Threat Intelligence Blog

Contact our Experts Now

Subscribe to our Weekly Cyber Threat Intelligence Briefing

Black Arrow Admin 10/07/2024 Black Arrow Admin 10/07/2024

Black Arrow Cyber Advisory 10 July 2024 – Microsoft Patch Tuesday, Adobe and Citrix Updates

Executive summary

Microsoft’s July Patch Tuesday provides updates to address 143 security issues across its product range, including two actively exploited zero-day vulnerabilities (CVE-2024-38080 and CVE-2024-38112). The exploited zero-day vulnerabilities are a privilege escalation vulnerability in Hypervisor (CVE-2024-38080) and a spoofing vulnerability (CVE-2024-38112), both of which have been added the US Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog. Also, among the updates provided by Microsoft were 5 critical vulnerabilities.

In addition to the Microsoft updates this week also saw Adobe fix 7 vulnerabilities across various products, Citrix have also addressed multiple vulnerabilities including a critical in NetScaler Console.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker with access, to gain SYSTEM privileges or use malicious sites and spoof them to appear trusted. Both vulnerabilities if exploited could have a high impact on the confidentiality, integrity and availability of the organisations data on affected systems.

What can I do?

Black Arrow recommends applying the available security updates for all supported versions of Windows and Adobe products impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have a critical severity rating.

Technical Summary

Microsoft

CVE-2024-38080 – This vulnerability is an integer overflow affecting Hyper-V. If successfully exploited it allows an attacker to gain SYSTEM privileges on the host machine, however initial access to the local machine is required to exploit the flaw.

CVE-2024-38112 – This vulnerability is a spoofing vulnerability which affects Windows MSHTML Platform and can be exploited with a specially crafted HTML file. If successfully exploited it will allow an attacker to render malicious content as trusted, misleading users to divulge sensitive information like login credentials or to install malware.

Adobe

This month, Adobe released fixes for a total of 7 vulnerabilities across several of its products. Out of these, 6 were rated as critical. The affected products and their respective vulnerabilities are as follows: Adobe Premier Pro had 1 critical vulnerability, Adobe Bridge also had 1 critical vulnerability, and Adobe InDesign had 4 critical vulnerabilities. Currently, Adobe is not aware of any active exploitation of these vulnerabilities. The types of vulnerabilities addressed include arbitrary code execution and memory leaks.

Citrix

Citrix have released patches to fix multiple security vulnerabilities including a critical and high vulnerability in the NetScaler Console and Agent product. The critical vulnerability (CVE-2024-6235) if successfully exploited is an improper authorisation bug that could allow attackers to access sensitive information.

While Citrix has not stated that any of these vulnerabilities are being exploited in the wild, Black Arrow advises that organisations update the affected appliances as soon as possible. The affected products can be found below in the further information section.

Further details on Windows specific updates within this patch Tuesday can be found here:

https://www.securityweek.com/microsoft-warns-of-windows-hyper-v-zero-day-being-exploited/

Further details of the vulnerabilities addressed in Adobe Premiere Pro can be found here: https://helpx.adobe.com/security/products/premiere_pro/apsb24-46.html

Further details of the vulnerabilities addressed in Adobe Bridge can be found here:

https://helpx.adobe.com/security/products/bridge/apsb24-51.html

Further details of the vulnerabilities addressed in Adobe InDesign can be found here:

https://helpx.adobe.com/security/products/indesign/apsb24-48.html

Further details of the vulnerabilities addressed in Citrix NetScaler can be found here:

https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-svm-security-bulletin-for-cve20246235-and-cve20246236

Further information on US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog can be found here:

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 07/07/2024 Black Arrow Admin 07/07/2024

Black Arrow Cyber Threat Briefing 05 June 2024

Black Arrow Cyber Threat Intelligence Briefing 05 July 2024:

-Nearly 10 billion Passwords Leaked in the Largest Compilation of All-time

-Half of Employees Fear Punishment for Reporting Security Mistakes

-New RUSI Report Exposes Psychological Toll of Ransomware

-Cyber Extortion Soars: SMBs Hit Four Times Harder

-2024 Is Already the Year of the Cyber Attack

-Survey Reveals Growing Lack of Cyber Security Confidence

-Cyber Security is Worth the Spend

-Only 13% of Organisations are Cyber Mature

-Full-Blown Cyber War: a Hollywood Worthy Scenario

-Rising Risks Set to Drive Huge Investment in Cyber Security

-Authorised Push Payment Fraud Singled Out as Biggest Financial Crime Threat

-Setting the Tone at the Top to Manage Enterprise Risk

-Cyber Criminals are Free to Exploit Vulnerabilities Without Fear

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Governance, Risk and Compliance

Survey Surfaces Growing Lack of Cyber Security Confidence - Security Boulevard

Half of employees afraid to report security errors (betanews.com)

Half of Employees Fear Punishment for Reporting Security Mistakes - Infosecurity Magazine (infosecurity-magazine.com)

Rising risks set to drive huge investment in cyber security (emergingrisks.co.uk)

Cyber security is worth the spend | TechRadar

Only 13% of organisations are cyber mature - Help Net Security

76% of companies enhance cyber defences to secure insurance: Sophos - Reinsurance News

Adapting cyber security strategies to the escalating threat landscape (securitybrief.co.nz)

Cyber Workforce Grows 15% at Large Organisations - Infosecurity Magazine (infosecurity-magazine.com)

Cyber crime rises putting organisations under significant stress, report reveals (holyrood.com)

Navigating the cyber security tempest in the UK organisations (thehrdirector.com)

Setting the Tone at the Top to Manage Enterprise Risk - Infosecurity Magazine (infosecurity-magazine.com)

The impossibility of “getting ahead” in cyber defence - Help Net Security

Cyber resilience - how to achieve it when most businesses – and CISOs – don’t care (diginomica.com)

Boardroom Blindspot: How New Frameworks for Cyber Metrics are Reshaping Boardroom Conversations - Security Boulevard

Companies spend more on cyber security but struggle to track expenses - Help Net Security

Cyber Crime vs. Cyber Security: Learning the Tactics of Criminals to Protect Your Interests | J.S. Held - JDSupra

Waging war on cyber criminals: should cyber strategies be active or passive? - Verdict

Cyber insurance rates drop as businesses bolster cyber security measures - FStech Financial Sector Technology

Cyber insurance rates fall as businesses improve security, report says By Reuters (investing.com)

Inside the minds of CISOs - Help Net Security

Enterprise hits and misses - cyber security is out; cyber resilience is in. Gen AI is being overestimated, and trust matters in a deep fake world (diginomica.com)

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Full-blown cyberwar: a Hollywood worthy scenario | Cybernews

The US Wants to Integrate the Commercial Space Industry With Its Military to Prevent Cyber Attacks | WIRED

Major bank raises alarm bell on cyber 'warfare': Claims 'entire community is at risk' - ABC News

Nation State Actors

China

Google Thwarts Over 10,000 Attempts by Chinese Influence Operator - Infosecurity Magazine (infosecurity-magazine.com)

China is turning to private firms for offensive cyber operations - Defense One

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (thehackernews.com)

Taiwan reports over 100 cyber security incidents in May | Taiwan News | Jun. 29, 2024 14:22

Russia

Russia's Midnight Blizzard stole email of more Microsoft customers (securityaffairs.com)

Ukraine war briefing: US charges Russian with conspiring to destroy Kyiv computer systems | Ukraine | The Guardian

Russian hackers behind NHS attack are part of Kremlin-protected cyber army (inews.co.uk)

Microsoft reveals even more emails to customers were accessed by Russia-based hackers - Neowin

Vladimir Putin's latest escalation has hit far too close to home (telegraph.co.uk)

US charges Russian civilian for allegedly helping GRU spies target Ukrainian government systems with data-destroying malware | TechCrunch

Network Segmentation Saved TeamViewer From APT29 Attack (darkreading.com)

TeamViewer attributes security incident to Russian APT group Midnight Blizzard | SC Media (scmagazine.com)

Major bank raises alarm bell on cyber 'warfare': Claims 'entire community is at risk' - ABC News

Home Office was warned about NHS cyber hacks months before Kremlin-backed attack (inews.co.uk)

‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at Risk - Security Boulevard

Poland to probe Russia-linked cyber attack on state news agency (therecord.media)

US Announces $10 Mln Bounty for Russian Hacker Behind 2022 Hack Targeting Ukraine (kyivpost.com)

Source: Ukrainian cyber attack leaves at least 250,000 consumers without connection in Russian-occupied territories (kyivindependent.com)

HUR’s massive DDoS attack left 250,000 without communication in occupied territories / The New Voice of Ukraine (nv.ua)

Alert: French Diplomats Targeted By Russian Cyber Attacks - Security Boulevard

North Korea

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data (thehackernews.com)

Major bank raises alarm bell on cyber 'warfare': Claims 'entire community is at risk' - ABC News

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Cyber hacktivists issue “call to arms” to target elections in Europe, UK (verdict.co.uk)

Tools and Controls

Cyber security training needs a human touch (betanews.com)

Rising risks set to drive huge investment in cyber security (emergingrisks.co.uk)

Cyber security is worth the spend | TechRadar

Network Segmentation Saved TeamViewer From APT29 Attack (darkreading.com)

Half of IT pros think there are devices on their network they don't know about (betanews.com)

Fortinet annual skills gap report - more security training needed - Verdict

A fifth of office workers have access to data from a previous employer - Business Plus

Escalating global cyber threats require robust layered security measures | TechRadar

Fake IT support sites push malicious PowerShell scripts as Windows fixes (bleepingcomputer.com)

Reduce security risk with 3 edge-securing steps | CSO Online

76% of companies enhance cyber defences to secure insurance: Sophos - Reinsurance News

The Future Of The Cyber Security Profession With The Rise Of AI (forbes.com)

Adapting cyber security strategies to the escalating threat landscape (securitybrief.co.nz)

Navigating the cyber security tempest in the UK organisations (thehrdirector.com)

Insurers told they need to get active in cyber risk response (emergingrisks.co.uk)

Cyber insurance Bedevils Law Firms - Above the Law

Setting the Tone at the Top to Manage Enterprise Risk - Infosecurity Magazine (infosecurity-magazine.com)

How MFA Failures are Fueling a 500% Surge in Ransomware Losses (thehackernews.com)

Boardroom Blindspot: How New Frameworks for Cyber Metrics are Reshaping Boardroom Conversations - Security Boulevard

Companies spend more on cyber security but struggle to track expenses - Help Net Security

Stress-Testing Security Assumptions in a World of New & Novel Risks (darkreading.com)

Organisations use outdated approaches to secure APIs - Help Net Security

Kaspersky software ban: CISOs must move quickly, experts say | CSO Online

Rethinking Cyber Security in the Age of AI - Security Boulevard

Friend or Foe? AI's Complicated Role in Cyber Security (darkreading.com)

Blurred lines: Securing the physical and digital sides of business - IT Security Guru

Understanding collective defence as a route to better cyber security | TechRadar

Waging war on cyber criminals: should cyber strategies be active or passive? - Verdict

Staying Ahead of Adversarial AI with Incident Response Automation - Security Boulevard

Embracing Automation: The Key to Proactive Security | MSSP Alert

SIEM-Apocalypse: Protecting Your Security Team in a Time of Turmoil | MSSP Alert

Want to scale cyber defenders? Focus on AI-enabled security and organisation-wide training | CyberScoop

US folk still buying in 3rd-party antivirus, more so the old • The Register

Four Reasons Why You Should Evaluate Your Cyber Security System (forbes.com)

Cyber insurance rates fall as businesses improve security, report says By Reuters (investing.com)

