Black Arrow Cyber Threat Intelligence Briefing 15 November 2024
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Massive MOVEit Vulnerability Breach: Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies
A recent massive data breach exploiting a vulnerability in MOVEit file transfer software has exposed sensitive employee data from major companies globally. This incident is one of the largest corporate information leaks, affecting sectors such as finance, healthcare, technology, and retail. The breach resulted in detailed employee records being stolen from 25 leading organisations, including Amazon with over 2.8 million records and MetLife with over 585,000 records. The leaked data includes names, email addresses, phone numbers, and organisational structures, posing significant risks for phishing and identity theft. This incident highlights the critical importance of promptly applying security patches and reinforces the need for robust cyber security measures to protect sensitive corporate data.
Phishing Attacks Surge in 2024 as Cyber Criminals Adopt AI Tools and Multi-Channel Tactics
A recent report has found that phishing attacks surged by 28% in Q2 2024, with cybercriminals adopting AI tools and multi-channel tactics. Organisations with over 2,000 employees now face approximately 36 phishing emails per day, overwhelming security systems. There was a 52.2% increase in phishing attacks that bypass secure email gateways, using techniques like QR codes, deepfakes, and HTML smuggling. Payloadless attacks (phishing without links or attachments, instead using social engineering to deceive victims) have risen to nearly 19% of phishing attempts in 2024, up from 5.4% in 2021. Businesses must enhance security measures and foster awareness to combat these sophisticated threats.
Critical Vulnerabilities Persist in Finance and Insurance Sectors
Cyber security provider Black Duck has found that the finance and insurance sectors have the highest number of critical vulnerabilities, with small sites averaging 565 and medium sites 580. Healthcare and social assistance follow closely behind. The most critical issues identified were cryptographic failures and injection vulnerabilities, totalling over 34,800 instances. These weaknesses threaten sensitive data like personally identifiable information and financial records, posing significant business risks. The mean time to remediate varies, with finance addressing issues in 28 days due to strict regulations, while utilities take up to 107 days. Widespread security misconfigurations affect 98% of applications, endangering business continuity and service availability.
AI-Based Attacks Top Gartner’s List of Emerging Threats – Again
Gartner reports that AI-based threats remain the top emerging cyber risks for organisations, with 80% of surveyed executives highlighting AI-enhanced malicious attacks as a major concern. This marks the third consecutive quarter where AI leads in risk rankings. The difficulty in finding skilled AI and cyber security talent is prompting companies to turn to Managed Security Service Providers (MSSPs) for assistance. MSSPs are leveraging AI to combat sophisticated cyber attacks, and over 80% now offer AI-related security services. This represents a significant shift as enterprises struggle to protect themselves against increasingly complex AI-driven threats.
Here Are the Top 10 Passwords for 2024, and They're All Embarrassing
NordPass, in collaboration with NordStellar, has found that weak passwords remain a significant security risk for organisations and individuals alike. Their sixth annual report revealed that '123456' is the most common password globally, used by over 3 million personal users and more than 1.2 million corporate users. The report highlighted that despite increased awareness of password security, it takes less than a second to crack these widely used passwords. Nearly all organisations still face password management challenges, with many employees reusing simple passwords across accounts. The study underscores the need for stronger password practices, including adopting password managers.
Mishing: The Rising Mobile Attack Vector Facing Every Organisation
Recent research highlights that mobile-targeted phishing attacks, collectively termed "mishing", are an escalating threat to organisations. The widespread use of mobile devices for accessing sensitive data has made them prime targets for cyber criminals employing tactics like smishing, vishing and quishing. These attacks exploit unique mobile features, increasing user vulnerability. Despite this rising threat, many organisations lack adequate mobile security measures and underestimate the associated risks. To combat mishing, it is imperative for organisations to implement comprehensive mobile threat defences and educate employees on recognising and avoiding such attacks.
