC World Forums

The absence of multi factor authentication led to the Medibank hack, regulator alleges - ABC News

Signal, MEPs urge EU Council to drop encryption-eroding law • The Register

SEC cyber security filings on the rise as new reporting rules bite | ITPro

Models, Frameworks and Standards

Why NIS2 is set to become a ‘cornerstone’ of cyber security (siliconrepublic.com)

Careers, Working in Cyber and Information Security

Most cyber security pros took time off due to mental health issues - Help Net Security

The Perilous Role of the CISO: Navigating Modern Minefields - Security Week

Navigating the Cyber Security Hiring Trenches: Challenges, Realities, and Paths Forward | HackerNoon

To Address Burnout, Cyber Security Must Learn to Tolerate Failure (informationweek.com)

Cyber security burnout is costing US enterprises over $620 million a year (techinformed.com)

Effectively upskilling cyber security professionals to help close the skills gap | CSO Online

Cyber Security Burnout Crisis: Burnout in Next 12 Months (thehrdirector.com)

Cyber Security workers are increasingly working over the weekends — and many are ready to quit | TechRadar

9 ways CSOs lose their jobs | CSO Online

Making the Move From Tech Expert to Cyber Security Leader (inforisktoday.com)

Survey Finds Growing Number of Tech Tools Makes Cyber Security Professionals Feel “Out of Control” - IT Security Guru

Is it time to split the CISO role? | CSO Online

ISC2/CIISec Tips on Recruitment, Retention in Cyber Security (govinfosecurity.com)

Law Enforcement Action and Take Downs

Nigerian national faces prison for $1.5M phishing scam • The Register

Former IT employee gets 2.5 years for wiping 180 virtual servers (bleepingcomputer.com)

UK Man Suspected of Being 'Scattered Spider' Leader Arrested - Security Week

Suspected dark-web Empire Market admins charged in the US • The Register

Two Men Plead Guilty to Hacking Law Enforcement Database for Doxing - Security Week

Convicted BEC scammer could face over 100 years in prison (bitdefender.com)

Rogue IT director pleads guilty to $2.1M scam charges • The Register

Sellafield pleads guilty to criminal charges over cyber security failings (yahoo.com)

Microsoft hacker avoids jail over multiple cyber attacks - BBC News

Misinformation, Disinformation and Propaganda

Addressing Misinformation in Critical Infrastructure Security (darkreading.com)

ISIS Created Fake CNN and Al Jazeera Broadcasts | WIRED

US election official: ‘Whack-a-mole’ strategies less effective to combat disinfo | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Is Cyber Becoming a Primary Domain of Warfare? (inforisktoday.com)

Nation State Actors

China

Chinese Threats Aim for Government Sector - Security Boulevard

British army delays King Charles cap badges over China spying fears (ft.com)

Bug Bounty Programs, Hacking Contests Power China's Cyber Offense (darkreading.com)

Chinese firm sought to use UK university links to access AI for possible military use | Imperial College London | The Guardian

China's 'Velvet Ant' APT Nests Inside Multiyear Espionage Effort (darkreading.com)

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices (thehackernews.com)

Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021 (thehackernews.com)

Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework | Trend Micro (US)

Russia

ICC probes cyber attacks in Ukraine as possible war crimes, sources say | Reuters

Russia May Have Committed War Crimes by Hacking Ukraine's Critical Infrastructure, ICC Starts Probe | Tech Times

US Bans Kaspersky Software, Citing National Security Risks (thehackernews.com)

The Rise of the Outside Insider Threat | AFCEA International

Espionage and cyber attack threat reaches new dimension in Germany, interior minister warns – POLITICO

France wants to remind you of Russia’s threat to democracy • The Register

Poland points to Russian hackers in disruption of Euro 2024 broadcast (therecord.media)

Sweden says Russia is interfering with Nordic satellites • The Register

USA and G7 to increase cyber security of their energy sector / The New Voice of Ukraine (nv.ua)

Russians report some outages on bank apps after cyber attack, says Kommersant daily (yahoo.com)

Iran

Germany Warns of Growing Espionage, Cyber Threats from Iran | Iran International (iranintl.com)

North Korea

NiceRAT Malware Targets South Korean Users via Cracked Software (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

ISIS Created Fake CNN and Al Jazeera Broadcasts | WIRED

Hamas Hackers Sling Stealthy Spyware Across Egypt, Palestine (darkreading.com)

Tools and Controls

More than 70% of companies increased spending on proactive security | Security Magazine

Get your legal ducks in a row to contain a crisis - Katy MacAskill (scotsman.com)

The importance of collaborating AI with human expertise (securitybrief.co.nz)

Edge Devices: The New Frontier for Mass Exploitation Attacks - Security Week

Report Reveals Record Exploitation Rate For Load Balancers - Infosecurity Magazine (infosecurity-magazine.com)

Your company needs a BEC policy and five other email security trends (betanews.com)

The rise of SaaS security teams - Help Net Security

The Software Licensing Disease Infecting Our Nation's Cyber Security (darkreading.com)

