Black Arrow Cyber Consulting
0

Blog

Our weekly Cyber Flash Briefing round up of top open source news and ‘Cyber Tip Tuesday’ videos

Posts tagged zyxel
Black Arrow Cyber Threat Briefing 01 March 2024

Black Arrow Cyber Threat Intelligence Briefing 01 March 2024:

-Phishing, Smishing and Vishing Skyrocket 1,265%

-Business Email Compromise Attacks Are Evolving, But What Can Be Done About It

-Vulnerabilities Count Set to Rise by 25% in 2024

-BYOD Increases Mobile Phishing; Risks Have Never Been Higher

-Risk-based spending: An Imperative for Cyber Security That Demands Board Attention

-If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks

-Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business

-Why Governance, Risk and Compliance Must be Integrated with Cyber Security

-More and More UK Firms Concerned About Insider Threats

-98% of Businesses Linked to Breached Third Parties

-What Companies Should Know About Rising Legal Threats

-CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments

Read More
Black Arrow Adminblack basta, rysida, mgm, bp, sophos, proofpoint, chatgpt, connectwise, screenconnect, lockbit, change healthcare, blackcat, loandepot, lurie childrens hospital, rhysida, chicago, donald trump, epic games, mogilevich, fortnite, insomniac, irish department of foreign affairs, optum, thyssenkrupp, pepso, labhost, blackstone, putin, beat ai, bobthesmuggler, remcos rat, pikabot, timbrestealer, ivanti, kaspersky, xhelper, u-haul, cencora, sonicwall, lookout, hugging face, five eyes, silver saml, meta, pentagon, nist, nist csf 2.0, soho router, cozy bear, midnight blizzard, ubiquiti, edgerouter, lazarus, unc1549, cisco, ultimate member, wordpress, citrix, zyxel, outlook, whitehouse, c, c++, royal navy, rcmp, intelbroker, black arrow cyber, black arrow, threat intelligence, osint, ncsc, national cyber security centre, cpni, mi5, gchq, cert, nca, national crime agency, europol, interpol, enisa, nato, cyber, information security, it security, cyber warfare, russia, north korea, china, iran
Black Arrow Cyber Threat Briefing 01 December 2023

Black Arrow Cyber Threat Intelligence Briefing 01 December 2023:

-Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack

-Approach Cyber Security Awareness Training by Engaging People at All Levels

-Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks

-Ransomware Attacks Surge 81% in October as New Threat Actors Emerge

-Hacked Microsoft Word Documents Being Used to Trick Windows Users

-Mitigating Deepfake Threats in The Corporate World

-Black Basta Ransomware Made Over $100 Million From Extortion Alone

-Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation

-Booking.com Customers Scammed in Novel Social Engineering Campaign

-Stop Panic Buying Your Security Products and Start Prioritising

-A Fifth of UK SMBs Unable to Spot Scams

Read More
Black Arrow Adminparis water agency, kubernetes, ssndob, dollar tree, general electric, ray, qilin, nassau bay, gloucestershire, cts, a&o, allen & overy, ibm, ncc group, deepfake, black basta, booking.com, vidar infostealer, secureworks, uk finance, sysjoker, onedrive, fidelity national, ardent health, henry schein, dp world, staples, stanford university, london and zurich, british library, zoom, google chrome, zyxel, owncloud, uber, allianz, moveit, graham cluley, djvu, xaro, cactus, qlik sense, rhysida, hse, yanfeng, telekopye, threatlabz, chatgpt, genai, redline, scrubcrypt, gh0st rat, logofail, namedrop, okta, gulf air, radware, nxp, killnet, motorola, meta, sec, solarwinds, colp, shadowy, rust, deloitte, kpmg, konni, macos, openssl, splunk, zscaler, bluffs, bluetooth, black arrow cyber, black arrow, threat intelligence, osint, ncsc, national cyber security centre, cpni, mi5, gchq, cert, nca, national crime agency, europol, interpol, enisa, nato, cyber, information security, it security, cyber warfare, russia, north korea, china, iran
Black Arrow Cyber Threat Briefing 11 August 2023