80% Of Surveyed Businesses Don’t Have Plans for an AI-Related Crisis
Riskonnect's recent report highlights that 80% of organisations lack a dedicated plan to address generative AI risks, including AI-driven fraud attacks. Among surveyed professionals, 72% reported that cyber security risks are having a significant or severe impact on their organisations (an increase from last year's 47%) and 24% believe AI-powered cyber security threats will have the biggest impact over the next 12 months. Despite growing concerns over AI ethics, privacy, and security, 65% of companies have not established policies governing the use of generative AI by partners and suppliers, leaving critical risk management gaps unaddressed.
BoE and Regulators Set Out Digital Rules to Cut Cyber Attack Risks
The Bank of England and UK financial regulators have introduced new rules to enhance IT resilience in financial firms, aiming to reduce risks from cyber attacks and power outages. Effective from 1 January next year, these measures require critical third-party providers to report major incidents and conduct resilience testing. While these providers boost competitiveness, reliance on a few increases systemic risk, potentially affecting consumers and the UK's financial stability. Regulators stress that firms remain accountable for operational resilience, underscoring the need to manage disruption risks to uphold the UK's reputation for stable financial services.
Employees Are Hiding Their AI Use from Their Managers. Here's Why
New research from Slack reveals that enthusiasm for artificial intelligence among employees is waning, with excitement dropping from 47% to 41% globally. Nearly half of desk workers feel uncomfortable with their managers knowing they use AI for common tasks, fearing perceptions of laziness or incompetence. Despite 99% of executives planning to invest in AI this year, a significant skills gap persists, with 61% of employees spending less than five hours learning to use AI tools. The report highlights the need for clear policies and training to address uncertainties and fully harness AI's potential.
CISOs in 2025: Balancing Security, Compliance, and Accountability
Recent regulatory changes, including new SEC and NYDFS rules in the US, have heightened CISO accountability by requiring rapid incident disclosures and increasing personal liability. This intensifies pressures on CISOs, making the role less attractive due to potential legal repercussions and heightened stress. Looking ahead to 2025, CISOs will need advanced skills in strategic communication, risk management, and understanding emerging technologies like AI. Top priorities now include optimising existing security investments, enhancing defences against AI-driven cyber attacks, and investing in advanced cloud security capabilities.
48% of Small Businesses Don’t Offer Cyber Security Training
Recent research has revealed that 48% of UK small businesses do not provide cyber security awareness training to employees. Cyber threats are increasing in volume and complexity, particularly with the rise of AI, yet nearly half (47%) lack up-to-date anti-virus software and 15% have no firewall protection. 81% do not have a valid disaster recovery plan, and 29% have no patch management in place. With 2.39 million businesses experiencing cyber crime in the last 12 months, there is a clear need for businesses to improve their cyber security stance, both technologically and through employee awareness.
Thousands of Employees Could be Falling Victim to Obvious Phishing Scams Every Month
Cyber security provider Netskope has found that phishing attacks are a significant threat in the banking sector, with three in every 1,000 employees clicking on phishing links each month. This equates to over 1,000 banking workers in the UK potentially compromising security monthly. Russian criminal groups are identified as the most active attackers.