Massachusetts 911 Outage Caused by Errant Firewall - Security Week

How Cyber Security Can Steer Organisations Toward Sustainability (darkreading.com)

How A Cyber Security Audit Can Identify Risk of Compromise | HealthLeaders Media

Defending your ever-changing attack surface - IT Security Guru

US, Allies Publish Guidance on Securing Network Access - Security Week

Want To Stop Cyber Attacks? Start With The Human Edge (forbes.com)

Closing the Readiness Gap: How to Ensure a Fast Recovery From the Inevitable Cyber Attack - Security Boulevard

Microsoft 365's Security Gaps: Logging and Beyond (govinfosecurity.com)

How to create your cyber security "Google Maps": A step-by-step guide for security teams - Help Net Security

A young cyber market has matured, but enhancing preparedness and resilience is key: Kreuzer, Munich Re - Reinsurance News

From Reactive to Proactive Threat Hunting - GovInfoSecurity

Cyber Security Practices For Remote Working - TechRound

Survey Finds Growing Number of Tech Tools Makes Cyber Security Professionals Feel “Out of Control” - IT Security Guru

Tabletop exercises are headed to the next frontier: Space (talosintelligence.com)

What Will the Next-Gen of Security Tools Look Like? | HackerNoon

The NCSC’s Take on SaaS - Adaptive Shield (adaptive-shield.com)

Tool Overload: Why MSPs Are Still Drowning with Countless Cyber Security Tools in 2024 (thehackernews.com)

Reports Published in the Last Week

Report urges extending scope of cyber security measures | UKAuthority

Stephen McPartland MP - Final report and 16 recommendations of the McPartland Review into Cyber Security as an enabler of Economic Growth below (stephen-mcpartland.com)

240528_McPartland_Review.pdf (stephen-mcpartland.com)

National Cyber Resilience Advisory Board (NCRAB) minutes: March 2024 - gov.scot (www.gov.scot)

The Annual SaaS Security Report: 2025 CISO Plans and Priorities (thehackernews.com)

Other News

Cyber threats will present an ever greater number of risks to international peace and security: UK statement at the UN Security Council - GOV.UK (www.gov.uk)

The importance of collaborating AI with human expertise (securitybrief.co.nz)

Report urges extending scope of cyber security measures | UKAuthority

What is the current state of Security Culture in Europe? | TechRadar

Cyber attack shuts down Israeli pharma company's distribution | Ctech (calcalistech.com)

Sellafield pleads guilty to criminal charges over cyber security failings (yahoo.com)

How resilient is UK Critical National Infrastructure to cyber attack? - Committees - UK Parliament

Microsoft 365's Security Gaps: Logging and Beyond (govinfosecurity.com)

Massachusetts 911 Outage Caused by Errant Firewall - Security Week

Cyber security - what GP practices need to know to protect themselves - Management In PracticeManagement In Practice

Microsoft 'accepts responsibility' for cyber security failures, top exec says (qz.com)

Microsoft was slammed for its lax cyber security practices after a series of breaches — now it plans to cut executive bonuses if they don't improve standards | ITPro

What Does the Future of Cyber Security in Space Look Like? (govtech.com)

Space: The Final Frontier for Cyber Attacks (darkreading.com)

A new fear for CSOs: The sky is falling | CSO Online

The Software Licensing Disease Infecting Our Nation's Cyber Security (darkreading.com)

Cyber Security Challenges For UK Private Bankers - TechRound

New maritime cyber security body launches - Port Technology International

Process and Control Today | New Study Finds Cyber Security as Top Concern Among Automotive Manufacturers (pandct.com)

Vietnam's internet again in trouble as 3/5 sub cables cut • The Register

Cyber Attack Hits Software Provider for Car Dealers Across the US (claimsjournal.com)

Improving OT cyber security remains a work in progress - Help Net Security

Microsoft is in trouble | Digital Trends

Vulnerability Management

The Ultimate Guide to Troubleshooting Vulnerability Scan Failures - Security Boulevard

Zero-Day Exploits and Ransomware Trends for 2024 (govinfosecurity.com)

Vulnerabilities

Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating | Ars Technica

New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now (forbes.com)

Arm Memory Tag Extensions broken by speculative execution • The Register

VMware by Broadcom warns of critical vCenter flaws • The Register

Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft (darkreading.com)

Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability - Security Week

CISA warns of Windows bug exploited in ransomware attacks (bleepingcomputer.com)

Security Researchers Expose Critical Flaw in Ivanti Software (databreachtoday.co.uk)

New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (bleepingcomputer.com)

Dark-web kingpin puts 'stolen' internal AMD data up for sale • The Register

AMD Investigates Possible Breach Amid Hacker’s Sale of Company Data (pcmag.com)

Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition - Security Week

Fortinet, Ivanti zero-day victims face evolved persistence by the espionage actor | CSO Online

SolarWinds Serv-U path traversal flaw actively exploited in attacks (bleepingcomputer.com)

Atlassian fixed six high-severity bugs in Confluence (securityaffairs.com)

ASUS fixed critical remote authentication bypass bug in several routers (securityaffairs.com)

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 19/06/2024 Black Arrow Admin 19/06/2024

Black Arrow Cyber Advisory 19 June 2024 – Critical VMware vCenter Remote Code Execution and Privilege Escalation Vulnerability

Executive summary

Broadcom have released patches addressing three vulnerabilities affecting VMware vCenter. Two of the vulnerabilities are critical severity, allowing remote code execution (CVE-2024-37079 and CVE-2024-37080) the other which allows an attacker to gain admin privileges (CVE-2024-37081).