Compliance, Security and the Role of Identity - Security Boulevard

Why AI is essential to securing software and data supply chains (betanews.com)

4 key steps to building an incident response plan - Help Net Security

Reports Published in the Last Week

2024 Cyber Threat Report | Huntress

Other News

Cyber Criminals Are Free To Exploit Vulnerabilities Without Fear | HackerNoon

Google is cracking down on internet security in this big way | Digital Trends

Water supplies remain ‘too weak’ when it comes to cyber security - Digital Journal

Man-In-The-Middle Attacks are Still a Serious Security Threat - Security Boulevard

Hackers Are Hiding in Plain Sight: Insights from Our 2024 Cyber Threat Report | Huntress

Blurred lines: Securing the physical and digital sides of business - IT Security Guru

Understanding collective defence as a route to better cyber security | TechRadar

Over 380k Hosts Still Referencing Malicious Polyfill Domain: Censys - Security Week

Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies (thehackernews.com)

Cyber attack handling ‘staggeringly incompetent’ | Guernsey Press

Paris Olympics 2024: The rising threat of cyber attacks (yahoo.com)

States of Guernsey hit by attempted cyber attack on emails - BBC News

Food Security: Mitigating the Dangers of Digital Poison | AFCEA International

CISA director: US 'not afraid' to probe holes in Big Tech • The Register

Stress-Testing Security Assumptions in a World of New & Novel Risks (darkreading.com)

Kaspersky software ban: CISOs must move quickly, experts say | CSO Online

Space: The Final Frontier for Cyber Attacks (informationweek.com)

IT Security Responsibilities for Online Start-Ups - IT Security Guru

To guard against cyber attacks in space, researchers ask ‘what if?’ (theconversation.com)

Protecting our data in a world of rising cyber attacks - IT Security Guru

States hit back at deputies’ IT security criticism | Bailiwick Express

OPINION: Why cyber security urgently needs updating in transportation | Traffic Technology Today

Vulnerability Management

Stress-Testing Security Assumptions in a World of New & Novel Risks (darkreading.com)

Embracing the Absurd: Finding Freedom in Cyber Security - Security Boulevard

The Great Overcomplication | AFCEA International

99% of IoT exploitation attempts rely on previously known CVEs - Help Net Security

Smashing Silos With a Vulnerability Operations Center (VOC) - Security Boulevard

Vulnerabilities

First OpenSSH vulnerability in nearly two decades leaves over 14 million servers potentially at risk | ITPro

Over 14M servers may be vulnerable to OpenSSH's regreSSHion RCE flaw. Here's what you need to do | ZDNET

PoC Exploit Published for Linux Kernel Privilege Escalation Flaw (cybersecuritynews.com)

3 million iOS and macOS apps were exposed to potent supply-chain attacks | Ars Technica

'Almost every Apple device' vulnerable to CocoaPods • The Register

8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining (thehackernews.com)

Critical GitLab Bug Threatens Software Development Pipelines (darkreading.com)

Juniper releases out-of-cycle fix for max severity auth bypass flaw (bleepingcomputer.com)

This Windows 11 bug may break Windows Security (xda-developers.com)

Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Security Week

New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data (thehackernews.com)

Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug - Security Week

Gogs vulnerabilities may put your source code at risk | SC Media (scmagazine.com)

Hackers exploit critical D-Link DIR-859 router flaw to steal passwords (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin 02/07/2024 Black Arrow Admin 02/07/2024

Black Arrow Cyber Advisory 02 July 2024 – Critical Vulnerabilities identified in OpenSSH, Juniper, and Apple App Development Supply Chain

Executive Summary

A critical security flaw that could allow unauthenticated remote code execution with root privileges has been discovered in the OpenSSH Server component when deployed in its default configuration. Critical vulnerabilities have also been discovered in Juniper Networks' ‘Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router’ product line. Additionally, vulnerabilities have been found within the CocoaPods dependency manager, which is used to manage library dependencies for many popular iOS and macOS applications. These vulnerabilities could allow attackers to claim ownership of thousands of unclaimed ‘pods’, enabling them to modify and insert malicious code into these dependencies.

Security updates have been released for the OpenSSH and Juniper vulnerabilities. Although the CocoaPods vulnerabilities have now been patched, developers are encouraged to verify the integrity of any open-source dependencies used previously within their applications, as these vulnerabilities have been present since a migration took place in 2014.

What’s the risk to me or my business?

If exploited, these vulnerabilities could compromise the confidentiality, integrity, and availability of data stored by an organisation. Specific information on each vulnerability is provided in the technical summary below.

What can I do?

Security updates are available for OpenSSH and affected Juniper products. These updates should be applied as soon as possible, especially for actively exploited vulnerabilities. It should be noted that where OpenSSH has been deployed into products managed by a hardware vendor, such as a firewall, security updates will need to be applied once released by the vendor. Software developers who rely on the CocoaPods dependency manager should verify the integrity of any dependencies, look to remove orphaned dependencies and should also conduct scans for malicious or suspicious code as part of secure development practices.

Technical Summary

OpenSSH

CVE-2024-6387: A critical race condition vulnerability may allow remote code execution with root privileges. This has been demonstrated in lab conditions to be successful after an average of 6-8 hours of continuous connections on 32-bit Linux systems. While 64-bit systems are believed to be exploitable, this was not demonstrated during testing. As OpenSSH is an included dependency for many different products, vendors will need to release their own security patches for these dependencies. Mitigation advice includes restricting SSH services to only be accessible from trusted sources or disabling the functionality if not required until a patch is available.

Further details on the OpenSSH vulnerabilities and individual vendor responses can be found here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387.

Juniper

CVE-2024-2973: An Authentication Bypass Using an Alternate Path or Channel vulnerability with a CVSS 4.0 rating of 10.0 is present in Juniper Networks' Session Smart Router or Conductor running with a redundant peer. This allows a network-based attacker to bypass authentication and take full control of the device. The vendor advises that only Routers or Conductors running in high-availability redundant configurations are affected by this vulnerability and recommends that affected products be patched as soon as possible.

Further details on the vulnerabilities addressed can be found here: https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973?language=en_US.

CocoaPods

E.V.A Information Security conducted research into the CocoaPods dependency manager, often used in the development of iOS and macOS applications that rely on Swift or Objective-C languages. Over 3 million applications have used the dependency manager, and thousands of packages have been left exposed in a state where they could have been maliciously taken over since a migration in 2014 left these in an orphaned state, where the original owner was not confirmed. Malicious actors could use a public API and an email address to claim ownership over these packages, allowing them to alter or replace the source code with their own malicious code. Developers are advised to review the dependency lists and package managers used within their applications, validate checksums, perform scans for malicious code, and limit the use of orphaned or unmaintained packages.

Further details on the vulnerabilities can be found here: https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

Black Arrow Admin 30/06/2024 Black Arrow Admin 30/06/2024

Black Arrow Cyber Threat Briefing 28 June 2024

Black Arrow Cyber Threat Intelligence Briefing 28 June 2024:

-Cyber Attacks on The Rise with Financial Sector a Top Target, Report Reveals

-Cloud Resources Have Become Biggest Targets for Cyber Attacks, Finds Thales

-Hackers Grow More Sinister and Brazen in Hunt for Bigger Ransoms

-1 Out of 3 Breaches Go Undetected

-Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organisations Experience Cyber Breaches and Incidents

-Why Are Threat Actors Faking Data Breaches?

-China-Sponsored Attackers Target 40K Corporate Users in 90 Days

-Cyber Security Neglect: The Silent Killer of Businesses

-Third of Organisations Have Suffered Three or More Data Breaches in the Last 24 Months

-75% of New Vulnerabilities Exploited Within 19 Days

-It’s a Hard Time to Be a CISO. Transformational Leadership is More Important Than Ever.

-Tackling The Role Human Error Plays in Data Breaches

Governance, Risk and Compliance

It’s a Hard Time to Be a CISO. Transformational Leadership is More Important Than Ever. - Security Boulevard

The NYSE's $10M Wake-up Call (darkreading.com)

Cyber Attacks on the rise with financial sector a top target, report reveals (investmentnews.com)

Cyber security Neglect: The Silent Killer of Businesses | HackerNoon

Organisations with outdated security approaches getting hammered: Cloudflare | CSO Online

Today's Most Overlooked Mergers and Acquisitions Cyber Security and Compliance Risks | Inc.com

New cyber threat research for SMB in 2024 | Securelist

Nearly half of cyber professionals do not have the budget for adequate protection – Coalition | Insurance Times

Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organisations Report Cyber Breaches and Incidents (darkreading.com)

Building a culture of security is everyone’s responsibility - Raconteur

Small Businesses Taking Proactive Steps to Prevent Cyber Attacks (smallbiztrends.com)

Is Defence Winning? A Look at Decades of Playing Catch Up (darkreading.com)

Working with a cyber security committee of the board | Microsoft Security Blog

CISOs Reveal Firms Prioritize Savings Over Long-Term Security - Infosecurity Magazine (infosecurity-magazine.com)

CISOs becoming more comfortable with risk levels - Help Net Security

Inside the Mind of a CISO: Survey and Analysis - SecurityWeek

CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed (darkreading.com)

Some strategies for CISOs freaked out by the specter of federal indictments | CSO Online

The challenges in maintaining effective cyber security (securitybrief.co.nz)

A proactive cyber security policy is not just smart — it’s essential (securityintelligence.com)

The cyber attacks which could wipe your business out | BelfastTelegraph.co.uk

Global business leaders are optimistic about growth and focused on cyber security, AI, sustainability, brand image and international outlook (cnn.com)

Evaluating crisis experience in CISO hiring: What to look for and look out for | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

The State of Ransomware 2024 | SC Media (scmagazine.com)

Ransomware threat landscape Jan-Apr 2024: insights and challenges (securityaffairs.com)

UK and US cops put Qilin ransomware crims in the crosshairs • The Register

Key Takeaways From the British Library Cyber Attack (darkreading.com)

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (thehackernews.com)

Hackers Grow More Sinister and Brazen in Hunt for Bigger Ransoms - Bloomberg

Research Reveals Two-Thirds of Organisations Infected with Ransomware Multiple Times, with One-in-Five Infected More than Ten Times | Business Wire

Ratel RAT targets outdated Android phones in ransomware attacks (bleepingcomputer.com)

Red Tape Is Making Hospital Ransomware Attacks Worse | WIRED

Cyber Attacks: An Unseen State Of Emergency In Healthcare (forbes.com)

Chinese Cyber Spies Employ Ransomware in Attacks for Diversion (bleepingcomputer.com)

Cyber attacks on healthcare: Russia’s tool for mass disruption - Medical Device Network (medicaldevice-network.com)

New ransomware, infostealers pose growing risk in 2024 - Help Net Security

Best practices for protection from ransomware in cloud storage | TechTarget

Meet the Ransomware Negotiators (darkreading.com)

Ransomware Victims

Hackers Publish 400GB Of Data After London Hospital Cyber Attack (forbes.com)

UK government weighs action against Russian hackers over NHS records theft | NHS | The Guardian

It Happened Again; A Major Cyber Attack On The NHS. Why Are Health Organisations A Prime Target? (forbes.com)

Lockbit 3.0 Claims Attack on Federal Reserve: 33 Terabytes of Sensitive Data Allegedly Compromised (redhotcyber.com)

LockBit lied: Stolen data is from a bank, not US Federal Reserve (bleepingcomputer.com)

UK and US cops put Qilin ransomware crims in the crosshairs • The Register

NHS data breach: Over 3,000 appointments and operations cancelled amid reports of potential counteraction against attackers – PublicTechnology

Key Takeaways From the British Library Cyber Attack (darkreading.com)