Sources:
https://www.helpnetsecurity.com/2024/11/15/finance-industry-vulnerabilities/
https://www.msspalert.com/news/ai-based-attacks-top-gartners-list-of-emerging-threats-again
https://www.zimperium.com/blog/mishing-the-rising-mobile-attack-vector-facing-every-organization/
https://www.zdnet.com/article/employees-are-hiding-their-ai-use-from-their-managers-heres-why/
https://www.helpnetsecurity.com/2024/11/13/daniel-schwalbe-domaintools-cisos-2025/
Governance, Risk and Compliance
48% of small businesses don’t offer cyber security training
Failed security controls cost businesses billions
BoE and regulators set out digital rules to cut cyber-attack risks – Mortgage Strategy
CISOs in 2025: Balancing security, compliance, and accountability - Help Net Security
Steps Organisations Can Take to Improve Cyber Resilience - Security Boulevard
It’s a Hard Time to Be a CISO. Transformational Leadership Is More Imp - Infosecurity Magazine
How cyber security failures are draining business budgets - Help Net Security
The ROI of Security Investments: How Cyber Security Leaders Prove It
Maximizing cyber security ROI: Best practices for CISOs today | TechRadar
Crum & Forster Introduces Professional Liability Insurance for Chief Information Security Officers
Why Future-proofing Cyber Security Regulatory Frameworks Is Essential
Ambitious cyber security regulations leave companies in compliance chaos - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Scattered Spider, BlackCat criminals claw back • The Register
Critical Veeam RCE bug now used in Frag ransomware attacks
Tackling ransomware without banning ransom payments | TechRadar
The Role of Threat Intelligence in Preventing Ransomware - Security Boulevard
To Pay or Not to Pay: The Ransomware Dilemma - Security Boulevard
OpenText reveals 2024 nastiest malware, LockBit leads list
WHO, 50 countries warn United Nations of increasing ransomware attacks against hospitals - The Hindu
New Ymir ransomware partners with RustyStealer in attacks
5 BCDR Oversights That Leave You Exposed to Ransomware
Cloud Ransomware Flexes Fresh Scripts Against Web Apps
New ShrinkLocker ransomware decryptor recovers BitLocker password
Idaho Man Turns to RaaS to Extort Orthodontist
Ransomware Victims
Cyber Attack Cost Oil Giant Halliburton $35 Million - SecurityWeek
Embargo ransomware claims breach of US pharmacy network • The Register
Phishing & Email Based Attacks
Thousands of employees could be falling victim to obvious phishing scams every month | TechRadar
Mishing: The Rising Mobile Attack Vector Facing Every Organisation - Zimperium
Man gets 10 years for stealing $20M in nest eggs from 400 US home buyers - Ars Technica
New Wave Of Phishing Attacks Exploits Microsoft Visio Files For Two-Step Credential Theft
Most prolific phishing campaign of 2024 | Professional Security Magazine
This new phishing strategy utilizes GitHub comments to distribute malware | TechRadar
This new phishing strategy utilizes GitHub comments to distribute malware | TechRadar
Microsoft Exchange adds warning to emails abusing spoofing flaw
If You Fall for a Phishing Email, Here’s What Happens Next
I Almost Fell For a Phishing Scam: Here’s What Happened
Other Social Engineering
Mishing: The Rising Mobile Attack Vector Facing Every Organisation - Zimperium
Winter Fuel Payment Scam Targets UK Citizens Via SMS | Tripwire
Scammers target UK senior citizens with Winter Fuel Payment texts
Pensioners Warned Over Winter Fuel Payment Scam Texts - Infosecurity Magazine
Malware being delivered by mail, warns Swiss cyber agency
North America sees social engineering scams multiply by a factor of 10
The terrifying Google Maps tactic now used by email scammers | Tech News | Metro News
Artificial Intelligence
AI-Based Attacks Top Gartner’s List of Emerging Threats – Again | MSSP Alert
Execs identify AI-driven cyber attacks as top security threat | SC Media
Employees are hiding their AI use from their managers. Here's why | ZDNET
HackerOne: 48% of Security Professionals Believe AI Is Risky
Hackers Are Using AI Against You: Here Is How To Protect Yourself
3 key generative AI data privacy and security concerns | TechTarget
80% Of Surveyed Businesses Don’t Have Plans For An AI-Related Crisis
Risk of AI in CIISec survey | Professional Security Magazine
AI Threat to Escalate in 2025, Google Cloud Warns - Infosecurity Magazine
Inside The Duality of AI's Superpowers