What’s the risk to me or my business?

If the vulnerabilities are successfully exploited this will allow an attacker to perform arbitrary remote code execution, and the other will allow a local authenticated user to gain admin privileges. All of the vulnerabilities if exploited could have a high impact on the confidentiality, integrity and availability of the organisations data on affected systems.

What can I do?

There is no evidence that the vulnerabilities are being exploited in the wild, however Black Arrow recommends applying the available patches for the vulnerability as soon as possible, further information can be found in the Broadcast advisory below.

Technical Summary

CVE-2024-37039 and CVE-2024-37080 – vCenter Server contains a heap-overflow vulnerability in the Distributed Computing Environment/Remote Procedure Call (DCERPC) protocol. These vulnerabilities allow an attacker to potentially perform arbitrary remote code execution by sending specially crafted network packets.

CVE-2024-37081 – vCenter contains multi local privilege escalation vulnerabilities due to misconfigurations of sudo. This allows an authenticated local user with non-administrative privileges to elevate to root (admin) privileges on vCenter Server Appliance.

Further information on the VMware advisory can be found here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

https://core.vmware.com/resource/vmsa-2024-0012-questions-answers#introduction

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 16/06/2024 Black Arrow Admin 16/06/2024

Black Arrow Cyber Threat Briefing 14 June 2024

Black Arrow Cyber Threat Intelligence Briefing 14 June 2024:

-Phishing Attacks Targeting US and European Organisations Double

-78% of People Use the Same Password Across Multiple Accounts

-IT Downtime Cuts Enterprise Profit by 9%

-Financial Services, The Golden Target for Cyber Criminals

-Forced-Labour Camps Fuel Billions of Dollars in Cyber Scams

-Why You Must Consider the Security Risks of BYOD

-Cyber Criminals Work Faster Than Ever

-IoT Vulnerabilities Skyrocket, Becoming Key Entry Point for Attackers

-Cyber Security Is a Boardroom Issue

-An Evolving Threat Landscape: A Battle Between Good and Evil, with Small Business Cyber Security Threats on the Rise

-Ransomware Gangs are Adopting “More Brutal” Tactics Amid Crackdowns

Governance, Risk and Compliance

The CEO Is Next (darkreading.com)

Cyber Security Is Now a Boardroom Issue - GovInfoSecurity

The Need for Enhancing Cyber Preparedness in Financial Institutions (finextra.com)

Financial Services, the golden target for cyber criminals (finextra.com)

IT downtime cuts enterprise profit by 9%, says study | CIO

Cyber board-level reps | Professional Security

5 cyber security risks and challenges in supply chain | TechTarget

Marsh Insurance: Volume of Cyber Insurance Claims Reaches New Heights (darkreading.com)

Small Business Cyber Security Threats on the Rise | Inc.com

CISO Strategies for Navigating Expanding Cyber Security Regulations (forbes.com)

What Tech Execs Can Learn From 2023’s Most Notable Cyber Security Breaches (forbes.com)

Assigning a Monetary Value to Cyber Risk | MSSP Alert

Cyber security governance: The reality of board member liability in cyber attacks, data breaches | ITWeb

4 Ways to Help a Security Culture Thrive (darkreading.com)

Cyber Security Crunch: Building Strong Data Security Programs with Limited Resources - Insights from Tech and Financial Services Sectors | Womble Bond Dickinson - JDSupra

Cloud migration expands the CISO role yet again - Help Net Security

Here’s how to create a security culture that adheres to the new SEC regs | SC Media (scmagazine.com)

How to Create a Cyber Risk Assessment Report (cybersaint.io)

Learning From Others' Gaps in the Wake of Major Attacks (inforisktoday.com)

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Is ‘More Brutal’ Than Ever in 2024 | WIRED

Ransomware tracker: The latest figures [June 2024] (therecord.media)

Unpacking The Ten Most Dangerous Ransomware Gangs (informationsecuritybuzz.com)

Ransomware Group Exploits PHP Vulnerability Days After Disclosure - Security Week

Police arrest Conti and LockBit ransomware crypter specialist (bleepingcomputer.com)

Black Basta Actors Exploited Windows 0day Privilege Vulnerability (cybersecuritynews.com)

Scattered Spider Now Affiliated with RansomHub Following BlackCat Exit - Infosecurity Magazine (infosecurity-magazine.com)

7K LockBit decryptors offered as FBI seeks trust, cooperation from victims | SC Media (scmagazine.com)

Why Akira could be the next big thing in ransomware • The Register

Should there be a total ban on ransom payments? (securityintelligence.com)