Black Arrow Cyber Threat Intelligence Briefing 11 August 2023:

-75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices

-How an Eight-Character Password Could be Cracked in Just a Few Minutes

-Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits

-How Executives’ Personal Devices Threaten Business Security

-77% of Financial Firms Saw an Increase in Cyber Attack Frequency

-Protecting Against Sophisticated Cyber Attacks Requires Layered Defences

-Managing Human Cyber Risks Matters Now More Than Ever

-Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins

-UK Shaken by Major Data Breaches

-Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack

-Mac Users are Facing More Dangerous Security Threats Than Ever Before

-Cyber Attack to Cost Outsourcing Firm Capita up to £25m

-Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources

Read More
Black Arrow Adminchrome, downfall, apt31, moustachedbomber, bluecharlie, fido2, kemba walden, kubernetes, fraudgpt, gafgyt, openbullet, medicaid, moveit, microsoft 365, colorado department of higher education, new haven, siemens, bnei brak, yashma, clop, wormgpt, chatgpt, macbook, google, evilquest, verizon, proofpoint, evilproxy, electoral commission, police service of norther ireland, data protection and digital information bill, national risk register, capita, black basta, ftse, blackberry, bhusa, cl0p, bankcard, mallox, fortiguard, rhysida, onedrive, rasnake, dallas, lockbitm, varian, zoom, black hat, lastpass, batloader, pyarmour, pypi, vmware vconnector, qakbot, panasonic, zyxel, bairbie.me, pixel, google play, hippa, psni, mi5, burger king, meta, morgan & morgan, tampa, tunnelcrack, irs, ford, owasp, kunernetes, crowdstrike, whatsapp, reptile rootkit, worldcoin, sec, dpid, signal, blue charlie, spacex, victor zhora, kyiv, redhotel, dynarisk, vulngpt, shellshock, darpa, teams, msmq, tetra, tenable, papercut, amd, adobe, dell, black arrow cyber, black arrow, threat intelligence, osint, ncsc, national cyber security centre, cpni, gchq, cert, nca, national crime agency, europol, interpol, enisa, nato, cyber, information security, it security, cyber warfare, russia, north korea, china, iran
Black Arrow Cyber Threat Briefing 28th July 2023

Black Arrow Cyber Threat Briefing 28 July 2023:

-Half of UK businesses Struggle to Fill Cyber Security Skills Gap as Companies Encounter Months-long Delays in Filling Critical Security Positions

-Deloitte Joins fellow Big Four MOVEit victims PWC, EY as MOVEit Victims Exceeds 500

-Why Cyber Security Should Be Part of Your ESG Strategy

-Lawyers Take Frontline Role in Business Response to Cyber Attacks

-Organisations Face Record $4.5M Per Data Breach Incident

-Cryptojacking Soars as Cyber Attacks Diversify

-Ransomware Attacks Skyrocket in 2023

-Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk

-Protect Your Data Like Your Reputation Depends on It (Because it Does)