Security firm Accenture breached, claim cybercriminals | Cybernews

Here's what ransomware crims stole from Change Healthcare • The Register

NHS patients affected by cyber-attack may face six-month wait for blood test (yahoo.com)

Investigation of Russian Hack on London Hospitals May Take Weeks Amid Worries Over Online Data Dump - SecurityWeek

CDK Cyber Attack: What Is It, Who Is Responsible and What’s the Fallout? - Bloomberg

Hacked UK Trove Includes Data on Newborns, Cancer Patients (1) (bloomberglaw.com)

Crisis-hit firm behind vital NHS services faces uncertain future | Technology sector | The Guardian

Evolve Bank caught up in latest Russia-linked cyber attacks (paymentexpert.com)

Expert Reveals Cyber Attack ‘Paralyzed’ Over 15K US Car Dealerships (dailydot.com)

Startups scramble to assess fallout from Evolve Bank data breach | TechCrunch

Indonesia Says a Cyber Attack Has Compromised Its Data Centre but It Won't Pay the $8 Million Ransom - SecurityWeek

NHS officials warned over patients data exposed in ‘hackers honey pot’ | The Independent

CDK cyber attacks show need for world offensive against criminals | Automotive News (autonews.com)

Shoe Zone hit by cyber attack (drapersonline.com)

Phishing & Email Based Attacks

Widespread phishing attack impacts many LA County departments | SC Media (scmagazine.com)

400 million Outlook users at risk from security bug — what you need to know | Tom's Guide (tomsguide.com)

The Rising Threat of Mobile Phishing and How to Avoid It | MSSP Alert

Warning in Guernsey after phishing scam increase - BBC News

Expert Reveals Cyber Attack ‘Paralyzed’ Over 15K Dealerships (dailydot.com)

Malware Sandbox Any.Run Targeted in Phishing Attack - SecurityWeek

BEC

Australian gov supplier bank details altered in cyber attacks - Security - iTnews

Other Social Engineering

Mark Cuban claims his Gmail was hacked after receiving hoax call (cointelegraph.com)

What is shoulder surfing and how to prevent it? | Proton

Artificial Intelligence

Cloud security faces pressure from AI growth, multicloud use | CSO Online

91% of Security Leaders Believe AI Set to Outpace Security Teams, Bugcrowd Report Finds (prnewswire.com)

How are CISOs and organisations navigating AI cyber attacks? | TechFinitive

Political Deepfakes Are the Top Use of Malicious AI (pcmag.com)

Future trends in cyber warfare: Predictions for AI integration and space-based operations - Help Net Security

Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content (darkreading.com)

Cyber Security is a ‘team sport’ amid new gen AI–based cyber attacks | Fortune Asia

Microsoft: 'Skeleton Key' attack unlocks the worst of AI • The Register

Hackers expose deep cyber security vulnerabilities in AI | BBC News - YouTube

Security pros grade Apple Intelligence data privacy measures | TechTarget

Apple delays launch of AI-powered features in Europe, blaming EU rules | Apple | The Guardian

How to construct a cyber security policy that sits alongside AI (architecture.com)

2FA/MFA

The Snowflake breach tells us that passwords aren't enough | TechRadar

Multifactor Authentication Is Not Enough to Protect Cloud Data (darkreading.com)

Push Notification Fatigue Leads to LA County Health Department Data Breach - SecurityWeek

Malware

Cyber Attackers Turn to Cloud Services to Deploy Malware - Infosecurity Magazine (infosecurity-magazine.com)

Use of novel malware jumps 40% in 3 months, new report finds (techmonitor.ai)

New Unfurling Hemlock threat actor floods systems with malware (bleepingcomputer.com)

Telcos Hit Hardest by Cloud Malware, Report Finds - IT Security Guru

Oyster Backdoor Spreading via Trojanized Popular Software Downloads (thehackernews.com)

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign (thehackernews.com)

Google Chrome Web Store still has security work to do • The Register

280 Million Google Chrome Users Installed Dangerous Extensions, Study Says (forbes.com)

'Mirai-like' botnet observed attacking EOL Zyxel NAS devices • The Register

New Cyber threat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks (thehackernews.com)

Experts observed approximately 120 malicious campaigns using the Rafel RAT - Security Affairs

New Medusa malware variants target Android users in seven countries (bleepingcomputer.com)

Snowblind malware abuses Android security feature to bypass security (bleepingcomputer.com)

Novel Banking Malware Targets Customers in Southeast Asia - Infosecurity Magazine (infosecurity-magazine.com)

WordPress Fights Off Malware Attack, 5 Plugins Infected | MSSP Alert

New ransomware, infostealers pose growing risk in 2024 - Help Net Security

Mac users served info-stealer malware through Google ads | Ars Technica

Cyber attackers are using more new malware, attacking critical infrastructure | CSO Online

Korean telco allegedly infected its P2P users with malware • The Register

ISP accused of installing malware on 600,000 customer PCs to interfere with torrent traffic | TechSpot

Mobile

Forget privacy, young internet users want to be tracked (ft.com)

Here's how to keep your data private on your phone, PC, and tablet (xda-developers.com)

US government tells some Pixel users to update their phones in 10 days or stop using them - PhoneArena

The Rising Threat of Mobile Phishing and How to Avoid It | MSSP Alert

Ratel RAT targets outdated Android phones in ransomware attacks (bleepingcomputer.com)

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping (thehackernews.com)

New Medusa malware variants target Android users in seven countries (bleepingcomputer.com)

Snowblind malware abuses Android security feature to bypass security (bleepingcomputer.com)

Your Phone's 5G Connection is Vulnerable to Bypass, DoS Attacks (darkreading.com)

Denial of Service/DoS/DDOS

Don’t fall for these DDoS myths | TechFinitive

Your Phone's 5G Connection is Vulnerable to Bypass, DoS Attacks (darkreading.com)

Largest Croatian hospital under cyber attack - Help Net Security

Data Breaches/Leaks

1 out of 3 breaches go undetected - Help Net Security

Why are threat actors faking data breaches? - Help Net Security

Third of Organisations Have Suffered Three or More Data Breaches in the Last 24 Months - IT Security Guru

Microsoft Tells More Clients Russian Hackers Viewed Emails (2) (bloomberglaw.com)

All 150,000 residents of Dumfries and Galloway warned to assume data loss in NHS cyber attack – PublicTechnology

Santander Employee Data Breach Linked to Snowflake Attack - SecurityWeek

Post Office accidentally leaks names of sub-postmasters - BBC News

Sir Alan Bates hits out at Post Office ‘incompetence’ after data breach | Computer Weekly

First million breached Ticketmaster records released for free | Malwarebytes

The Snowflake latest: New victims, ShinyHunters takes credit • The Register

Security firm Accenture breached, claim cybercriminals | Cybernews

Push Notification Fatigue Leads to LA County Health Department Data Breach - SecurityWeek

Optus database compromised in 2022 by simple coding error - Mobile World Live

CISA confirms hackers may have accessed data from chemical facilities during January incident (therecord.media)

Microsoft blamed for million-record theft from Geisinger • The Register

Tackling the role human error plays in data breaches | TechRadar

NHS officials warned over patients data exposed in ‘hackers honey pot’ | The Independent

NYPD officer database had security flaws that could have let hackers covertly modify officer data - Nextgov/FCW

Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more | Malwarebytes

TeamViewer Detects Security Breach in Corporate IT Environment (thehackernews.com)

Authenticator for X, TikTok Exposes Personal User Info for 18 Months (darkreading.com)

Five things security teams need to know about the latest MOVEit Transfer bug | SC Media (scmagazine.com)

Hacker claims to have 30 million customer records from Australian ticket seller giant TEG | TechCrunch

Los Angeles Unified confirms student data stolen in Snowflake account hack (bleepingcomputer.com)

Neiman Marcus Data Breach Disclosed as Hacker Offers to Sell Stolen Information - SecurityWeek

Credential Stuffing Attack Hits 72,000 Levi’s Accounts - Infosecurity Magazine (infosecurity-magazine.com)

Designed Receivable Solutions Data Breach Impacts 585,000 People - SecurityWeek

Web scraping is not just a security or fraud problem - Help Net Security

Japan's space agency struck by multiple cyber attacks, but officials say no sensitive data was taken - Washington Times

Organised Crime & Criminal Actors

Why are threat actors faking data breaches? - Help Net Security

Why Russia Is Facing a Crime Wave When War on Ukraine Ends - Bloomberg

Russian soldiers returning home are sending crime higher | Fortune

18,000 cyber security attacks reported to Hong Kong police in 3 months | South China Morning Post (scmp.com)

Four FIN9 hackers indicted for cyber attacks causing $71M in losses (bleepingcomputer.com)

Organised crime and domestic violence perps buy trackers • The Register

Wikileaks' Julian Assange Released from UK Prison, Heads to Australia (thehackernews.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

50 Cent got hacked by someone shilling memecoins and it seemed to work | Mashable

Predators steal additional $10M from crypto scam victims • The Register

Feds put $5m bounty on 'CryptoQueen' Ignatova's whereabouts • The Register

Crypto-gang leader convicted of vicious kidnaps, robbery • The Register

Suspected North Korean Attack Drains $2m from CoinStats Wallets - Infosecurity Magazine (infosecurity-magazine.com)

Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets - SecurityWeek

CoinStats says North Korean hackers breached 1,590 crypto wallets (bleepingcomputer.com)

Insider Risk and Insider Threats

Tackling the role human error plays in data breaches | TechRadar

JPMorgan Hacker May Have Built New Fraud Empire While Working With FBI - Bloomberg

Insurance

Recovery costs of cyber attacks outpacing insurance – Sophos | Insurance Times

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

Cyber cover still seen as “nice to have” despite threats (emergingrisks.co.uk)

76% of Companies Improved Their Cyber Defences to Qualify (globenewswire.com)

UK midsize firms wary of cyber insurance: Coalition - Reinsurance News

Surge in cyber insurance market fuelled by regulatory shifts and global tensions: Morningstar DBRS - Reinsurance News

How are cyber insurance claims shaping up for 2024? | Insurance Business America (insurancebusinessmag.com)

US businesses struggle to obtain cyber insurance, lawmakers are told | CyberScoop

Supply Chain and Third Parties

It Happened Again; A Major Cyber Attack On The NHS. Why Are Health Organisations A Prime Target? (forbes.com)

Santander Employee Data Breach Linked to Snowflake Attack - SecurityWeek

The Snowflake latest: New victims, ShinyHunters takes credit • The Register

NHS patients affected by cyber-attack may face six-month wait for blood test (yahoo.com)

Investigation of Russian Hack on London Hospitals May Take Weeks Amid Worries Over Online Data Dump - SecurityWeek

Microsoft blamed for million-record theft from Geisinger • The Register

How to Respond When Your Service Provider Suffers a Cyber Attack - Dear Mary – Incidents + Investigations Cyber Security Advice Column | Troutman Pepper - JDSupra

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack (thehackernews.com)

Remove Polyfill.io code from your website immediately • The Register

Cloud/SaaS

Cyber Attackers Turn to Cloud Services to Deploy Malware - Infosecurity Magazine (infosecurity-magazine.com)

Cloud security faces pressure from AI growth, multicloud use | CSO Online

The Snowflake breach tells us that passwords aren't enough | TechRadar

Multifactor Authentication Is Not Enough to Protect Cloud Data (darkreading.com)

Cloud Resources have Become Biggest Targets for Cyber Attacks, finds Thales | Thales Group

Cloud Breaches Impact Nearly Half of Organisations - Infosecurity Magazine (infosecurity-magazine.com)