What to Do When Your Business Associate Suffers a Ransomware Attack | Dentons - JDSupra

Medical-Targeted Ransomware Is Breaking Records After Change Healthcare’s $22M Payout | WIRED

NHS issues urgent blood donation appeal after IT cyber attack leaves hospitals struggling to match patients (yahoo.com)

What Makes Healthcare a Prime Target for Ransomware? (govinfosecurity.com)

New Fog ransomware targets schools via hacked VPNs | TechRadar

Ransomware Victims

Hundreds of cancer patients hit by NHS cyber attack as thousands of appointments cancelled | The Independent

Christie's Says Ransomware Attack Impacts 45,000 People - Security Week

Ransomware Attack Targets Canada’s Largest School Board (bloomberglaw.com)

Cyber attack means Japanese site Niconico needs total rebuild • The Register

Phishing & Email Based Attacks

Phishing Attacks Targeting US and European Organisations Double - Infosecurity Magazine (infosecurity-magazine.com)

Look before you scan – the QR code scammers are phishing for business | John Naughton | The Guardian

More eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack (thehackernews.com)

New phishing toolkit uses PWAs to steal login credentials (bleepingcomputer.com)

Phishing emails abuse Windows search protocol to push malicious scripts (bleepingcomputer.com)

Ascension Attack Caused by Employee Downloading Malicious File - Infosecurity Magazine (infosecurity-magazine.com)

Most impersonated sectors, brands in phishing examined | SC Media (scmagazine.com)

BEC

Massachusetts town loses $445,000 in email scam | StateScoop

BEC attack comment | Professional Security

Other Social Engineering

How to Spot a SIM-Swap Attack (and What to Do Next) | Lifehacker

Protecting identity in a world of deepfakes and social engineering - Help Net Security

Cyber security pros change strategies to combat AI-powered threats - Help Net Security

Are older adults more vulnerable to scams? What psychologists have learned about who’s most susceptible, and when (theconversation.com)

As 'swatting' attacks rise, feds win rare prison sentence for Ashton Connor Garcia - Washington Times

CISA Warns Phone Scammers Are Impersonating its Staff - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

Cyber security pros change strategies to combat AI-powered threats - Help Net Security

Multiple ChatGPT instances work together to find and exploit security flaws — teams of LLMs tested by UIUC beat single bots and dedicated software | Tom's Hardware (tomshardware.com)

EmailGPT Exposed to Prompt Injection Attacks - Infosecurity Magazine (infosecurity-magazine.com)

The Double-Edged Sword of Generative AI - Infosecurity Magazine (infosecurity-magazine.com)

Chatham House Cyber 2024 - how AI creates new cyber security dimensions (diginomica.com)

How to spot a deepfake - Raconteur

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models (thehackernews.com)

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools - Security Week

Urgently needed: AI governance in cyber warfare - Help Net Security

Protecting identity in a world of deepfakes and social engineering - Help Net Security

GDPR turns six: Expert discusses AI impact - Help Net Security

The Emerging Ecosystem Dedicated to AI Accountability | Decipher (duo.com)

Elon Musk threatens to ban iPhones over OpenAI integration | Digital Trends

Microsoft’s Recall puts the Biden administration’s cyber credibility on the line | CyberScoop

2FA/MFA

Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign (thehackernews.com)

How scammers bypass 2FA | Securelist

Hackers Using OTP bots To Bypass Two-Factor Authentication (cybersecuritynews.com)

How to meet evolving MFA demands in the current threat landscape (bleepingcomputer.com)

Malware

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics (thehackernews.com)

One of Microsoft’s main markets is full of malware - Softonic

WarmCookie Gives Cyber Attackers New Backdoor for Initial Access (darkreading.com)

Why malware matters most: 6 ways to foil software threats faster - Security Boulevard

Cyber Criminals Employ PhantomLoader to Distribute SSLoad Malware (thehackernews.com)

Ascension Attack Caused by Employee Downloading Malicious File - Infosecurity Magazine (infosecurity-magazine.com)

Malicious VSCode extensions with millions of installs discovered (bleepingcomputer.com)

Hundreds of Russian organisations hit with infostealer campaign | SC Media (scmagazine.com)

Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS (thehackernews.com)

Mobile

How to Spot a SIM-Swap Attack (and What to Do Next) | Lifehacker

Two arrested in UK over fake cell tower smishing campaign • The Register

Why You Should Delete These 100 Dangerous Google Play Store Apps (forbes.com)

Apple Says iPhones Will Get Security Updates for at Least 5 Years - Security Week

Google Will Track Your Location For The Next 180 Days—Then It Stops

Security and privacy strategies for CISOs in a mobile-first world - Help Net Security

Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS (thehackernews.com)

Security and privacy settings in WhatsApp | Kaspersky official blog

Denial of Service/DoS/DDOS

Hacktivists target Irish websites in EU-wide cyber attacks (rte.ie)

DDoS attacks target EU political parties as elections begin (bleepingcomputer.com)

Pro-Russian hacker group claims responsibility for attempted cyber attacks on Irish websites (irishexaminer.com)