-Why CISOs Should Get Involved with Cyber Insurance Negotiation

-Companies Must Have Corporate Cyber Security Experts, SEC Says

-Over 400,000 Corporate Credentials Stolen by Info-stealing Malware

Read More
Black Arrow Adminoutlook, metabase bi, apache openmeetings, cve-2023-3519, mysterious elephant, wyden, wuhan earthquake center, ib co, mastadon, novel, booz allen, norton motorcycles, alphapo, axis, anonymous sudan, hotrat, realst, fin8, intel, un security council, price waterhouse cooper, ibm cost of a data breach report, clop, dsit, moveit, pwc, ey, deloitte, cl0p, esg, iso 27001, sophos state of ransomware 2023, gdpr, ibm, cryptojacking, cryptomining, chainalysis, chatgpt, securities and exchange commission, sec, info-stealing, salesforce, google cloud, aws, openai, google ads, nitrogen, coveware, akira, cynthia kaiser, alphv, yahama, dhl, microsoft cloud, microsoft key, knowbe4, linkedin, vec, fraudgpt, meta, whitehouse, decoy dog, rust, lazarus, p2pinfect worm, asyncrat, socksescort, spyhide, mirai botnet, zyxel, anonumous sudan, peleton, defender, capita, virustotal, nato, tampa general hospital, suzuki, breachforums, breach forums database, johns hopkins, macos malware, wormhole, jumpcloud, nhs ambulance trust, opsec, wiz, zenbleed, ubuntu, linux, shadow it, imessage, facetime, openssh, cisa, stanford, amazon, alexa, ryanair, killnet, andorid, beijing, group ib, netscaler, github, google zero-days, cvss 4.0, windows xp, citrix, shadowserver, ivanti, mobileiron, mikrotik, openmeetings, vmware, zen2 processors, python, windows 10, atlassian, bamboo, zimbra, wordpress, flipperzero, google chrome, europol iocta, tetra, black arrow cyber, black arrow, threat intelligence, osint, ncsc, national cyber security centre, cpni, mi5, gchq, cert, nca, national crime agency, europol, interpol, enisa, cyber, information security, it security, cyber warfare, russia, north korea, china, iran
Black Arrow Cyber Threat Briefing 21 July 2023

Black Arrow Cyber Threat Briefing 21 July 2023:

-Cyber Attacks Reach Two-Year High Amid Ransomware Resurgence as Financial Service Firms Lose $32 Billion in 5 Years

-MOVEit Body Count Closes in on 400 orgs, 20M+ Individuals

-IT Worker Jailed for Impersonating Ransomware Gang to Extort Employer

-Stabilising the Cyber Security Landscape: The CISO Exodus and the Rise of vCISOs

-Risk is Driving Medium-Sized Business Decisions

-Talent and Governance, Not Technology, are Key to Drive Change around Cyber Security

-Hybrid Work, Digital Transformation can Exploit Security Gaps

-Human Cyber-Risk Can Be Demonstrably Mitigated by Behaviour Changing Training

-AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks

-Pro-Russian Hacktivists Increase Focus on Western Targets

-Infosec Doesn't Know What AI Tools Orgs Are Using

-Google Restricting Internet Access to Some Employees to Reduce Cyber Attack Risk

-Unlocking Business Potential: How CISOs are Transforming Cyber Security into a Strategic Asset

Read More
Black Arrow Adminashley liles, check point research, flashpoint, lockbit, cl0p, moveit, wormgpt, anonymous sudan, onlyfans, moscow, ukraine, killnet, googles mandiant, generative ai, sophos, sophosencrypt, alphv, mallox, google bard, discovery channel, fin8, shutterfly, estee lauder, blackcat, turla apt, storm-0558, sorillus, meta, sogu, snowydrive, soho router, lokibot, blacklotus, zyxel, virus total, virustotal, hwl ebsworth, met police, lastpass, jumpcloud, breachforums, pompompurin, airbnb, openai, showpad, teamtnt, docker, threads, owasp zap 2.13.0, gamaredon, starlink, vienna, azure ad, openssh, citrix adc, citrix gateway, adobe, coldfusion, sd-wan, jira, metior, exchange onlne, chrome, google chrome, ami, ami bmc, nist, mit, rdp, siem, xdr, soc, web apps, cni, space, satellites, sbom, cvss, cvss 4.0, apt41, online safety bill, quantum, genesis, genesis market, twitter, south africa, africa, nigeria, fia, black arrow cyber, black arrow, threat intelligence, osint, ncsc, national cyber security centre, cpni, mi5, gchq, cert, nca, national crime agency, europol, interpol, enisa, nato, cyber, information security, it security, cyber warfare, russia, north korea, china, iran
Black Arrow Cyber Threat Briefing 30 June 2023

Black Arrow Cyber Threat Briefing 30 June 2023:

-Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible

-Employees Worry Less About Cyber Security Best Practices in the Summer

-Businesses are Ignoring Third-Party Security Risks

-Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back

-Over 130 Organisations and Millions of Individuals Believed to Be Impacted by MOVEit Hack, it Keeps Growing