Santander Employee Data Breach Linked to Snowflake Attack - SecurityWeek

Telcos Hit Hardest by Cloud Malware, Report Finds - IT Security Guru

The Snowflake latest: New victims, ShinyHunters takes credit • The Register

UK government’s M365 use under scrutiny after Microsoft’s ‘no guarantee of sovereignty’ disclosure | Computer Weekly

Police Scotland did not consult ICO about high-risk cloud system | Computer Weekly

SAP customers warned on risks in unofficial route to cloud • The Register

Best practices for protection from ransomware in cloud storage | TechTarget

Crafting a Robust Cloud Security Strategy in 2024 | MSSP Alert

Are rainy days ahead for cloud computing? - BBC News

Encryption

Europe and Australia both back down on CSAM scanning (9to5mac.com)

Telegram says it has 'about 30 engineers'; security experts say that's a red flag | TechCrunch

Passwords, Credential Stuffing & Brute Force Attacks

The Snowflake breach tells us that passwords aren't enough | TechRadar

Credential Stuffing Attack Hits 72,000 Levi’s Accounts - Infosecurity Magazine (infosecurity-magazine.com)

Levi's Data Breach: 72,000+ Customers' Data Exposed (cybersecuritynews.com)

Social Media

50 Cent got hacked by someone shilling memecoins and it seemed to work | Mashable

Authenticator for X, TikTok Exposes Personal User Info for 18 Months (darkreading.com)

Malvertising

Mac users served info-stealer malware through Google ads | Ars Technica

Regulations, Fines and Legislation

The NYSE's $10M Wake-up Call (darkreading.com)

A New Cyber Security Executive Order Puts the Heat on Critical Infrastructure Suppliers (securityintelligence.com)

Cyber Security | UK Regulatory Outlook June 2024 - Osborne Clarke | Osborne Clarke

Police Scotland did not consult ICO about high-risk cloud system | Computer Weekly

Surge in cyber insurance market fuelled by regulatory shifts and global tensions: Morningstar DBRS - Reinsurance News

What qualifies as a material cyber security incident? | TechTarget

Apple delays launch of AI-powered features in Europe, blaming EU rules | Apple | The Guardian

Some strategies for CISOs freaked out by the specter of federal indictments | CSO Online

Consulting firms settle $11.3M cyber security case (devx.com)

CMM 2.0 - What UK-Based Contractors Need to Know (techuk.org)

American Privacy Rights Act is now weak sauce, critics warn • The Register

The UK Government Announces Ambitious Proposals to Improve Software Security and Resilience | Pillsbury - Global Sourcing Practice - JDSupra

Models, Frameworks and Standards

Catching Up on Innovation With NIST CSF 2.0

Implementing CIS Controls in Small and Medium Enterprises | UpGuard

PCI DSS 4.0.1: New Clarifications on Client-Side Security – What You Need to Know - Security Boulevard

Backup and Recovery

Why immutable data storage is key to cyber security strategy | TechRadar

Data Protection

Apple delays launch of AI-powered features in Europe, blaming EU rules | Apple | The Guardian

American Privacy Rights Act is now weak sauce, critics warn • The Register

Careers, Working in Cyber and Information Security

12 hottest IT security certs for higher pay today | CSO Online

Gaining and Retaining Security Talent: A Cheat Sheet for CISOs - SecurityWeek

Fortinet report highlights global cyber security skills shortage (securitybrief.co.nz)

Employers urged to find cyber security talent differently (devx.com)

Evaluating crisis experience in CISO hiring: What to look for and look out for | CSO Online

Removal of Certain Degree Requirements To Boost Federal Cyber Workforce | AFCEA International

How to become a cyber security architect | TechTarget

Law Enforcement Action and Take Downs

UK's largest nuclear site denies being hacked but pleads guilty over cyber security failures (therecord.media)

Five men convicted for operating illegal streaming site Jetflicks (bleepingcomputer.com)

UK and US cops put Qilin ransomware crims in the crosshairs • The Register

Sellafield Pleads Guilty to Historic Cyber Security Offenses - Infosecurity Magazine (infosecurity-magazine.com)

Sellafield pleads guilty to criminal charges over cyber security | Computer Weekly

Four FIN9 hackers indicted for cyber attacks causing $71M in losses (bleepingcomputer.com)

Crypto-gang leader convicted of vicious kidnaps, robbery • The Register

Russian national indicted for role in cyber attacks on Ukraine | CyberScoop

Russian Charged With Ukrainian Cyber Attack Before Invasion - Law360

Ukraine war briefing: US charges Russian with conspiring to destroy Kyiv computer systems | Ukraine | The Guardian

War Crime Prosecutions Enter a New Digital Age | WIRED

Operation First Light Seizes $257m in Global Scam Bust - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

The inside view of spyware’s 'dirty interference,' from two recent Pegasus victims (therecord.media)

Political Deepfakes Are the Top Use of Malicious AI (pcmag.com)

Supreme Court rejects effort to limit government communication on misinformation | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Cyber operations create additional risks for people’s security and well-being | ICRC

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

Future trends in cyber warfare: Predictions for AI integration and space-based operations - Help Net Security

US military project aims to prevent hackers targeting satellites and recognises rising threat of cyber attacks in space (theconversation.com)

Nation State Actors

China

China-Sponsored Attackers Target 40K Corporate Users in 90 Days (darkreading.com)

China-Russia alignment: a threat to Europe's security | Merics

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

'SneakyChef' APT Slices Up Foreign Affairs With SugarGh0st (darkreading.com)

Chinese hackers have stepped up attacks on Taiwanese organisations, cyber security firm says (yahoo.com)

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign (thehackernews.com)

Protecting America’s cyber security demands showing our teeth | CyberScoop

Chinese Cyber Spies Employ Ransomware in Attacks for Diversion (bleepingcomputer.com)

Beyond TikTok: Navigating the cyber security landscape of tomorrow (federaltimes.com)

China-Linked Espionage Groups Target Asian Telecoms (darkreading.com)

Chinese Hackers Have Stepped Up Attacks on Taiwanese Organisations, Cyber Security Firm Says - SecurityWeek

18,000 cyber security attacks reported to Hong Kong police in 3 months | South China Morning Post (scmp.com)

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack (thehackernews.com)

Russia

Microsoft Tells More Clients Russian Hackers Viewed Emails (2) (bloomberglaw.com)

China-Russia alignment: a threat to Europe's security | Merics

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

US Treasury Sanctions 12 Kaspersky Executives Amid Software Ban (thehackernews.com)

Why Russia Is Facing a Crime Wave When War on Ukraine Ends - Bloomberg

Russian soldiers returning home are sending crime higher | Fortune

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (thehackernews.com)

European Union Sanctions Russian State Hackers (govinfosecurity.com)

Protecting America’s cyber security demands showing our teeth | CyberScoop

Russian used US systems for pre-invasion attack on Ukraine, US says - Defense One

UK government weighs action against Russian hackers over NHS records theft | NHS | The Guardian

Evolve Bank & Trust Confirms Data Was Stolen in Cyber Attack (claimsjournal.com)

Cyber attacks on healthcare: Russia’s tool for mass disruption - Medical Device Network (medicaldevice-network.com)

Russian national indicted for role in cyber attacks on Ukraine | CyberScoop

Russian Charged With Ukrainian Cyber Attack Before Invasion - Law360

Ukraine war briefing: US charges Russian with conspiring to destroy Kyiv computer systems | Ukraine | The Guardian

Kaspersky Denies Security Risk, After US Sales Ban | Silicon UK

The US bans Kaspersky products, citing security risks - what this means for you | ZDNET

US Bans Kaspersky Over Alleged Kremlin Links - Infosecurity Magazine (infosecurity-magazine.com)

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor (thehackernews.com)

FBI joins hunt for hackers who stole NHS records (thetimes.com)

HUR Cyber Attack Hits Russian Internet Providers in Occupied Crimea (kyivpost.com)

Evolve Bank caught up in latest Russia-linked cyber attacks (paymentexpert.com)

North Korea

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (thehackernews.com)

Protecting America’s cyber security demands showing our teeth | CyberScoop

Cyber operations create additional risks for people’s security and well-being | ICRC

Suspected North Korean Attack Drains $2m from CoinStats Wallets - Infosecurity Magazine (infosecurity-magazine.com)

Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets - SecurityWeek

CoinStats says North Korean hackers breached 1,590 crypto wallets (bleepingcomputer.com)

Tools and Controls

Cyber warfare is not insurable: Munich Re's Kreuzer - Reinsurance News

Recovery costs of cyber attacks outpacing insurance – Sophos | Insurance Times

Four steps to build cyber resilience in the public sector | TechRadar

US bans Kaspersky and hands out sanctions to execs — 100 days until class-leading antivirus ban takes effect | Tom's Hardware (tomshardware.com)

Conditional Access - The ultimate starter guide (oceanleaf.ch)

Hybrid work prompts spike in network security threats | Computer Weekly

Why immutable data storage is key to cyber security strategy | TechRadar

What Application Security Within Shadow IT Looks Like (darkreading.com)

Cyber cover still seen as “nice to have” despite threats (emergingrisks.co.uk)

76% of Companies Improved Their Cyber Defences to Qualify (globenewswire.com)

Nearly half of cyber professionals do not have the budget for adequate protection – Coalition | Insurance Times

DMARC: Why It's Moving from a Best Practice to Must-Have | Proofpoint US

UK midsize firms wary of cyber insurance: Coalition - Reinsurance News

IT Leaders Are Fifty-Fifty on Using GenAI For Cyber Security - Infosecurity Magazine (infosecurity-magazine.com)

Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organisations Report Cyber Breaches and Incidents (darkreading.com)

The four phases of emergency management | TechTarget

CISOs Reveal Firms Prioritize Savings Over Long-Term Security - Infosecurity Magazine (infosecurity-magazine.com)

How are cyber insurance claims shaping up for 2024? | Insurance Business America (insurancebusinessmag.com)

CISOs becoming more comfortable with risk levels - Help Net Security

CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed (darkreading.com)

Crafting a Robust Cloud Security Strategy in 2024 | MSSP Alert

US businesses struggle to obtain cyber insurance, lawmakers are told | CyberScoop

Cisco's enterprise firewall receives ‘caution’ rating from CyberRatings - SDxCentral

A proactive cyber security policy is not just smart — it’s essential (securityintelligence.com)

The dos and don’ts of gamified cyber security training - Security Boulevard

Benefits of dark web monitoring (techtarget.com)

Google's Naptime Framework to Boost Vulnerability Research with AI - Infosecurity Magazine (infosecurity-magazine.com)

A Watershed Moment for Threat Detection and Response (darkreading.com)

Creating a proactive incident response plan | Microsoft Security Blog

Building an incident response strategy in 2024 | ITPro

Conducting a Comprehensive Security Posture Assessment in 2024 (att.com)

Best practices for protection from ransomware in cloud storage | TechTarget

How to construct a cyber security policy that sits alongside AI (architecture.com)

Meet the Ransomware Negotiators (darkreading.com)

Cyber Security Report Examples (3 Common Styles) | UpGuard

Other News

We analysed the entire web and found a cyber security threat lurking in plain sight (theconversation.com)

UK's largest nuclear site denies being hacked but pleads guilty over cyber security failures (therecord.media)

Post Office expert IT witness Gareth Jenkins resigns BCS membership | Computer Weekly

Cyber Attacks: An Unseen State Of Emergency In Healthcare (forbes.com)

New cyber threat research for SMB in 2024 | Securelist

Is Defence Winning? A Look at Decades of Playing Catch Up (darkreading.com)

Beat the Heat and Cyber Threats this Summer | MSSP Alert

Cyber Europe 2024 tests resilience of EU Energy Sector (techmonitor.ai)

Hijacked spacecraft, hacked life support systems: the cyber risks of space | Cybernews