Ireland Hit by Coordinated Cyber Attacks: NCSC Mobilises Response | Cork Safety Alerts

Second Australian Rare Earths Producer Suffers Cyber Attack (bloomberglaw.com)

Internet of Things – IoT

Report: Network equipment most at risk of cyber attacks | SC Media (scmagazine.com)

Dangerous Liaisons: The Interaction Between Threat Actors and High-Risk Devices - Security Week

What Devices Pose the Highest Security Risk? Forescout Answers in New Research: The Riskiest Connected Devices in 2024 | Business Wire

IoT Vulnerabilities Skyrocket, Becoming Key Entry Point for Attackers - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

Hackers steal “significant volume” of data from hundreds of Snowflake customers | Ars Technica

Snowflake Cloud Accounts Felled by Rampant Credential Issues (darkreading.com)

Hotel Check-in Kiosks Expose Guest Data, Room Keys (darkreading.com)

Snowflake Is Working to Beef Up Security Controls as Firms Probe Breaches (yahoo.com)

23andMe data breach under investigation in UK and Canada (bleepingcomputer.com)

Pure Storage confirms data breach after Snowflake account hack (bleepingcomputer.com)

Cylance confirms the legitimacy of data offered for sale in the dark web (securityaffairs.com)

NYSE Parent Hit with $10M Fine for Failure to Report Cyber Breach | MSSP Alert

The mystery of an alleged data broker’s data breach | TechCrunch

Tile hacked: Customer data and internal tools accessed by hacker (bgr.com)

Student's flimsy bin bags blamed for latest NHS data breach • The Register

Frontier says 750,000 Social Security numbers accessed during April cyber attack (therecord.media)

'New York Times source code' leaks online via 4chan • The Register

Threat Actor Claims to Leak 270GB of New York Times Data - Infosecurity Magazine (infosecurity-magazine.com)

Christie's Says Ransomware Attack Impacts 45,000 People - Security Week

White House report details all of 2023’s major gov breaches • The Register

Organised Crime & Criminal Actors

How Cyber Crime Empires Are Built (darkreading.com)

Scattered Spider Now Affiliated with RansomHub Following BlackCat Exit - Infosecurity Magazine (infosecurity-magazine.com)

Cyber crime suspects often young, increasingly armed: Dutch police | NL Times

Forced-Labor Camps Fuel Billions of Dollars in Cyber Scams (darkreading.com)

Cyber criminals work faster than ever | Professional Security

16-year-old arrested in France in connection with high-profile Epsilon hacking group attacks (bitdefender.com)

22 Chinese nationals sentenced to long prison terms in Zambia for multinational cyber crimes | AP News

As 'swatting' attacks rise, feds win rare prison sentence for Ashton Connor Garcia - Washington Times

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters (thehackernews.com)

Insurance

Marsh Insurance: Volume of Cyber Insurance Claims Reaches New Heights (darkreading.com)

The Big Question: Is the cyber market becoming too soft for the risks it writes? - Emerging Risks Media Ltd

Supply Chain and Third Parties

Hackers steal “significant volume” of data from hundreds of Snowflake customers | Ars Technica

Hundreds of cancer patients hit by NHS cyber attack as thousands of appointments cancelled | The Independent

5 cyber security risks and challenges in supply chain | TechTarget

A Third-Party Risk Management Lifecycle for Cyber Security | UpGuard

Snowflake Cloud Accounts Felled by Rampant Credential Issues (darkreading.com)

Ransomware attack on England's health system highlights life-threatening impact of cyber crime | CBC News

Pure Storage confirms data breach after Snowflake account hack (bleepingcomputer.com)

What to Do When Your Business Associate Suffers a Ransomware Attack | Dentons - JDSupra

Cloud/SaaS

Hackers steal “significant volume” of data from hundreds of Snowflake customers | Ars Technica

Snowflake Cloud Accounts Felled by Rampant Credential Issues (darkreading.com)

Snowflake Is Working to Beef Up Security Controls as Firms Probe Breaches (yahoo.com)

Pure Storage confirms data breach after Snowflake account hack (bleepingcomputer.com)

A CISO game plan for cloud security | InfoWorld

Why SaaS Security is Suddenly Hot: Racing to Defend and Comply (thehackernews.com)

Cloud migration expands the CISO role yet again - Help Net Security

Compatibility with UK laws and shared responsibility: MoD sets cloud security controls for suppliers – PublicTechnology

Identity and Access Management

Protecting identity in a world of deepfakes and social engineering - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

78% of people use the same password across multiple accounts | Security Magazine

America’s Password Habits: 46% Report Having their Password Stolen Over the Last Year – Forbes Advisor

New phishing toolkit uses PWAs to steal login credentials (bleepingcomputer.com)

Regulations, Fines and Legislation

Is a US Nationwide Privacy Law Really Coming? (darkreading.com)

NYSE Parent Hit with $10M Fine for Failure to Report Cyber Breach | MSSP Alert

CISO Strategies For Navigating Expanding Cyber Security Regulations (forbes.com)