Enterprises look to AI to bridge cyber skills gap — but will still fall short | CSO Online
How CISOs Can Lead the Responsible AI Charge
Organisations face mounting pressure to accelerate AI plans, despite lack of ROI | ZDNET
Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes
How to ward-off fraudulent job seekers propped up by AI | SC Media
Sticker shock: Are enterprises growing disillusioned with AI? | ZDNET
Malware
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
ESET shines light on cyber criminal RedLine empire | Computer Weekly
Cyber Criminals Use Excel Exploit to Spread Fileless Remcos RAT Malware
Hackers now use ZIP file concatenation to evade detection
Hackers Abusing Google Ads To Deliver Fakebat Malware
Sophisticated Infostealers Top Malware Rankings
Hive0145 Targets Europe with Advanced Strela Stealer Campaigns - Infosecurity Magazine
New Glove Stealer malware bypasses Chrome's cookie encryption
This devious new malware is going after macOS users with a whole barrel of tricks | TechRadar
Hello again, FakeBat: popular loader returns after months-long hiatus | Malwarebytes
OpenText reveals 2024 nastiest malware, LockBit leads list
Watch out, that Excel document could be infected with dangerous malware | TechRadar
‘Top 10’ malware strain, Remcos RAT, now exploiting Microsoft Excel files | SC Media
Volt Typhoon rebuilds malware botnet following FBI disruption
North Korean hackers create Flutter apps to bypass macOS security
Malware being delivered by mail, warns Swiss cyber agency
This new phishing strategy utilizes GitHub comments to distribute malware | TechRadar
MacBook Pro Owners Warned As 99 New Security Problems Reported
New Ymir ransomware partners with RustyStealer in attacks
TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware - Infosecurity Magazine
Bots/Botnets
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
Volt Typhoon rebuilds malware botnet following FBI disruption
Mobile
Mishing: The Rising Mobile Attack Vector Facing Every Organisation - Zimperium
Apple indeed added a feature called "inactivity reboot" in iOS 18.1 that reboots locked devices
6 telltale signs that your Android phone has malware
US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack - SecurityWeek
NatWest blocks bevy of messenger apps on staff devices • The Register
Google Confirms $1 Trillion AI Security Protection For Pixel Users
This Pixel phone feature listens in on calls to protect you from scams | ZDNET
Denial of Service/DoS/DDoS
Credit cards readers across Israeli stores crash in DDoS cyber attack - The Jerusalem Post
DDoS Attacks Targeting ISPs are Different – Here’s How - Security Boulevard
'Cyber attack' council in Tewkesbury working to ease backlog - BBC News
What will carpet bomb attacks mean for security teams in 2025? - Tech Monitor
Internet of Things – IoT
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
Burglars are jamming Wi-Fi security cameras. Here's what you can do | PCWorld
Unpatched Vulnerabilities Allow Hacking of Mazda Cars: ZDI - SecurityWeek
Data Breaches/Leaks
Here's what we know about the Snowflake data theft suspects • The Register
Amazon MOVEit Leaker Claims to Be Ethical Hacker - Infosecurity Magazine
Major cyber attacks and data breaches of 2024 - Security Boulevard
Debt Relief Firm Forth Discloses Data Breach Impacting 1.5 Million People - SecurityWeek
200,000 SelectBlinds customers have their cards skimmed in malware attack
Not to alarm you, but your Social Security number is already leaked | The Independent
300,000 Patients Impacted By Law Firm Data Breach
Business records on 100M+ people swiped, put up for sale • The Register
Leaked info of 122 million linked to B2B data aggregator breach
Embargo ransomware claims breach of US pharmacy network • The Register
Misconfigured Microsoft Power Pages could lead to data breaches
HIBP notifies 57 million people of Hot Topic data breach
Organised Crime & Criminal Actors
Scattered Spider, BlackCat criminals claw back • The Register
US Prison Sentences for Nigerian Cyber Criminals Surge in Recent Months - SecurityWeek
How Global Threat Actors May Respond to a Second Trump Term
Here's what we know about the Snowflake data theft suspects • The Register
ESET shines light on cyber criminal RedLine empire | Computer Weekly
Crypto CEO safe after being kidnapped and held for $1 million ransom | Fortune Crypto
Charges Unsealed for Alleged Hackers of Snowflake Customers
World Economic Forum calls for joint efforts to counter cyber threats - World - DAWN.COM