New Trends in Maritime Cyber Security in 2024 (maritime-executive.com)

Estimated cyber crime up almost 120 per cent in four years | The Herald (heraldscotland.com)

Japan's space agency struck by multiple cyber attacks, but officials say no sensitive data was taken - Washington Times

Windows 10 will get five years of additional support thanks to 0patch - Neowin

Cracking down on cybercrime: Who you gonna call? - Help Net Security

Inmarsat Maritime Whitepaper Recommends Holistic Approach To Cyber Security Ahead Of New Iacs Requirements (gcaptain.com)

Chemical Facilities Told of Possible Data Exfiltration in CISA Breach - Infosecurity Magazine (infosecurity-magazine.com)

Why cyber attack cases against journalists are increasing | WKMS

Securing the skies: IBS Software’s Alex Haynes on cyber security in air travel - Airport Technology (airport-technology.com)

Japan's Space Agency Was Hit by Multiple Cyber Attacks, but Officials Say No Sensitive Data Was Taken - SecurityWeek

How to navigate retail’s changing cyber threats | Retail Technology Review

Cyber Threats in Construction and Manufacturing: Securing your Organisation (att.com)

Cyber security for schools: What you need to know | Edexec

Nine ways construction companies can modernize and mitigate cyber risks | SC Media (scmagazine.com)

Vulnerability Management

75% of new vulnerabilities exploited within 19 days - Help Net Security

Google's Naptime Framework to Boost Vulnerability Research with AI - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerabilities

MOVEit Transfer Flaws Push Security Defence Into a Race With Attackers (darkreading.com)

Phoenix UEFI bug affects long list of Intel chip families • The Register

New attack uses MSC files and Windows XSS flaw to breach networks (bleepingcomputer.com)

Fresh MOVEit Bug Under Attack Mere Hours After Disclosure (darkreading.com)

VMware ESXi Flaw Allows Attackers to Bypass Authentication (cybersecuritynews.com)

MoveIt Transfer vulnerability targeted amid disclosure drama | TechTarget

New MOVEit Transfer critical bug is actively exploited (securityaffairs.com)

ESET Security Products - Windows Vulnerable Privilege Escalation (cybersecuritynews.com)

Chrome 126 Update Patches Memory Safety Bugs - SecurityWeek

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts (thehackernews.com)

US government tells some Pixel users to update their phones in 10 days or stop using them - PhoneArena

Plugins on WordPress.org backdoored in supply chain attack (bleepingcomputer.com)

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping (thehackernews.com)

Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released (bleepingcomputer.com)

WordPress Fights Off Malware Attack, 5 Plugins Infected | MSSP Alert

GitLab Security Updates Patch 14 Vulnerabilities - SecurityWeek

Windows 10 will get five years of additional support thanks to 0patch - Neowin

'Mirai-like' botnet observed attacking EOL Zyxel NAS devices • The Register

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 23/06/2024 Black Arrow Admin 23/06/2024

Black Arrow Cyber Threat Briefing 21 June 2024

Black Arrow Cyber Threat Intelligence Briefing 21 June 2024:

-Hackers Switch Focus to Cloud Apps for Data Theft, as Cloud Services Increasingly Seen as Huge Soft Target by Attackers

-The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe, 1 in 10 Email-Based Attacks are Now Business Email Compromise

-Regulatory Changes Are on the Horizon. Are Companies Ready?

-How Hackers Can Crack Your Password in an Hour

-US Bans Kaspersky Software, Citing National Security Risks

-Quarter of Firms Suffer an API-Related Breach

-More than 70% of Companies Increased Spending on Proactive Security

-The Resurgence of Major Data Breaches?

-Is Cyber Becoming a Primary Domain of Warfare?

-Cyber Threats Present Ever Greater Risks to International Peace and Security: UK Statement at UN Security Council

-Cyber Security and AI at Top of Risk List for UK Trustees

-Qilin: We Knew Our Synnovis Attack Would Cause a Healthcare Crisis at London Hospitals

-Ransomware Attacks Are Getting Worse

Governance, Risk and Compliance

Cyber security and AI at top of risk list for trustees, LCP says (professionalpensions.com)

Regulatory Changes Are on the Horizon. Are Companies Ready? (govinfosecurity.com)

More than 70% of companies increased spending on proactive security | Security Magazine

Regulators urged to promote cyber security investment - Risk.net

The Perilous Role of the CISO: Navigating Modern Minefields - SecurityWeek

Cyber security Deserves the Proverbial Seat at the Table (govinfosecurity.com)

Pressure mounts on CISOs as SEC bares teeth with legal action - Help Net Security

Why Regulated Industries are Turning to Military-Grade Cyber Defenses (thehackernews.com)

Cyber Security Burnout Crisis: Burnout in Next 12 Months (thehrdirector.com)

9 ways CSOs lose their jobs | CSO Online

Why Resilience Is More Than Just Cyber Security (inforisktoday.com)

How will the Merck settlement affect the insurance industry? (securityintelligence.com)

How Cyber Security Can Steer Organisations Toward Sustainability (darkreading.com)

Your firm's reputation depends on strong data security. Don't undervalue it - spectator.sme.sk

Closing the Readiness Gap: How to Ensure a Fast Recovery From the Inevitable Cyber Attack - Security Boulevard

Why Your Business Needs To Level Up Its Defence Life Cycle Management (forbes.com)

The High Cost of Downtime and How to Reduce It | MSSP Alert

Is it time to split the CISO role? | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

Scattered Spider hackers switch focus to cloud apps for data theft (bleepingcomputer.com)

Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating | Ars Technica

Ransomware Attacks Are Getting Worse | WIRED

Notorious cyber gang UNC3944 attacks vSphere and Azure • The Register

Why ransomware is still important to business resilience - IT Security Guru

UK Man Suspected of Being 'Scattered Spider' Leader Arrested - Security Week

What to do about the rise of unknown attack vectors in the ransomware playbook | SC Media (scmagazine.com)

Ransomware resurgence gives small businesses cause for concern | TechFinitive

The Financial Dynamics Behind Ransomware Attacks (securityaffairs.com)

Data breaches brought on by ransomware escalate. – Channel EYE

LockBit Ransomware Again Most Active - Real Attack Surge or Smokescreen? - Security Week

Ransomware attacks skyrocket, with LockBit 3.0 at the forefront - Exponential-e Blog

New ransomware over browser threat targets uploaded files (securityintelligence.com)

CISA warns of Windows bug exploited in ransomware attacks (bleepingcomputer.com)

Zero-Day Exploits and Ransomware Trends for 2024 (govinfosecurity.com)

How will the Merck settlement affect the insurance industry? (securityintelligence.com)

Qilin Ransomware: What You Need To Know | Tripwire

Linux version of RansomHub ransomware targets VMware ESXi VMs (bleepingcomputer.com)

Ransomware Victims

London hospitals postpone 1,600 operations and appointments after Russian cyber attack (newsbytesapp.com)

London Hospitals Knew of Cyber Vulnerabilities Years Before Hack (claimsjournal.com)

More than 100,000 patients ‘likely’ impacted by NHS cyber attack (holyrood.com)

London Ransomware Attack Led to 1500 Cancelled Ops and Appointments - Infosecurity Magazine (infosecurity-magazine.com)

Cyber criminals publish data from attack on NHS | UKAuthority

Change Healthcare to Start Notifying Customers Who Had Data Exposed in Cyber Attack - Security Week

512,000 radiology patient records accessed in cyber attack • The Register

Tally of victims reaches 100,000 in NHS cyber attack (thetimes.com)

Hackers demand $50M ransom payment from UK lab provider following hospital disruption - SiliconANGLE

Qilin has ‘no regrets’ over the healthcare crisis it caused • The Register

Don't blame us for people suffering - London hospital hackers - BBC News

Borders: NHS board warns patients over stolen personal details | The National

Cyber attack on a UK staffing company: a 'war story' - Osborne Clarke | Osborne Clarke

Hospital cyber attack turns deadly as drugs given to wrong patients - Washington Times

British Library to renew entire IT system as it reveals £1.6m cyber attack loss (civilsociety.co.uk)

Panera Bread likely paid a ransom in March ransomware attack (bleepingcomputer.com)

NHS boss says Scottish trust didn't meet attackers' demands • The Register

Cyber attack shuts down Israeli pharma company's distribution | Ctech (calcalistech.com)

Phishing & Email Based Attacks

The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe - Security Boulevard

Nigerian national faces prison for $1.5M phishing scam • The Register

Conversation hijacking up 70%, and 1 in 10 email-based attacks are now business email compromise (prnewswire.com)

Email threats are becoming more dangerous than ever — so keep an eye on your inbox | TechRadar

Worldwide 2023 Email Phishing Statistics and Examples | Trend Micro (US)

Your company needs a BEC policy and five other email security trends (betanews.com)

Malicious emails trick consumers into false election contributions - Help Net Security

Convicted BEC scammer could face over 100 years in prison (bitdefender.com)

Security bug allows anyone to spoof Microsoft employee emails | TechCrunch

Why You Shouldn't Unsubscribe From Spam Emails | HackerNoon

Cyber Criminals Target Trump Supporters with Donation Scams - Security Boulevard

Latest Cyber Insurance Policy Takes Aim at Phishing Attacks (inforisktoday.com)

BEC

The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe - Security Boulevard

Conversation hijacking up 70%, and 1 in 10 email-based attacks are now business email compromise (prnewswire.com)

Your company needs a BEC policy and five other email security trends (betanews.com)

Convicted BEC scammer could face over 100 years in prison (bitdefender.com)

Other Social Engineering

Cyber Criminals Turn to Multichannel Attacks—Alongside 'Quishing and 'Smishing'—to Dupe Targets | Corporate Counsel (law.com)

Notorious cyber gang UNC3944 attacks vSphere and Azure • The Register

Malware peddlers love this one social engineering trick! - Help Net Security

Fake Google Chrome errors trick you into running malicious PowerShell scripts (bleepingcomputer.com)

92% of Orgs Hit by Credential Compromise from Social Engineering - Infosecurity Magazine (infosecurity-magazine.com)

Explained: Android overlays and how they are used to trick people | Malwarebytes

Cyber Criminals Target Trump Supporters with Donation Scams - Security Boulevard

Artificial Intelligence

Cyber threats will present an ever greater number of risks to international peace and security: UK statement at the UN Security Council - GOV.UK (www.gov.uk)

'Sleepy Pickle' Exploit Subtly Poisons ML Models (darkreading.com)

Tech Policy Expert Calls for Law Overhaul to Combat Deepfakes - Infosecurity Magazine (infosecurity-magazine.com)

Majority of cyber security professionals unable to identify deepfake attacks - Singapore News (theindependent.sg)

Criminals, too, see productivity gains from AI | CSO Online

AI’s impact on data privacy remains unclear - Help Net Security

Can governments turn AI safety talk into action? | ZDNET

Chinese firm sought to use UK university links to access AI for possible military use | Imperial College London | The Guardian

How to bypass ChatGPT restrictions (androidpolice.com)

Cyber Threat Intelligence Pros Assess AI Threats Readiness - Infosecurity Magazine (infosecurity-magazine.com)

Apple Intelligence Could Introduce Device Security Risks (darkreading.com)

How big is the AI threat to the cyber security of tech companies? | TechRadar

NIS2 Directive: Stronger EU Cyber Security in the AI era | News | GRC World Forums

Hallucinated Packages, Malicious AI Models, and Insecure AI-Generated Code - Security Boulevard

Microsoft's Recall changes might be too little, too late | TechTarget

Meta Pauses AI Training on EU User Data Amid Privacy Concerns (thehackernews.com)