Google faces GDPR complaint over Privacy Sandbox • The Register

GDPR turns six: Expert discusses AI impact - Help Net Security

Here’s how to create a security culture that adheres to the new SEC regs | SC Media (scmagazine.com)

Data Protection

Is a US Nationwide Privacy Law Really Coming? (darkreading.com)

Careers, Working in Cyber and Information Security

Cyber Security Job Hunting May Come Down to Certifications (darkreading.com)

Cyber Security CPEs: Unraveling the What, Why & How (thehackernews.com)

The US cyber security industry needs an estimated 225,200 workers | Security Magazine

Preparing for a career in cyber security? Check out these statistics - Help Net Security

Strategies to Manage and Reduce Alert Fatigue in SOCs - IT Security Guru

70% of Cyber Security Pros Often Work Weekends - Infosecurity Magazine (infosecurity-magazine.com)

The risk of a thousand paper cuts – the human-centred problem seen with stress and burnout in cyber security (techuk.org)

Men’s Mental Health Week: Resource Guide - IT Security Guru

Law Enforcement Action and Take Downs

Police arrest Conti and LockBit ransomware crypter specialist (bleepingcomputer.com)

16-year-old arrested in France in connection with high-profile Epsilon hacking group attacks (bitdefender.com)

Misinformation, Disinformation and Propaganda

Russia Is Targeting Germany With Fake Information as Europe Votes | WIRED

Switzerland encounters rise in cyber attacks and disinformation prior to upcoming Ukraine summit (kyivindependent.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

Increasing Cyber Threats from China: What Business Leaders Need to Know | American Enterprise Institute - AEI

"Epoch-Defining" Challenge! China Weaponizing Civilian Hackers Via MCF Program Creates 'Typhoon' In The West (eurasiantimes.com)

Chinese hackers breached 20,000 FortiGate systems worldwide (bleepingcomputer.com)

Chinese cyber espionage campaign targets ‘dozens’ of Western governments, Dutch officials say | CyberScoop

Noodle RAT Reviewing the New Backdoor Used by Chinese-Speaking Groups | Trend Micro (US)

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics (thehackernews.com)

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale (thehackernews.com)

The new front in China’s cyber campaign against America (economist.com)

Kaspersky Finds 24 Flaws in Chinese Biometric Hardware Provider - Infosecurity Magazine (infosecurity-magazine.com)

22 Chinese nationals sentenced to long prison terms in Zambia for multinational cyber crimes | AP News

Russia

Microsoft Says Russia 'More Aggressive' In Cyber Space (rferl.org)

bne IntelliNews - Russian cyberwar against Ukraine and the West

Switzerland encounters rise in cyber attacks and disinformation prior to upcoming Ukraine summit (kyivindependent.com)

NATO to take tougher action on Russian spies, says Stoltenberg – POLITICO

'Sticky Werewolf' APT Stalks Aviation Sector (darkreading.com)

Pro-Russia cyber attack targets Netherlands parties on first day of European elections - JURIST - News

Pro-Russian hacker group claims responsibility for attempted cyber attacks on Irish websites (irishexaminer.com)

Russia Is Targeting Germany With Fake Information as Europe Votes | WIRED

The Paris Olympic games will likely present a high cyber risk | Security Magazine

Hundreds of Russian organisations hit with infostealer campaign | SC Media (scmagazine.com)

Putin's subs have exposed Ireland's shameless hypocrisy (telegraph.co.uk)

Tools and Controls

CISOs may be too reliant on EDR/XDR defenses | CSO Online

How to conduct an API risk assessment and improve security | TechTarget

A Third-Party Risk Management Lifecycle for Cyber Security | UpGuard

What is ELINT (electronic intelligence)? | Definition from TechTarget

9 out of 10 businesses seek AI-led threat detection and vulnerability management - IT Security Guru

What is IT incident management? | Definition from TechTarget

Strategies to Manage and Reduce Alert Fatigue in SOCs - IT Security Guru

A CISO game plan for cloud security | InfoWorld

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale (thehackernews.com)

Why SaaS Security is Suddenly Hot: Racing to Defend and Comply (thehackernews.com)

Marsh Insurance: Volume of Cyber Insurance Claims Reaches New Heights (darkreading.com)

Windows Security vs. Microsoft Defender: Important differences you should know | PCWorld

Assigning a Monetary Value to Cyber Risk | MSSP Alert

20 Questions To Assess Cyber Security Risks Within An Organisation (forbes.com)

Top 10 Critical Pentest Findings 2024: What You Need to Know (thehackernews.com)

Modern fraud detection need not rely on PII - Help Net Security

How to meet evolving MFA demands in the current threat landscape (bleepingcomputer.com)

The Big Question: Is the cyber market becoming too soft for the risks it writes? - Emerging Risks Media Ltd

How Enterprise Browsers Enhance Security and Efficiency (inforisktoday.com)

What is communications intelligence (COMINT)? | Definition from TechTarget

Cyber Security Consolidation Ahead: Tool Sprawl Rolls Up to Platforms | MSSP Alert

AI cyber security solutions detect ransomware in under 60 seconds (securityintelligence.com)