WEF Launches New Framework to Combat Cyber Crime - Infosecurity Magazine
Cyber crook devoid of boundaries gets 10-year prison stint • The Register
Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin
What To Know About Cyber Criminal Ross Ulbricht And His Possible Release Under Trump
FBI Warns US Organisations of Fake Emergency Data Requests Made by Cyber Criminals - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering
Criminal crypto launderer gets 12.5 years in prison • The Register
Crypto CEO safe after being kidnapped and held for $1 million ransom | Fortune Crypto
Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin
Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes
Insider Risk and Insider Threats
Guardsman gets 15 years after leaking secret info on Discord • The Register
Redefining Cyber Resilience: Calculating the Human Factor | MSSP Alert
Insurance
Crum & Forster Introduces Professional Liability Insurance for Chief Information Security Officers
Supply Chain and Third Parties
BoE and regulators set out digital rules to cut cyber-attack risks – Mortgage Strategy
NIST publishes guide on due diligence for cyber supply chain risk management – DataBreaches.Net
Millions of records from MOVEit hack released on dark web | SC Media
Amazon MOVEit Leaker Claims to Be Ethical Hacker - Infosecurity Magazine
Single points of failure breed systemic risk to national security | SC Media
300,000 Patients Impacted By Law Firm Data Breach
Bank of England U-turns on Vulnerability Disclosure Rules - Infosecurity Magazine
Cloud/SaaS
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
5 Ways to Save Your Organisation From Cloud Security Threats
Strategies for CISOs navigating hybrid and multi-cloud security - Help Net Security
Outages
Single points of failure breed systemic risk to national security | SC Media
Microsoft investigates OneDrive issue causing macOS app freezes
Identity and Access Management
Identity Security Is The Cornerstone Of Modern Cyber Defence
Machine Identities Outnumber Human Ones: 69% Of Companies Face Rising Security Risks"
Embracing The Future Of Cryptography And Identity Management
Encryption
Quantum cyber risk – securing tomorrow | BCS
Embracing The Future Of Cryptography And Identity Management
Linux and Open Source
Open Source Security Incidents Aren't Going Away
Passwords, Credential Stuffing & Brute Force Attacks
Here Are the Top 10 Passwords for 2024, and They're All Embarrassing - CNET
The true (and surprising) cost of forgotten passwords
Social Media
TikTok Pixel Privacy Nightmare: A New Case Study
Instagram purportedly subjected to widespread data scraping | SC Media
South Korea Fines Meta $15.7 Million For Collecting User Data - IT Security Guru
Malvertising
Hackers Abusing Google Ads To Deliver Fakebat Malware
Training, Education and Awareness
48% of small businesses don’t offer cyber security training
Cyber Security Education Needs a Team: Better Partner Up!
Regulations, Fines and Legislation
BoE and regulators set out digital rules to cut cyber-attack risks – Mortgage Strategy
CISOs in 2025: Balancing security, compliance, and accountability - Help Net Security
Preparing for DORA Amidst Technical Controls Ambiguity
GDPR landscape | Professional Security Magazine
More Spyware, Fewer Rules: What Trump’s Return Means for US Cyber Security | WIRED
How the Trump Administration May Reshape Security, Privacy
US doubles down support for UN cyber crime treaty | SC Media
Will cyber suffer under Trump’s goal to slash federal budgets? - Government Executive
Why Future-proofing Cyber Security Regulatory Frameworks Is Essential
Bank of England U-turns on Vulnerability Disclosure Rules - Infosecurity Magazine
Ambitious cyber security regulations leave companies in compliance chaos - Help Net Security
Washington's Cyber Security Storm of Complacency
Models, Frameworks and Standards
Preparing for DORA Amidst Technical Controls Ambiguity
NIST publishes guide on due diligence for cyber supply chain risk management – DataBreaches.Net
GDPR landscape | Professional Security Magazine
NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely
Data Protection
South Korea Fines Meta $15.7 Million For Collecting User Data - IT Security Guru
Careers, Working in Cyber and Information Security
Veterans’ military skills can help them fill cyber vacancies, State official says - Nextgov/FCW
Has the Cyber Security Workforce Peaked?