-Widespread BEC Attacks Threaten European Organisations

-Lloyd’s Syndicates Sued Over Cyber Insurance

-95% Fear Inadequate Cloud Security Detection and Response

-The Growing Use of Generative AI and the Security Risks They Pose

-The CISO’s Toolkit Must Include Political Capital Within The C-Suite

-Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime

-SMBs Plagued by Exploits, Trojans and Backdoors

Read More
Black Arrow Adminarcserve, chrome, internet systems consortium, grafana, azure ad, sap, ddosia, powers, charming kitten, phonyc2, muddyc3, huawei, volt typhoon, zoho, monopolgy market, telegram, genworth, diablo iv, earlyrat, npm, pindos, super mario, k-12, clop, fis, putin, uber, siemens, schneider electric, barracuda, zurich, sec, zurich insurance group, moveit, malwarebytes, chatgpt, securities and exchange commission, federal trade commission, siemens electric, pwc, sony, ey, midnight blizzard, lloyds syndicates, university of california, ucla, capita, solarwinds, 3cx, cl0p, notpetya, lockbit, trickbot, conti, esxi, wagner, 8base, manchester university, ernst & young, calpers, singapore, pig-butchering, openai, lastpass, openssh, blacklotus, icedid, thirdeye, anasta, andariel, fluhorse, latitude, jokerspy, robotic falcon, multicloud, letmespy, jp morgan, sachklov, muddywater, powerstar, zyxel, fortinac, vmware aria operations, microsoft teams, muddles libra, mockingjay, outlook, microsoft 365, akira, tesla, twitter, metaverse, stalkerware, black arrow cyber, black arrow, threat intelligence, osint, ncsc, national cyber security centre, cpni, mi5, gchq, cert, nca, national crime agency, europol, interpol, enisa, nato, cyber, information security, it security, cyber warfare, russia, north korea, china, iran
Black Arrow Cyber Threat Briefing 23rd June 2023

Black Arrow Cyber Threat Briefing 23 June 2023:

-How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools

-Attackers Discovering Exposed Cloud Assets Within Minutes

-Majority of Users Neglect Best Password Practices

-One in Three Workers Susceptible to Phishing

-Ransomware Misconceptions Abound, to the Benefit of Attackers

-Threat Actors Scale and Commoditise Uncommon Tools and Techniques

-Goodbyes are Difficult, IT Offboarding Processes Make Them Harder

-Security Budget Hikes are Missing the Mark, CISOs Say

-Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security

-Emerging Ransomware Group 8Base Releasing Data on SMBs Globally

-Cyber Security Industry Still Fighting to Recruit and Retain Talent

-Financial Firms to Build Resilience in Face of Growing Cyber-Threats

-Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level

Read More
Black Arrow Adminmoveit, accelion, fortra, dropbox, wetransfer, proofpoint, github, google workspace, slack, okta, 8base, cbest, knowbe4, sec, dora, infosecurityeurope, pwc, bbc, ba, avast, norton, sophos, cisa, fbi, ey, blackcat, adur, worthing, ups, chatgpt, onlyfans, diicot, condi, 3cx, reddit, capita, western digital, megaupload, asus, zyxel, chrome, trellix, lenovo, securities and exchange commission, rorschach, university of manchester, manchester university, usda, joe biden, rdstealer, mystic stealer, apt37, blacklotus, scarcruft, flea, chameldoh, gravityrat, apple, android, mirai, zeeland, pet feeders, us military, mondelez, sap, telegram, blockchain, influencers, social media, amazon, amazon s3, shadow it, intel, ssh, tsunami botnet, lockbit, killnet, gru, apt28, doj, us department of justice, cadet blizzard, apt15, red eyes, vmware, vmware vrealize, gifshell, wordpress, azure, gigabyte motherboards, triangulation spyware, repojacking, black arrow cyber, black arrow, threat intelligence, osint, ncsc, national cyber security centre, cpni, mi5, gchq, cert, nca, national crime agency, europol, interpol, enisa, nato, cyber, information security, it security, cyber warfare, russia, north korea, china, iran
Black Arrow Cyber Threat Briefing 9th June 2023

Black Arrow Cyber Threat Briefing 09 June 2023:

-74% of Breaches Involve Human Element- Make Employees Your Best Asset

-Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC

-CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom

-Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise

-BEC Volumes and Ransomware Costs Double in a Year

-Hackers are Targeting C-Suite Executives Through Their Personal Email

-Proactive Detection is Crucial as Organisations Lack Effective Threat Research

-Number of Vulnerabilities Exploited Rose by 55%

-Ransomware Behind Most Cyber Attacks, with Record-breaking May

-4 Areas of Cyber Risk That Boards Need to Address

-North Korea Makes 50% of Income from Cyber Attacks

-Going Beyond “Next Generation” Network Security

-Worldwide 2022 Email Phishing Statistics and Examples

Read More
Black Arrow Adminmwise, nasa, xplain, abb, gigabyte, zyxel, lazarus, teamt5, kimsuky, tiktok, tesco, morrisons, stealth soldier, lolbas, shopify, wordpress, woocommerce, magento, raidforums, pflegia, kia, hyundai, onedrive, kaspersky, minecraft, powerdrop, truebot, qakbot, qbot, chrome, owasp, postalfurious, eisai, burton, enzo, 0mega, cyclops, lace tempest, unit 42, verizon, fortinet, c-suite, moveit, zellis, british airways, bbc, sky mavis ronin network, kucoin, 3cx, eponymous comms, palo alto networks, chatgpt, rose, egress, veeamon, blackfrog, clop, blacksuit, boots, dallas, globalcaja, horabot, pypi, android, atomic wallet, interpol, toyota motor, Honda, sec, british army, ring doorbell, camaro dragon, cisa, barracuda, firefox, black arrow cyber, black arrow, threat intelligence, osint, ncsc, national cyber security centre, cpni, mi5, gchq, cert, nca, national crime agency, europol, enisa, nato, cyber, information security, it security, cyber warfare
Black Arrow Cyber Threat Briefing 02 June 2023

Black Arrow Cyber Threat Briefing 02 June 2023:

-How to Keep Cyber Attacks from Tanking Your Balance Sheet

-Company Size Doesn’t Matter When It Comes to Cyber Attacks

-‘Exceptional’ Cyber Attacks Now Normal, says BT Security Chief

-How State-Sponsored/Advanced Persistent Threat Groups (APTs) Target SMBs

-Phishing Campaigns Thrive as Evasive Tactics Outsmart Conventional Detection

-Don't be Polite When you Get a Text from a Wrong Number

-Capita Cyber Attack: 90 Downstream Organisations Reported Data Breaches

-Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives

-Organisations Spend 100 Hours Battling Post-Delivery Email Threats

-Ransomware Gangs Adopting Business-like Practices to Boost Profits

-The Sobering Truth About Ransomware—For The 80% Who Paid Up

-The Great CISO Resignation: Why Security Leaders are Quitting in Droves

-When is it Time for a Cyber Hygiene Audit?

Read More
Black Arrow Adminhot pixels, faronics, migraine, kimsuky, london city airport, pegasus, twitter, netflix, gimp, sslv2, apache nifi, raidforums, ftc, zyxel, operation triangulation, guerilla, predator, rokrat, scarcruft, terminator, stealthy bandit, qbot, palantir, red deer, harvard pilgrim healthcare, blacksuit, alphv, black basta, bl00dy, mcna, acecryptor, bt, mcafee, barracuda networks, withsecure, sophos, capita, watchdog, chatgpt, forrester, ibm, new york, buhti, abb, sas, mcdna, obsidian, blackcat, docusign, pypi, romcom, seroxen, google play, mirai, amazon, tesla, nhs, pentagon, toyota, moveit, prosperix, hmrc, azure, neho, onemain, dark pink, wordpress, chrome, google drive, rackspace, black arrow cyber, black arrow, threat intelligence, osint, ncsc, national cyber security centre, cpni, mi5, gchq, cert, nca, national crime agency, europol, interpol, enisa, nato, cyber, information security, it security, cyber warfare
Black Arrow Cyber Threat Briefing 26 May 2023

Black Arrow Cyber Threat Briefing 26 May 2023:

-50% of UK CEOs See Cyber as a Bigger Business Risk than the Economy

-Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim

-SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups

-IT Employee Piggybacked on Cyber Attack for Personal Gain

-Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More

-Microsoft Reports Jump in Business Email Compromise (BEC) Activity

-Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions

-Advanced Phishing Attacks Surge 356% in 2022

-Today’s Cyber Defence Challenges: Complexity and a False Sense of Security

-Almost All Ransomware Attacks Target Backups, Says Veeam

-NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

-Half of all Companies were Impacted by Spearphishing in 2022

-Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool

Read More
Black Arrow Adminpalo alto, uae, brazil, securi, ivanti, cyware, microsoft, fortinet, ai/ml, bec, ciso, cio, cto, forrester, chatgpt, ai, gartner, proofpoint, veeam, microsoft 365, .zip, .mov, cmo, fin7, clop, bridgestone, dish network, qilin, vesuvius, royal, mazars, blackcat, rheinmetall, blackbasta, dorchster, suzuki, rackspace, cuba, moneybird, veeamon, blackbyte, augusta, buhtu, lockbit, babuk, copperstealer, inferno drainer, batloader, redline, powerexchange, ahrat, predator, dark frost, capita, luxottica, ispoof, forex, fbi, aws, guac 0.1, oauth, netflix, meta, pentagon, tiktok, iso 31030, operation megalenha, whatsapp, kimsuky, cosmicenergy, samsung, kiddoware, zyxel, sast, black arrow cyber, black arrow, threat intelligence, osint, ncsc, national cyber security centre, cpni, mi5, gchq, cert, nca, national crime agency, europol, interpol, enisa, nato, cyber, information security, it security, cyber warfare
Black Arrow Cyber Threat Briefing 05 May 2023

Black Arrow Cyber Threat Briefing 05 May 2023:

- Boards Need Better Conversations About Cyber Security

- Uber’s Ex-Security Chief Sentenced for Security Breach

- Global Cyber Attacks Rise by 7% in Q1 2023

- Three-Quarters of Firms Predict Breach in Coming Year

- The Costly Threat That Many Businesses Fail to Address

- European Data at Risk with Tick-box GDPR Compliance and High Cyber Attack Volumes

- Understanding Cyber Threat Intelligence for Business Security

- Hackers Are Finding Ways to Evade Latest Cyber Security Tools

- Study Shows a 27% Spike in Publicly Known Ransomware Victims

- Data Loss Costs Are Going Up – and Not Just for Those Who Choose to Pay Thieves

- Give NotPetya-hit Merck that $1.4B, Appeals Court Tells Insurers

- 4 Ways Leaders Should Re-evaluate Their Cyber Security's Focus

Read More
Black Arrow Adminlloyds, halifax, tsb, chrome, huawei, earth longzhi, bouldspy, apt41, bellaciao, nomadic octopus, apt28, privategpt, airtag, azure, aviva, doj, at&t, spector, mirai, lobshot, americold, rapture, bitmarck, teiss, mercks, uber, joeseph sullivan, chatgpt, check point, crowdstrike, microsoft, guidepoint, not-petya, merks, lockbit, clop, alphv, royal, bianlian, gdpr, trend micro, world ecenomic forum, capita, hardensuish school, avidxchange, blackcat, western digital, brightline, vipersoftx, telegram, keylogger, t-mobile, fortra, tiktok, solarwinds, openai, twitter, meta, ftc, strike, google ads, cyber security council, kimsuky, wordpress, zyxel, amd, rsac, decoy dog, japan, bgp, faultpm, netgear, black arrow cyber, black arrow, threat intelligence, osint, ncsc, national cyber security centre, cpni, mi5, gchq, cert, nca, national crime agency, europol, interpol, enisa, nato, cyber, information security, it security, cyber warfare
Black Arrow Cyber Advisory 27/05/2022 – Multiple Zyxel Vulnerabilities identified for Firewalls and Access Points

Black Arrow Cyber Advisory – Multiple Zyxel Vulnerabilities identified for Firewalls and Access Points

Executive Summary

Several vulnerabilities have been disclosed within Zyxel products, affecting firewalls, access point controllers and access points produced by the company. Most of these vulnerabilities require a locally authenticated user, and therefore could be used for further attacks if a local user account is compromised.