Why CISOs need to build cyber fault tolerance into their business - Help Net Security

What Is Attack Path Mapping? - TechRound

How PE Firm CFOs Cost-Effectively Manage Cyber Risk | Kovrr - Security Boulevard

How to Create a Cyber Risk Assessment Report (cybersaint.io)

Other News

Collaboration is Key to an Effective Security Culture - Infosecurity Magazine (infosecurity-magazine.com)

Microsoft president to testify about security lapses - Security - iTnews

Cyber attacks are hitting research institutions — with devastating effects (nature.com)

After Recall's mess, Microsoft isn't beating the security loopholes allegation any time soon - MSPoweruser

Introducing SMEs to cyber security (admin.ch)

Beware of these 7 new hacker tricks — and how to protect yourself | PCWorld

Microsoft Ignored Whistleblower Warnings Before SolarWinds Attack (pcmag.com)

Why CISOs need to build cyber fault tolerance into their business - Help Net Security

How to combat cyber threats and secure democracy in the digital age (federaltimes.com)

New Tallinn Paper focuses on Cyber Diplomacy Concepts and Practices

'I just don’t trust what you’re saying': Lawmakers grill Microsoft executive on cyber lapses - POLITICO

Microsoft in damage-control mode, says it will prioritize security over AI | Ars Technica

Microsoft now says employees will be graded on their cyber security contributions - Neowin

How PE Firm CFOs Cost-Effectively Manage Cyber Risk | Kovrr - Security Boulevard

Navigating cyber risk in the manufacturing sector | Retail Technology Review

5 Cost-Effective Cyber Security Tips To Boost Startup EBITDA (forbes.com)

Cyber Attacks on Higher Ed Rose Dramatically Last Year, Report Shows | EdTech Magazine

Vulnerability Management

9 out of 10 businesses seek AI-led threat detection and vulnerability management - IT Security Guru

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools - Security Week

Solving the systemic problem of recurring vulnerabilities - Help Net Security

AI’s role in accelerating vulnerability management - Help Net Security

Vulnerabilities

Exploit for critical Veeam auth bypass available, patch now (bleepingcomputer.com)

Exploit for Veeam Recovery Orchestrator auth bypass available, patch now (bleepingcomputer.com)

Chinese hackers breached 20,000 FortiGate systems worldwide (bleepingcomputer.com)

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs (bleepingcomputer.com)

Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities - Security Week

PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager (darkreading.com)

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) - Help Net Security

Cisco fixes WebEx flaw after government comms exposed • The Register

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution (thehackernews.com)

Nvidia Patches High-Severity GPU Driver Vulnerabilities - Security Week

JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens (bleepingcomputer.com)

Ransomware Group Exploits PHP Vulnerability Days After Disclosure - Security Week

Black Basta Actors Exploited Windows 0day Privilege Vulnerability (cybersecuritynews.com)

Google patches 50 Pixel security flaws, including one hackers are using in their attacks — update your phone now | Tom's Guide (tomsguide.com)

Multiple flaws in Fortinet FortiOS fixed (securityaffairs.com)

Netgear WNR614 flaws allow device takeover, no fix available (bleepingcomputer.com)

Adobe Plugs Code Execution Holes in After Effects, Illustrator - Security Week

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 13/06/2024 Black Arrow Admin 13/06/2024

Black Arrow Cyber Advisory 13 June 2024 – Microsoft Patches Critical RCE Flaw and Zero-Click Vulnerability

Executive summary

Microsoft have released patches for a ‘critical’ remote code execution vulnerability (CVE-2024-30080) and a ‘high’ zero-click vulnerability (CVE-2024-30103) this week. The critical vulnerability allows an attacker to perform remote code execution by sending a specially crafted malicious Microsoft Message Queuing (MSMQ) technology packet to an MSMQ server. The zero-click vulnerability allows an attacker to bypass Outlook registry block lists and enable the creation of malicious files, which is initiated when an affected email is previewed in Outlook or opened.

What’s the risk to me or my business?

If the vulnerabilities are successfully exploited this will allow an attacker to perform arbitrary remote code execution, and the other will allow for malicious DLL files to be created. Both vulnerabilities if exploited could have a high impact on the confidentiality, integrity and availability of the organisations data on affected systems.

What can I do?

Black Arrow recommends applying the available patches for the vulnerability as soon as possible following their organisations update policies due to the severity.

Technical Summary

CVE-2024-30080 – This vulnerability allows an attacker to completely take over an affected server by sending a specially crafted malicious MSMQ packet to a MSMQ server, performing arbitrary remote code execution on the server side.

CVE-2024-30103 – This vulnerability allows an authenticated malicious actor using valid Exchange user credentials to bypass the Outlook registry block lists and enable the creation of malicious DLL files, allowing them to perform other malicious activities.