CISA leads first tabletop exercise for AI cyber security | CyberScoop

AI is not a magic wand – it has built-in problems that are difficult to fix and can be dangerous (theconversation.com)

How AI lies, cheats, and grovels to succeed - and what we need to do about it | ZDNET

2FA/MFA

The absence of multi factor authentication led to the Medibank hack, regulator alleges - ABC News

Medibank breach: Security failures revealed (lack of MFA among them) - Help Net Security

Scathing report on Medibank cyber attack highlights unenforced MFA (bleepingcomputer.com)

'ONNX' MFA Bypass Targets Microsoft 365 Accounts (darkreading.com)

Malware

Hackers have found a clever way to use emojis in their attacks — but it’s not what you think | Tom's Guide (tomsguide.com)

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor (thehackernews.com)

The art of concealment: how hackers hide malware | Cybernews

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining (thehackernews.com)

New ransomware over browser threat targets uploaded files (securityintelligence.com)

Clever macOS malware delivery campaign targets cryptocurrency users - Help Net Security

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration (thehackernews.com)

NiceRAT Malware Targets South Korean Users via Cracked Software (thehackernews.com)

Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework | Trend Micro (US)

Mobile

Explained: Android overlays and how they are used to trick people | Malwarebytes

Internet of Things – IoT

IoT password ban a start, but admins can’t afford to wait for regulators | TechRadar

Data Breaches/Leaks

Blackbaud must pay $6.75 million, improve security after lying about scope of 2020 hack (therecord.media)

Hackers Demand as Much as $5 Million From Snowflake Clients | Company Business News (livemint.com)

Cyber criminals publish data from attack on NHS | UKAuthority

Scathing report on Medibank cyber attack highlights unenforced MFA (bleepingcomputer.com)

The Resurgence of Major Data Breaches? - Security Boulevard

Insurance giant Globe Life investigating web portal breach (bleepingcomputer.com)

Truist Bank confirms breach after stolen data shows up on hacking forum (bleepingcomputer.com)

More than 100,000 patients ‘likely’ impacted by NHS cyber attack (holyrood.com)

Total Fitness database exposed 474k member and staff images • The Register

Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED

Dark-web kingpin puts 'stolen' internal AMD data up for sale • The Register

AMD Investigates Possible Breach Amid Hacker’s Sale of Company Data (pcmag.com)

Optus cyber attack could have been prevented four years prior, says telecoms watchdog - ABC News

T-Mobile denies it was hacked, links leaked data to vendor breach (bleepingcomputer.com)

Threat actor claims to have breached Apple, allegedly stealing source code of several internal tools - 9to5Mac

Threat Actor Claims AMD and Apple Breaches - Infosecurity Magazine (infosecurity-magazine.com)

Change Healthcare to Start Notifying Customers Who Had Data Exposed in Cyber Attack - Security Week

512,000 radiology patient records accessed in cyber attack • The Register

Coding error in forgotten API blamed for massive data breach • The Register

Panera Notifies Employees of Compromised Data (darkreading.com)

Los Angeles Public Health Department Discloses Large Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

Cyber Attack Exposes Freelancer Personal Data - Freelance Informer

Hackers Derail Amtrak Guest Rewards Accounts in Breach (darkreading.com)

Organised Crime & Criminal Actors

UK Man Suspected of Being 'Scattered Spider' Leader Arrested - Security Week

Are We Turning the Corner in the Fight Against Cyber Crime? It’s Complicated. - Security Boulevard

Convicted BEC scammer could face over 100 years in prison (bitdefender.com)

Microsoft hacker avoids jail over multiple cyber attacks - BBC News

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining (thehackernews.com)

Clever macOS malware delivery campaign targets cryptocurrency users - Help Net Security

"Researchers" exploit Kraken exchange bug, steal $3 million in crypto (bleepingcomputer.com)

Insider Risk and Insider Threats

The Rise of the Outside Insider Threat | AFCEA International

Former IT employee gets 2.5 years for wiping 180 virtual servers (bleepingcomputer.com)

10 Ways Employees Are Sabotaging Your Cyber Security Stance (informationweek.com)

Want To Stop Cyber Attacks? Start With The Human Edge (forbes.com)

Insurance

Latest Cyber Insurance Policy Takes Aim at Phishing Attacks (inforisktoday.com)

How will the Merck settlement affect the insurance industry? (securityintelligence.com)

Supply Chain and Third Parties

Blackbaud must pay $6.75 million, improve security after lying about scope of 2020 hack (therecord.media)

Hackers Demand as Much as $5 Million From Snowflake Clients | Company Business News (livemint.com)

Hackers demand $50M ransom payment from UK lab provider following hospital disruption - SiliconANGLE

London Hospitals Knew of Cyber Vulnerabilities Years Before Hack (claimsjournal.com)

Cyber attacks on London's hospitals affect 800 planned operations - BBC News

Tally of victims reaches 100,000 in NHS cyber attack (thetimes.com)

Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED

T-Mobile denies it was hacked, links leaked data to vendor breach (bleepingcomputer.com)

Cloud/SaaS

Cyber Criminals Turn to Multichannel Attacks—Alongside 'Quishing and 'Smishing'—to Dupe Targets | Corporate Counsel (law.com)

The Huge Threat Posed by Increased Targeting of Cloud Services - Infosecurity Magazine (infosecurity-magazine.com)

Scattered Spider hackers switch focus to cloud apps for data theft (bleepingcomputer.com)

Hackers Demand as Much as $5 Million From Snowflake Clients | Company Business News (livemint.com)

Notorious cyber gang UNC3944 attacks vSphere and Azure • The Register

Microsoft admits no guarantee of sovereignty for UK policing data | Computer Weekly

The rise of SaaS security teams - Help Net Security

The Annual SaaS Security Report: 2025 CISO Plans and Priorities (thehackernews.com)

Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED

'ONNX' MFA Bypass Targets Microsoft 365 Accounts (darkreading.com)

The NCSC’s Take on SaaS - Adaptive Shield (adaptive-shield.com)

Encryption

Stop playing games with online security, Signal president warns EU lawmakers | TechCrunch

Signal, MEPs urge EU Council to drop encryption-eroding law • The Register

Linux and Open Source

New Linux malware is controlled through emojis sent from Discord (bleepingcomputer.com)

New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (bleepingcomputer.com)

Linux version of RansomHub ransomware targets VMware ESXi VMs (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

What is a password spraying attack? | Proton

Scathing report on Medibank cyber attack highlights unenforced MFA (bleepingcomputer.com)

Hackers can crack 59% of passwords in an hour | Kaspersky official blog

92% of Orgs Hit by Credential Compromise from Social Engineering - Infosecurity Magazine (infosecurity-magazine.com)

Criminals are Easily Bypassing Passkeys – How Organisations Can Stay Safe - Security Boulevard

Social Media

Why Trading Privacy for 'Free' Web Services Must End (darkreading.com)

4 ways oversharing on social media puts your privacy at risk | TechRadar

New Linux malware is controlled through emojis sent from Discord (bleepingcomputer.com)

Hackers have found a clever way to use emojis in their attacks — but it’s not what you think | Tom's Guide (tomsguide.com)

US surgeon general wants social media warning labels - BBC News

Meta Pauses AI Training on EU User Data Amid Privacy Concerns (thehackernews.com)

Malvertising

Google Chrome Will Track You For The Next 200 Days—Then It May Get Worse (forbes.com)

Training, Education and Awareness

Want To Stop Cyber Attacks? Start With The Human Edge (forbes.com)

Regulations, Fines and Legislation

Blackbaud must pay $6.75 million, improve security after lying about scope of 2020 hack (therecord.media)

Regulatory Changes Are on the Horizon. Are Companies Ready? (govinfosecurity.com)

Regulators urged to promote cyber security investment - Risk.net

UK organisations are confident they will meet the NIS 2 compliance timeline | The Independent

Pressure mounts on CISOs as SEC bares teeth with legal action - Help Net Security

Why Regulated Industries are Turning to Military-Grade Cyber Defences (thehackernews.com)

Can governments turn AI safety talk into action? | ZDNET

NIS2 Directive: Stronger EU Cyber Security in the AI era | News | GRC World Forums

The absence of multi factor authentication led to the Medibank hack, regulator alleges - ABC News

Signal, MEPs urge EU Council to drop encryption-eroding law • The Register

SEC cyber security filings on the rise as new reporting rules bite | ITPro

Models, Frameworks and Standards

Why NIS2 is set to become a ‘cornerstone’ of cyber security (siliconrepublic.com)

Careers, Working in Cyber and Information Security

Most cyber security pros took time off due to mental health issues - Help Net Security

The Perilous Role of the CISO: Navigating Modern Minefields - Security Week

Navigating the Cyber Security Hiring Trenches: Challenges, Realities, and Paths Forward | HackerNoon

To Address Burnout, Cyber Security Must Learn to Tolerate Failure (informationweek.com)

Cyber security burnout is costing US enterprises over $620 million a year (techinformed.com)

Effectively upskilling cyber security professionals to help close the skills gap | CSO Online

Cyber Security Burnout Crisis: Burnout in Next 12 Months (thehrdirector.com)

Cyber Security workers are increasingly working over the weekends — and many are ready to quit | TechRadar

9 ways CSOs lose their jobs | CSO Online

Making the Move From Tech Expert to Cyber Security Leader (inforisktoday.com)

Survey Finds Growing Number of Tech Tools Makes Cyber Security Professionals Feel “Out of Control” - IT Security Guru

Is it time to split the CISO role? | CSO Online

ISC2/CIISec Tips on Recruitment, Retention in Cyber Security (govinfosecurity.com)

Law Enforcement Action and Take Downs

Nigerian national faces prison for $1.5M phishing scam • The Register

Former IT employee gets 2.5 years for wiping 180 virtual servers (bleepingcomputer.com)

UK Man Suspected of Being 'Scattered Spider' Leader Arrested - Security Week

Suspected dark-web Empire Market admins charged in the US • The Register

Two Men Plead Guilty to Hacking Law Enforcement Database for Doxing - Security Week

Convicted BEC scammer could face over 100 years in prison (bitdefender.com)

Rogue IT director pleads guilty to $2.1M scam charges • The Register

Sellafield pleads guilty to criminal charges over cyber security failings (yahoo.com)

Microsoft hacker avoids jail over multiple cyber attacks - BBC News

Misinformation, Disinformation and Propaganda

Addressing Misinformation in Critical Infrastructure Security (darkreading.com)

ISIS Created Fake CNN and Al Jazeera Broadcasts | WIRED

US election official: ‘Whack-a-mole’ strategies less effective to combat disinfo | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Is Cyber Becoming a Primary Domain of Warfare? (inforisktoday.com)

Nation State Actors

China

Chinese Threats Aim for Government Sector - Security Boulevard

British army delays King Charles cap badges over China spying fears (ft.com)

Bug Bounty Programs, Hacking Contests Power China's Cyber Offense (darkreading.com)

Chinese firm sought to use UK university links to access AI for possible military use | Imperial College London | The Guardian

China's 'Velvet Ant' APT Nests Inside Multiyear Espionage Effort (darkreading.com)

China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices (thehackernews.com)

Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021 (thehackernews.com)

Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework | Trend Micro (US)

Russia

ICC probes cyber attacks in Ukraine as possible war crimes, sources say | Reuters

Russia May Have Committed War Crimes by Hacking Ukraine's Critical Infrastructure, ICC Starts Probe | Tech Times

US Bans Kaspersky Software, Citing National Security Risks (thehackernews.com)

The Rise of the Outside Insider Threat | AFCEA International

Espionage and cyber attack threat reaches new dimension in Germany, interior minister warns – POLITICO