4 reasons why veterans thrive as cyber security professionals - Help Net Security
How Generative AI Will Change Jobs In Cyber Security
Tips for a successful cyber security job interview - Help Net Security
Law Enforcement Action and Take Downs
Scattered Spider, BlackCat criminals claw back • The Register
Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering
Here's what we know about the Snowflake data theft suspects • The Register
iPhones Seized by Cops Are Rebooting, and No One’s Sure Why
Man gets 10 years for stealing $20M in nest eggs from 400 US home buyers - Ars Technica
Charges Unsealed for Alleged Hackers of Snowflake Customers
Apple indeed added a feature called "inactivity reboot" in iOS 18.1 that reboots locked devices
New iOS Security Feature Reboots Devices to Protect User Data: Reports - SecurityWeek
Cyber crook devoid of boundaries gets 10-year prison stint • The Register
Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin
Misinformation, Disinformation and Propaganda
German interior minister warns of cyber threat ahead of elections
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
China’s Hacker Army Outshines America | Miami Herald
CISA, FBI Confirm China Hacked Telecoms Providers for Spying - SecurityWeek
Massive Telecom Hack Exposes US Officials to Chinese Espionage - Infosecurity Magazine
China-linked hackers stole surveillance data from telecom companies, US says | Reuters
Toolkit Vastly Expands APT41's Surveillance Powers
Nation State Actors
China
China’s Hacker Army Outshines America | Miami Herald
Chinese hacking effort is far more pervasive than previously reported, sources say - ABC News
US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack - SecurityWeek
Volt Typhoon rebuilds malware botnet following FBI disruption
CISA, FBI Confirm China Hacked Telecoms Providers for Spying - SecurityWeek
Massive Telecom Hack Exposes US Officials to Chinese Espionage - Infosecurity Magazine
Breaking Down Earth Estries Persistent TTPs in Prolonged Cyber Operations | Trend Micro (US)
Toolkit Vastly Expands APT41's Surveillance Powers
TikTok Pixel Privacy Nightmare: A New Case Study
Russia
How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) - Help Net Security
German interior minister warns of cyber threat ahead of elections
Households should keep enough cash on hand for three days, BoF says | Yle News | Yle
Pro-Russia Hackers Ramp Up Cyber Attacks on South Korea, Presidential Office Says - The Moscow Times
Iran
Adversarial advantage: Using nation-state threat analysis to strengthen US cyber security
TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware - Infosecurity Magazine
Credit cards readers across Israeli stores crash in DDoS cyber attack - The Jerusalem Post
North Korea
North Korean hackers create Flutter apps to bypass macOS security
Lazarus Group Uses Extended Attributes for Code Smuggling in macOS - Infosecurity Magazine
Pro-Russian Groups Target South Korea as North Korea Joins Ukraine - Infosecurity Magazine
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
1,400 Pegasus spyware infections detailed in WhatsApp’s lawsuit filings
More Spyware, Fewer Rules: What Trump’s Return Means for US Cyber Security | WIRED
Tools and Controls
48% of small businesses don’t offer cyber security training
Failed security controls cost businesses billions
The Role of Threat Intelligence in Preventing Ransomware - Security Boulevard
Identity Security Is The Cornerstone Of Modern Cyber Defence
Steps Organisations Can Take to Improve Cyber Resilience - Security Boulevard
How cyber security failures are draining business budgets - Help Net Security
Maximizing cyber security ROI: Best practices for CISOs today | TechRadar
API Security in Peril as 83% of Firms Suffer Incidents - Infosecurity Magazine
Machine Identities Outnumber Human Ones: 69% Of Companies Face Rising Security Risks"
Improve Your Organisation’s Data Security Posture- IT Security Guru
New iOS Security Feature Reboots Devices to Protect User Data: Reports - SecurityWeek
Cyber security network to make the UK safer and more resilient – UKRI
How Generative AI Will Change Jobs In Cyber Security
The ROI of Security Investments: How Cyber Security Leaders Prove It
Leveraging Threat Intelligence Feeds for Proactive Cyber Defence