Read More
Black Arrow Adminblack arrow, black arrow cyber, black arrow threat intel, black arrow advisory, zyxel, firewalls, ap, access point, vulnerability
Black Arrow Cyber Threat Briefing 08 April 2022

Black Arrow Cyber Threat Briefing 08 April 2022

-Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year, Finds "2022 Cyberthreat Defense Report"

-New Android Banking Malware Remotely Takes Control of Your Device

-Network Intrusion Detections Skyrocketing

-Organisations Underestimating the Seriousness Of Insider Threats

-Watch Out For Phishing Emails From Genuine Mailing Lists, Following Mailchimp Hack

-SpringShell Attacks Target About One in Six Vulnerable Orgs

-New Threat Group Underscores Mounting Concerns Over Russian Cyber Threats

-Consumer Fraud Tripled in The Last Two Years

-Borat RAT: Multiple Threat of Ransomware, DDoS and Spyware

-Bank Had No Firewall License, Intrusion or Phishing Protection – Guess The Rest

-Global APT Groups Use Ukraine War for Phishing Lures

-Paying Ransom Doesn’t Guarantee Data Recovery

Read More
Black Arrow Admincyberedge, cyberthreat defense report, exocompact, threatfabric, watchguard, mailchimp, springshell, spring4shell, rce, crowdstrike, ember bear, ukraine, uac-0056, lorec53, bleeding bear, saint bear, fancy bear, voodoo bear, gru, consumer fraud, internet fraud, identity fraud, borat, borat rat, cyble, andra pradesh mahesh co-operative urban bank, el machete, lyceum, check point, nicaragua, venezuela, israel, saudi arabia, the guardian, ownbackup, icedid, conti, blackcat, blackmatter, fin7, lockbit, snap-on, blackguard, colibri, samsung, sharkbot, turla, octo, south africa, travel, hotel, hotels, travel security, hotel security, anonymous, symantec, vlc, apt-c-23, palo alto, vmware, big sur, catalina, mirai, acf, wordpress, fintech, nordex, okta, advanced persistent teenagers, citrix, zyxel, black arrow, black arrow cyber, cyber experts, cyber consulting, cyber investigators, cyber, cyber security, infosec, information security, threat intel, threat intelligence, threat report, business risk, business risks, cyber risk management, risk management, cyber risk, cyber security risk, cyber risk assessment, risk assessment, cyber incident response, cyber incident response team, cyber emergency response, computer incident response, computer emergency response, emergency response, subject matter experts, it security, trusted adviser, trusted partner, vciso, virtual chief information security officer, viso, information security officer, security executive on demand, security as a service, security on demand, cyber security strategy, cyber strategy, cyber kill chain, security as a a service, security-as-a-service, british intelligence, national security, uk national security, military intelligence, mod, ministry of defence, police, law enforcement, ftse 100, ftse100, offshore financial services, gfsc, guernsey financial services commission, fortune 500, fortune500, ncsc, national cyber security centre, cpni, mi5, gchq, cert, cert-uk, cert.gg, cyber guernsey, guernsey cyber, nca, national crime agency, europol, interpol, enisa, nato, cisa, fbi, nsa, cia, dhs, odpa, office of the data protection authority, ico, information commissioners office, isc2, isaca, sme, smb, small business, medium sized business, accounting, law firms, legal sector, academia, education, schools, retail, maritime, aviation, aerospace, transport, defence, defense, defence contractor, cni, scada, ics, industrial control systems, operational technology, ot, healthcare, medical, pharma, pharmaceuticals, pci-dss, payment card, payment card industry, estate agents, estate agency, child safety, parental controls, regulated firms, financial services, critical infrastructure, executives, executive, insiders, insider threat, staff, users, end users, senior executives, c-suite, boards, human element, human centric security, human centric, weakest link, boardroom, board room, ciso, ceo, cto, cio, nist, cyber essentials, cyber essentials plus, iso 27001, iso27001, cap1753, cap 1753, caa, civil aviation authority, fraud investigations, forensics, cyber forensics, forensic investigations, expert witness, technical investigations, apt, china, russia, iran, north korea, nation state actors, ransomware, bec, business email compromise, email, social engineering, phishing, spear-phishing, whaling, credentials, credential stuffing, extortion, blackmail, denial of service, ddos, botnet, cryptomining, cryptojacking, rootkits, rootkit, shadow it, remote code execution, zero-day, malware, vishing, smishing, heat attacks, heat, highly evasive adaptive threats, vulnerability, vulnerabilities, vulnerability management, patch management, patching, insurance, cyber insurance, incident response, incident response plan, disaster recovery, disaster recovery plan, drp, business continuity, business continuity planning, business continuity plan, training, education and awareness training, awareness, exercising, exercise, proctored exercise, facilitated exercise, simulations, gap analysis, cyber gap analysis, board upskilling, senior executive cyber risk and governance, senior executive cyber risk and governance workshops, technical assessment, technical analysis, penetration testing, pentesting, physical penetration testing, tas, targeted attack simulations, iso 27001 iso27001, iasme, iasme governance, technical IT security, hackers, criminals, cyber criminals, cyber warfare, espionage, cyber espionage, fraudsters, fraud, scammers, scams, scam, organised crime, criminal actor, criminal actors, terrorism, terrorists, cyber terrorists, cyber terrorism, supply chain, third parties, mssp, msp, apple, mac, macos, ios, iphone, android, microsoft, windows, cloud, dark web, databases, external it, internal it, encryption, cryptocurrencies, iot, ai, endpoint protection, antivirus, antimalware, wfh, work from home, dns, email gateway, gdpr, online, open source, attack surface, andorra, anguilla, antigua and barbuda, aruba, bahamas, barbados, bermuda, british virgin islands, bvi, cayman islands, channel islands, ci, cyprus, dominica, dublin, dutch antilles, gibraltar, grenada, guernsey, isle of man, jersey, liechtenstein, london, luxembourg, malta, monaco, netherlands antilles, philippines, st kitts and nevis, st lucia, st vincent and grenadines, switzerland, turks and caicos islands, scotland, edinburgh, glasgow, bristol, southampton, portsmouth, exeter, europe, offshore, south west, south east, uk, england, great britain, british isles
Black Arrow Cyber Advisory 05/04/2022 – Zyxel Authentication Bypass Vulnerability Identified