France wants to remind you of Russia’s threat to democracy • The Register

Poland points to Russian hackers in disruption of Euro 2024 broadcast (therecord.media)

Sweden says Russia is interfering with Nordic satellites • The Register

USA and G7 to increase cyber security of their energy sector / The New Voice of Ukraine (nv.ua)

Russians report some outages on bank apps after cyber attack, says Kommersant daily (yahoo.com)

Iran

Germany Warns of Growing Espionage, Cyber Threats from Iran | Iran International (iranintl.com)

North Korea

NiceRAT Malware Targets South Korean Users via Cracked Software (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

ISIS Created Fake CNN and Al Jazeera Broadcasts | WIRED

Hamas Hackers Sling Stealthy Spyware Across Egypt, Palestine (darkreading.com)

Tools and Controls

More than 70% of companies increased spending on proactive security | Security Magazine

Get your legal ducks in a row to contain a crisis - Katy MacAskill (scotsman.com)

The importance of collaborating AI with human expertise (securitybrief.co.nz)

Edge Devices: The New Frontier for Mass Exploitation Attacks - Security Week

Report Reveals Record Exploitation Rate For Load Balancers - Infosecurity Magazine (infosecurity-magazine.com)

Your company needs a BEC policy and five other email security trends (betanews.com)

The rise of SaaS security teams - Help Net Security

The Software Licensing Disease Infecting Our Nation's Cyber Security (darkreading.com)

Massachusetts 911 Outage Caused by Errant Firewall - Security Week

How Cyber Security Can Steer Organisations Toward Sustainability (darkreading.com)

How A Cyber Security Audit Can Identify Risk of Compromise | HealthLeaders Media

Defending your ever-changing attack surface - IT Security Guru

US, Allies Publish Guidance on Securing Network Access - Security Week

Want To Stop Cyber Attacks? Start With The Human Edge (forbes.com)

Closing the Readiness Gap: How to Ensure a Fast Recovery From the Inevitable Cyber Attack - Security Boulevard

Microsoft 365's Security Gaps: Logging and Beyond (govinfosecurity.com)

How to create your cyber security "Google Maps": A step-by-step guide for security teams - Help Net Security

A young cyber market has matured, but enhancing preparedness and resilience is key: Kreuzer, Munich Re - Reinsurance News

From Reactive to Proactive Threat Hunting - GovInfoSecurity

Cyber Security Practices For Remote Working - TechRound

Survey Finds Growing Number of Tech Tools Makes Cyber Security Professionals Feel “Out of Control” - IT Security Guru

Tabletop exercises are headed to the next frontier: Space (talosintelligence.com)

What Will the Next-Gen of Security Tools Look Like? | HackerNoon

The NCSC’s Take on SaaS - Adaptive Shield (adaptive-shield.com)

Tool Overload: Why MSPs Are Still Drowning with Countless Cyber Security Tools in 2024 (thehackernews.com)

Reports Published in the Last Week

Report urges extending scope of cyber security measures | UKAuthority

Stephen McPartland MP - Final report and 16 recommendations of the McPartland Review into Cyber Security as an enabler of Economic Growth below (stephen-mcpartland.com)

240528_McPartland_Review.pdf (stephen-mcpartland.com)

National Cyber Resilience Advisory Board (NCRAB) minutes: March 2024 - gov.scot (www.gov.scot)

The Annual SaaS Security Report: 2025 CISO Plans and Priorities (thehackernews.com)

Other News

Cyber threats will present an ever greater number of risks to international peace and security: UK statement at the UN Security Council - GOV.UK (www.gov.uk)

The importance of collaborating AI with human expertise (securitybrief.co.nz)

Report urges extending scope of cyber security measures | UKAuthority

What is the current state of Security Culture in Europe? | TechRadar

Cyber attack shuts down Israeli pharma company's distribution | Ctech (calcalistech.com)

Sellafield pleads guilty to criminal charges over cyber security failings (yahoo.com)

How resilient is UK Critical National Infrastructure to cyber attack? - Committees - UK Parliament

Microsoft 365's Security Gaps: Logging and Beyond (govinfosecurity.com)

Massachusetts 911 Outage Caused by Errant Firewall - Security Week

Cyber security - what GP practices need to know to protect themselves - Management In PracticeManagement In Practice

Microsoft 'accepts responsibility' for cyber security failures, top exec says (qz.com)

Microsoft was slammed for its lax cyber security practices after a series of breaches — now it plans to cut executive bonuses if they don't improve standards | ITPro

What Does the Future of Cyber Security in Space Look Like? (govtech.com)

Space: The Final Frontier for Cyber Attacks (darkreading.com)

A new fear for CSOs: The sky is falling | CSO Online

The Software Licensing Disease Infecting Our Nation's Cyber Security (darkreading.com)

Cyber Security Challenges For UK Private Bankers - TechRound

New maritime cyber security body launches - Port Technology International

Process and Control Today | New Study Finds Cyber Security as Top Concern Among Automotive Manufacturers (pandct.com)

Vietnam's internet again in trouble as 3/5 sub cables cut • The Register

Cyber Attack Hits Software Provider for Car Dealers Across the US (claimsjournal.com)

Improving OT cyber security remains a work in progress - Help Net Security

Microsoft is in trouble | Digital Trends

Vulnerability Management

The Ultimate Guide to Troubleshooting Vulnerability Scan Failures - Security Boulevard

Zero-Day Exploits and Ransomware Trends for 2024 (govinfosecurity.com)

Vulnerabilities

Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating | Ars Technica

New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now (forbes.com)

Arm Memory Tag Extensions broken by speculative execution • The Register

VMware by Broadcom warns of critical vCenter flaws • The Register

Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft (darkreading.com)

Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability - Security Week

CISA warns of Windows bug exploited in ransomware attacks (bleepingcomputer.com)

Security Researchers Expose Critical Flaw in Ivanti Software (databreachtoday.co.uk)

New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (bleepingcomputer.com)

Dark-web kingpin puts 'stolen' internal AMD data up for sale • The Register

AMD Investigates Possible Breach Amid Hacker’s Sale of Company Data (pcmag.com)

Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition - Security Week

Fortinet, Ivanti zero-day victims face evolved persistence by the espionage actor | CSO Online

SolarWinds Serv-U path traversal flaw actively exploited in attacks (bleepingcomputer.com)

Atlassian fixed six high-severity bugs in Confluence (securityaffairs.com)

ASUS fixed critical remote authentication bypass bug in several routers (securityaffairs.com)

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 19/06/2024 Black Arrow Admin 19/06/2024

Black Arrow Cyber Advisory 19 June 2024 – Critical VMware vCenter Remote Code Execution and Privilege Escalation Vulnerability

Executive summary

Broadcom have released patches addressing three vulnerabilities affecting VMware vCenter. Two of the vulnerabilities are critical severity, allowing remote code execution (CVE-2024-37079 and CVE-2024-37080) the other which allows an attacker to gain admin privileges (CVE-2024-37081).

What’s the risk to me or my business?

If the vulnerabilities are successfully exploited this will allow an attacker to perform arbitrary remote code execution, and the other will allow a local authenticated user to gain admin privileges. All of the vulnerabilities if exploited could have a high impact on the confidentiality, integrity and availability of the organisations data on affected systems.

What can I do?

There is no evidence that the vulnerabilities are being exploited in the wild, however Black Arrow recommends applying the available patches for the vulnerability as soon as possible, further information can be found in the Broadcast advisory below.

Technical Summary

CVE-2024-37039 and CVE-2024-37080 – vCenter Server contains a heap-overflow vulnerability in the Distributed Computing Environment/Remote Procedure Call (DCERPC) protocol. These vulnerabilities allow an attacker to potentially perform arbitrary remote code execution by sending specially crafted network packets.

CVE-2024-37081 – vCenter contains multi local privilege escalation vulnerabilities due to misconfigurations of sudo. This allows an authenticated local user with non-administrative privileges to elevate to root (admin) privileges on vCenter Server Appliance.

Further information on the VMware advisory can be found here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

https://core.vmware.com/resource/vmsa-2024-0012-questions-answers#introduction

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 16/06/2024 Black Arrow Admin 16/06/2024

Black Arrow Cyber Threat Briefing 14 June 2024

Black Arrow Cyber Threat Intelligence Briefing 14 June 2024:

-Phishing Attacks Targeting US and European Organisations Double

-78% of People Use the Same Password Across Multiple Accounts

-IT Downtime Cuts Enterprise Profit by 9%

-Financial Services, The Golden Target for Cyber Criminals

-Forced-Labour Camps Fuel Billions of Dollars in Cyber Scams

-Why You Must Consider the Security Risks of BYOD

-Cyber Criminals Work Faster Than Ever

-IoT Vulnerabilities Skyrocket, Becoming Key Entry Point for Attackers

-Cyber Security Is a Boardroom Issue

-An Evolving Threat Landscape: A Battle Between Good and Evil, with Small Business Cyber Security Threats on the Rise

-Ransomware Gangs are Adopting “More Brutal” Tactics Amid Crackdowns

Governance, Risk and Compliance

The CEO Is Next (darkreading.com)

Cyber Security Is Now a Boardroom Issue - GovInfoSecurity

The Need for Enhancing Cyber Preparedness in Financial Institutions (finextra.com)

Financial Services, the golden target for cyber criminals (finextra.com)

IT downtime cuts enterprise profit by 9%, says study | CIO

Cyber board-level reps | Professional Security

5 cyber security risks and challenges in supply chain | TechTarget

Marsh Insurance: Volume of Cyber Insurance Claims Reaches New Heights (darkreading.com)

Small Business Cyber Security Threats on the Rise | Inc.com

CISO Strategies for Navigating Expanding Cyber Security Regulations (forbes.com)

What Tech Execs Can Learn From 2023’s Most Notable Cyber Security Breaches (forbes.com)

Assigning a Monetary Value to Cyber Risk | MSSP Alert

Cyber security governance: The reality of board member liability in cyber attacks, data breaches | ITWeb

4 Ways to Help a Security Culture Thrive (darkreading.com)

Cyber Security Crunch: Building Strong Data Security Programs with Limited Resources - Insights from Tech and Financial Services Sectors | Womble Bond Dickinson - JDSupra

Cloud migration expands the CISO role yet again - Help Net Security

Here’s how to create a security culture that adheres to the new SEC regs | SC Media (scmagazine.com)

How to Create a Cyber Risk Assessment Report (cybersaint.io)

Learning From Others' Gaps in the Wake of Major Attacks (inforisktoday.com)

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Is ‘More Brutal’ Than Ever in 2024 | WIRED

Ransomware tracker: The latest figures [June 2024] (therecord.media)

Unpacking The Ten Most Dangerous Ransomware Gangs (informationsecuritybuzz.com)

Ransomware Group Exploits PHP Vulnerability Days After Disclosure - Security Week

Police arrest Conti and LockBit ransomware crypter specialist (bleepingcomputer.com)

Black Basta Actors Exploited Windows 0day Privilege Vulnerability (cybersecuritynews.com)

Scattered Spider Now Affiliated with RansomHub Following BlackCat Exit - Infosecurity Magazine (infosecurity-magazine.com)

7K LockBit decryptors offered as FBI seeks trust, cooperation from victims | SC Media (scmagazine.com)

Why Akira could be the next big thing in ransomware • The Register

Should there be a total ban on ransom payments? (securityintelligence.com)

What to Do When Your Business Associate Suffers a Ransomware Attack | Dentons - JDSupra

Medical-Targeted Ransomware Is Breaking Records After Change Healthcare’s $22M Payout | WIRED

NHS issues urgent blood donation appeal after IT cyber attack leaves hospitals struggling to match patients (yahoo.com)

What Makes Healthcare a Prime Target for Ransomware? (govinfosecurity.com)