80% Of Surveyed Businesses Don’t Have Plans For An AI-Related Crisis
Embracing The Future Of Cryptography And Identity Management
Redefining Cyber Resilience: Calculating the Human Factor | MSSP Alert
Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme
How Developers Drive Security Professionals Crazy
EU Ramps Up Cyber Resilience with Major Crisis Simulation Exercise - Infosecurity Magazine
Adversarial advantage: Using nation-state threat analysis to strengthen US cyber security
Enterprises look to AI to bridge cyber skills gap — but will still fall short | CSO Online
Dependency Management is Critical for Disaster Recovery After a Security Incident | HackerNoon
5 BCDR Oversights That Leave You Exposed to Ransomware
Half of businesses now using AI for cyber security | theHRD
Bank of England U-turns on Vulnerability Disclosure Rules - Infosecurity Magazine
O2’s AI Granny Outsmarts Scam Callers with Knitting Tales - Infosecurity Magazine
This Pixel phone feature listens in on calls to protect you from scams | ZDNET
Other News
Moody's Rating adds telecoms, airlines, utilities to highest risk category | CyberScoop
Ticketmaster Hackers Are Stealing Tickets Out of Customers' Accounts - Business Insider
Households should keep enough cash on hand for three days, BoF says | Yle News | Yle
More Spyware, Fewer Rules: What Trump’s Return Means for US Cyber Security | WIRED
These three critical sectors are riddled with high-risk vulnerabilities | ITPro
NIST report on hardware security risks reveals 98 failure scenarios - Help Net Security
Google Chrome Warning—New Drive-By Cyber Attack, No 0-Day Needed
Council Cyber Attacks: A Growing Issue | SC Media UK
How Global Threat Actors May Respond to a Second Trump Term
How Fintechs and Financial Institutions Can Demonstrate Resiliency: By Prakash Pattni
5 Must-Have Cyber Security Best Practices for Fintech Startups: By Sheza Gary
Looking to the skies: The importance of satellite cyber security | United States Studies Centre
Cyber security network to make the UK safer and more resilient – UKRI
Understanding the Cyber Criminal Mindset: Protecting Your School’s Data | Edexec
Could Cyber Expertise Aid Education in the Form of Governors? | SC Media UK
Automotive Safety and Security from the Bottom of the Stack
Cyber resilience takes centre stage at rail industry conference in London - Global Railway Review
Spray and pray: the cyber criminal tactic hurting shipping | TradeWinds
Vulnerability Management
Zero-days dominate top frequently exploited vulnerabilities - Help Net Security
Five Eyes nations reveal the top 15 most exploited flaws • The Register
NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely
NCSC on cyber threat landscape | Professional Security Magazine
Outdated PCs are Holes in Your Cyber Security Armor | Dell USA
Vulnerabilities
Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days
HPE Patches Critical Vulnerabilities in Aruba Access Points - SecurityWeek
Veeam Patches High-Severity Vulnerability as Exploitation of Previous Flaw Expands - SecurityWeek
Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop, InDesign, Illustrator - SecurityWeek
Citrix Issues Patches for Zero-Day Recording Manager Bugs
Exploit code released for RCE attack on Citrix VDI solution • The Register
Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns
Critical Veeam RCE bug now used in Frag ransomware attacks
Fortinet Releases Security Updates for Multiple Products | CISA
Ivanti Patches 50 Vulnerabilities Across Several Products - SecurityWeek
High-Severity Vulnerabilities Patched in Zoom, Chrome - SecurityWeek
Citrix, Fortinet Patch High-Severity Vulnerabilities - SecurityWeek
WordPress Security Plugin Vulnerability Endangers 4 Million+ Sites
High-severity Fortinet VPN flaw allows privilege escalation • The Register
CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed
D-Link won’t fix critical flaw affecting 60,000 older NAS devices
Google Chrome Warning—New Drive-By Cyber Attack, No 0-Day Needed
Chipmaker Patch Tuesday: Intel Publishes 44 and AMD Publishes 8 New Advisories - SecurityWeek
High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables
Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime & Shipping
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.