Executive Summary

A critical flaw has been discovered within Zyxel Firewall products, allowing for a malicious user to bypass the Authentication requirement on the device, enabling unauthorised privileged access. The bug impacts several Zyxel Firewall Network Access Control (NAC) systems as detailed within the technical summary. The bug, achieves a 9.8 on the Common Vulnerability Scoring System (CVSS).

What’s the risk to my business?

Due to the severity of the bug, and the ability for attackers to gain unauthorised privileged access to critical perimeter defence, the risk to businesses operating affected Zyxel Firewalls is high.

What can I do?

The bug has been reported, and a patch has been issued. Businesses operating these devices are urged to implement as soon as possible.

Technical Summary

Zyxel have issued a patch for bug CVE-2022-0342, which was disclosed on 03/28/2022. Zyxel’s investigation has only been focused on devices within their warranty and support period. The following Zyxel products are confirmed to be affected, with the appropriate patches listed:

· USG/ZyWALL, running version ZLD V4.20 to ZLD V4.70 | Fixed in Patch ZLD V4.71

· USG FLEX, running version ZLD V4.50 to ZLD V5.20 | Fixed in Patch ZLD V5.21 Patch 1

· ATP, running version ZLD V4.32 to ZLD V5.20 | Fixed in Patch ZLD V5.21 Patch 1

· VPN, running version ZLD V4.30 to ZLD V5.20 | Fixed in Patch ZLD V5.21

· NSG, running version V1.20 to V1.33 Patch 4 | Fixed in Hotfix V1.33p4_WK11, available from vendor. Fix will be included in standard patch V1.33 Patch 5 when released in May 2022.

Need help understanding your gaps, or just want some advice? Get in touch with us.

Read More
Black Arrow Adminthreat intelligence, threat advisory, zyxel