Further information on Microsoft Patches released this week can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Jun

Further information on the RCE vulnerability can be found here:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30080

Further information on the Zero-Click vulnerability can be found here:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30103

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 12/06/2024 Black Arrow Admin 12/06/2024

Black Arrow Cyber Advisory 12 June 2024 – Fortinet FortiGate SSL VPN Vulnerability Leads to 20,000 Systems Being Breached by China Globally

Executive summary

The Dutch cyber security agency has recently State-sponsored threat actors backed by China have gained access to 20,000 Fortinet Fortigate systems globally between 2022 and 2023 through the Coathanger malware campaign. The vulnerability (CVE-2022-42475) allows a malicious actor to remotely execute malicious code. The Coathanger malware is persistent and remains on the devices even after reboots and firmware and software updates. While Fortinet silently released an update to fix this vulnerability in November 2022, they did not announce this until December 2022 in which during this time 14,000 devices were backdoored.

What’s the risk to me or my business?

The vulnerability in Fortinet’s products affected by this could pose a significant risk to your organisation. If exploited it could allow an attacker to remain in the product even after reboots and firmware updates. It also could allow an attacker to remotely execute malicious code. This could compromise the confidentiality, integrity, and availability of your organisation’s data

What can I do?

The vulnerability is difficult to identify and remove even if the patch has been installed to fix this vulnerability, indicators of compromise can be found in the link below. If you are unsure of what to do, please contact Black Arrow for further help and guidance.

Technical Summary

CVE-2022-42475: This is a heap-based buffer overflow vulnerability which may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

The affected products are:

· FortiOS version 7.2.0 through 7.2.2

· FortiOS version 7.0.0 through 7.0.8

· FortiOS version 6.4.0 through 6.4.10

· FortiOS version 6.2.0 through 6.2.11

· FortiOS version 6.0.0 through 6.0.15

· FortiOS version 5.6.0 through 5.6.14

· FortiOS version 5.4.0 through 5.4.13

· FortiOS version 5.2.0 through 5.2.15

· FortiOS version 5.0.0 through 5.0.14

· FortiOS-6K7K version 7.0.0 through 7.0.7

· FortiOS-6K7K version 6.4.0 through 6.4.9

· FortiOS-6K7K version 6.2.0 through 6.2.11

· FortiOS-6K7K version 6.0.0 through 6.0.14

· FortiProxy version 7.2.0 through 7.2.1

· FortiProxy version 7.0.0 through 7.0.7

· FortiProxy version 2.0.0 through 2.0.11

· FortiProxy version 1.2.0 through 1.2.13

· FortiProxy version 1.1.0 through 1.1.6

· FortiProxy version 1.0.0 through 1.0.7

Further information from the National Cyber Security Centre can be found here:

https://www.ncsc.nl/actueel/nieuws/2024/juni/10/aanhoudende-statelijke-cyberspionagecampagne-via-kwetsbare-edge-devices

Further information on the FortiGuard Advisory can be found here:

https://www.fortiguard.com/psirt/FG-IR-22-398

Further information on the Indicators of compromise can be found here:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Critical-vulnerability-Protect-against-heap-based/ta-p/239420

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Threat Intelligence Blog

Top Cyber Stories of the Last Week

CrowdStrike Insured Losses May Top $1.5B, MSP Insurance Expert Advises “Read the Fine Print” on Your Policy

Fragmented and Multiplied Cyber Criminal Landscape, Warns New Europol Report

Ransomware and BEC Make Up 60% of Cyber Incidents

Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams

Cyber Threat Landscape is ‘The Worst it has Been in the Past Five Years’

In Cyber Security, Mitigating Human Risk Goes Far Beyond Training

Malware Attacks Surge 30% in First Half of 2024

AI-generated Deepfake Attacks Force Companies to Reassess Cyber Security, as Deepfakes Demean, Defraud and Disinform

KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware

Low Level Cyber Criminals are Pouncing on CrowdStrike Connected Outage

The Importance of Cyber Resilience in the Face of Global IT Failures

Russia’s Shadow War Against Europe has Begun as Cyber Attacks Abusing Microsoft Infrastructure Increase

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Outages

Identity and Access Management

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Tools and Controls

Reports Published in the Last Week

Other News

Vulnerability Management

Vulnerabilities

Sector Specific

Top Cyber Stories of the Last Week

Crowdstrike: Software Update Triggered Worldwide Microsoft IT Outages

Nearly Half of SMEs Fell Victim to Cyber Attack in Last Six Months

Cyber Criminals Exploit AI for Near-Perfect Phishing Emails

Hotel Wi-Fi: A Hotspot for Cyber Threats

Cyber Security Can Be a Business Enabler

Navigating Insider Risks: Are your Employees Enabling External Threats?

How Tabletop Exercises Can Sharpen Incident Response from Chaos to Calm

Gap Found Between Data Security Perceptions and Breach Reality

Why Top Leadership Must Foster a Security-Conscious Culture

Hackers Use PoC Exploits in Attacks 22 Minutes After Release

There's No Margin for Error in Cyber Security

UK to Introduce Watered-Down Version of Mandatory Reporting for Ransomware Attacks

CISOs Must Shift from Tactical Defence to Strategic Leadership

One-Third of Dev Professionals Unfamiliar with Secure Coding Practices

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering

Artificial Intelligence