New Fog ransomware targets schools via hacked VPNs | TechRadar

Ransomware Victims

Hundreds of cancer patients hit by NHS cyber attack as thousands of appointments cancelled | The Independent

Christie's Says Ransomware Attack Impacts 45,000 People - Security Week

Ransomware Attack Targets Canada’s Largest School Board (bloomberglaw.com)

Cyber attack means Japanese site Niconico needs total rebuild • The Register

Phishing & Email Based Attacks

Phishing Attacks Targeting US and European Organisations Double - Infosecurity Magazine (infosecurity-magazine.com)

Look before you scan – the QR code scammers are phishing for business | John Naughton | The Guardian

More eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack (thehackernews.com)

New phishing toolkit uses PWAs to steal login credentials (bleepingcomputer.com)

Phishing emails abuse Windows search protocol to push malicious scripts (bleepingcomputer.com)

Ascension Attack Caused by Employee Downloading Malicious File - Infosecurity Magazine (infosecurity-magazine.com)

Most impersonated sectors, brands in phishing examined | SC Media (scmagazine.com)

BEC

Massachusetts town loses $445,000 in email scam | StateScoop

BEC attack comment | Professional Security

Other Social Engineering

How to Spot a SIM-Swap Attack (and What to Do Next) | Lifehacker

Protecting identity in a world of deepfakes and social engineering - Help Net Security

Cyber security pros change strategies to combat AI-powered threats - Help Net Security

Are older adults more vulnerable to scams? What psychologists have learned about who’s most susceptible, and when (theconversation.com)

As 'swatting' attacks rise, feds win rare prison sentence for Ashton Connor Garcia - Washington Times

CISA Warns Phone Scammers Are Impersonating its Staff - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

Cyber security pros change strategies to combat AI-powered threats - Help Net Security

Multiple ChatGPT instances work together to find and exploit security flaws — teams of LLMs tested by UIUC beat single bots and dedicated software | Tom's Hardware (tomshardware.com)

EmailGPT Exposed to Prompt Injection Attacks - Infosecurity Magazine (infosecurity-magazine.com)

The Double-Edged Sword of Generative AI - Infosecurity Magazine (infosecurity-magazine.com)

Chatham House Cyber 2024 - how AI creates new cyber security dimensions (diginomica.com)

How to spot a deepfake - Raconteur

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models (thehackernews.com)

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools - Security Week

Urgently needed: AI governance in cyber warfare - Help Net Security

Protecting identity in a world of deepfakes and social engineering - Help Net Security

GDPR turns six: Expert discusses AI impact - Help Net Security

The Emerging Ecosystem Dedicated to AI Accountability | Decipher (duo.com)

Elon Musk threatens to ban iPhones over OpenAI integration | Digital Trends

Microsoft’s Recall puts the Biden administration’s cyber credibility on the line | CyberScoop

2FA/MFA

Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign (thehackernews.com)

How scammers bypass 2FA | Securelist

Hackers Using OTP bots To Bypass Two-Factor Authentication (cybersecuritynews.com)

How to meet evolving MFA demands in the current threat landscape (bleepingcomputer.com)

Malware

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics (thehackernews.com)

One of Microsoft’s main markets is full of malware - Softonic

WarmCookie Gives Cyber Attackers New Backdoor for Initial Access (darkreading.com)

Why malware matters most: 6 ways to foil software threats faster - Security Boulevard

Cyber Criminals Employ PhantomLoader to Distribute SSLoad Malware (thehackernews.com)

Ascension Attack Caused by Employee Downloading Malicious File - Infosecurity Magazine (infosecurity-magazine.com)

Malicious VSCode extensions with millions of installs discovered (bleepingcomputer.com)

Hundreds of Russian organisations hit with infostealer campaign | SC Media (scmagazine.com)

Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS (thehackernews.com)

Mobile

How to Spot a SIM-Swap Attack (and What to Do Next) | Lifehacker

Two arrested in UK over fake cell tower smishing campaign • The Register

Why You Should Delete These 100 Dangerous Google Play Store Apps (forbes.com)

Apple Says iPhones Will Get Security Updates for at Least 5 Years - Security Week

Google Will Track Your Location For The Next 180 Days—Then It Stops

Security and privacy strategies for CISOs in a mobile-first world - Help Net Security

Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS (thehackernews.com)

Security and privacy settings in WhatsApp | Kaspersky official blog

Denial of Service/DoS/DDOS

Hacktivists target Irish websites in EU-wide cyber attacks (rte.ie)

DDoS attacks target EU political parties as elections begin (bleepingcomputer.com)

Pro-Russian hacker group claims responsibility for attempted cyber attacks on Irish websites (irishexaminer.com)

Ireland Hit by Coordinated Cyber Attacks: NCSC Mobilises Response | Cork Safety Alerts

Second Australian Rare Earths Producer Suffers Cyber Attack (bloomberglaw.com)

Internet of Things – IoT

Report: Network equipment most at risk of cyber attacks | SC Media (scmagazine.com)

Dangerous Liaisons: The Interaction Between Threat Actors and High-Risk Devices - Security Week

What Devices Pose the Highest Security Risk? Forescout Answers in New Research: The Riskiest Connected Devices in 2024 | Business Wire

IoT Vulnerabilities Skyrocket, Becoming Key Entry Point for Attackers - Infosecurity Magazine (infosecurity-magazine.com)

Data Breaches/Leaks

Hackers steal “significant volume” of data from hundreds of Snowflake customers | Ars Technica

Snowflake Cloud Accounts Felled by Rampant Credential Issues (darkreading.com)

Hotel Check-in Kiosks Expose Guest Data, Room Keys (darkreading.com)

Snowflake Is Working to Beef Up Security Controls as Firms Probe Breaches (yahoo.com)

23andMe data breach under investigation in UK and Canada (bleepingcomputer.com)

Pure Storage confirms data breach after Snowflake account hack (bleepingcomputer.com)

Cylance confirms the legitimacy of data offered for sale in the dark web (securityaffairs.com)

NYSE Parent Hit with $10M Fine for Failure to Report Cyber Breach | MSSP Alert

The mystery of an alleged data broker’s data breach | TechCrunch

Tile hacked: Customer data and internal tools accessed by hacker (bgr.com)

Student's flimsy bin bags blamed for latest NHS data breach • The Register

Frontier says 750,000 Social Security numbers accessed during April cyber attack (therecord.media)

'New York Times source code' leaks online via 4chan • The Register

Threat Actor Claims to Leak 270GB of New York Times Data - Infosecurity Magazine (infosecurity-magazine.com)

Christie's Says Ransomware Attack Impacts 45,000 People - Security Week

White House report details all of 2023’s major gov breaches • The Register

Organised Crime & Criminal Actors

How Cyber Crime Empires Are Built (darkreading.com)

Scattered Spider Now Affiliated with RansomHub Following BlackCat Exit - Infosecurity Magazine (infosecurity-magazine.com)

Cyber crime suspects often young, increasingly armed: Dutch police | NL Times

Forced-Labor Camps Fuel Billions of Dollars in Cyber Scams (darkreading.com)

Cyber criminals work faster than ever | Professional Security

16-year-old arrested in France in connection with high-profile Epsilon hacking group attacks (bitdefender.com)

22 Chinese nationals sentenced to long prison terms in Zambia for multinational cyber crimes | AP News

As 'swatting' attacks rise, feds win rare prison sentence for Ashton Connor Garcia - Washington Times

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters (thehackernews.com)

Insurance

Marsh Insurance: Volume of Cyber Insurance Claims Reaches New Heights (darkreading.com)

The Big Question: Is the cyber market becoming too soft for the risks it writes? - Emerging Risks Media Ltd

Supply Chain and Third Parties

Hackers steal “significant volume” of data from hundreds of Snowflake customers | Ars Technica

Hundreds of cancer patients hit by NHS cyber attack as thousands of appointments cancelled | The Independent

5 cyber security risks and challenges in supply chain | TechTarget

A Third-Party Risk Management Lifecycle for Cyber Security | UpGuard

Snowflake Cloud Accounts Felled by Rampant Credential Issues (darkreading.com)

Ransomware attack on England's health system highlights life-threatening impact of cyber crime | CBC News

Pure Storage confirms data breach after Snowflake account hack (bleepingcomputer.com)

What to Do When Your Business Associate Suffers a Ransomware Attack | Dentons - JDSupra

Cloud/SaaS

Hackers steal “significant volume” of data from hundreds of Snowflake customers | Ars Technica

Snowflake Cloud Accounts Felled by Rampant Credential Issues (darkreading.com)

Snowflake Is Working to Beef Up Security Controls as Firms Probe Breaches (yahoo.com)

Pure Storage confirms data breach after Snowflake account hack (bleepingcomputer.com)

A CISO game plan for cloud security | InfoWorld

Why SaaS Security is Suddenly Hot: Racing to Defend and Comply (thehackernews.com)

Cloud migration expands the CISO role yet again - Help Net Security

Compatibility with UK laws and shared responsibility: MoD sets cloud security controls for suppliers – PublicTechnology

Identity and Access Management

Protecting identity in a world of deepfakes and social engineering - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

78% of people use the same password across multiple accounts | Security Magazine

America’s Password Habits: 46% Report Having their Password Stolen Over the Last Year – Forbes Advisor

New phishing toolkit uses PWAs to steal login credentials (bleepingcomputer.com)

Regulations, Fines and Legislation

Is a US Nationwide Privacy Law Really Coming? (darkreading.com)

NYSE Parent Hit with $10M Fine for Failure to Report Cyber Breach | MSSP Alert

CISO Strategies For Navigating Expanding Cyber Security Regulations (forbes.com)

Google faces GDPR complaint over Privacy Sandbox • The Register

GDPR turns six: Expert discusses AI impact - Help Net Security

Here’s how to create a security culture that adheres to the new SEC regs | SC Media (scmagazine.com)

Data Protection

Is a US Nationwide Privacy Law Really Coming? (darkreading.com)

Careers, Working in Cyber and Information Security

Cyber Security Job Hunting May Come Down to Certifications (darkreading.com)

Cyber Security CPEs: Unraveling the What, Why & How (thehackernews.com)

The US cyber security industry needs an estimated 225,200 workers | Security Magazine

Preparing for a career in cyber security? Check out these statistics - Help Net Security

Strategies to Manage and Reduce Alert Fatigue in SOCs - IT Security Guru

70% of Cyber Security Pros Often Work Weekends - Infosecurity Magazine (infosecurity-magazine.com)

The risk of a thousand paper cuts – the human-centred problem seen with stress and burnout in cyber security (techuk.org)

Men’s Mental Health Week: Resource Guide - IT Security Guru

Law Enforcement Action and Take Downs

Police arrest Conti and LockBit ransomware crypter specialist (bleepingcomputer.com)

16-year-old arrested in France in connection with high-profile Epsilon hacking group attacks (bitdefender.com)

Misinformation, Disinformation and Propaganda

Russia Is Targeting Germany With Fake Information as Europe Votes | WIRED

Switzerland encounters rise in cyber attacks and disinformation prior to upcoming Ukraine summit (kyivindependent.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

Increasing Cyber Threats from China: What Business Leaders Need to Know | American Enterprise Institute - AEI

"Epoch-Defining" Challenge! China Weaponizing Civilian Hackers Via MCF Program Creates 'Typhoon' In The West (eurasiantimes.com)

Chinese hackers breached 20,000 FortiGate systems worldwide (bleepingcomputer.com)

Chinese cyber espionage campaign targets ‘dozens’ of Western governments, Dutch officials say | CyberScoop

Noodle RAT Reviewing the New Backdoor Used by Chinese-Speaking Groups | Trend Micro (US)

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics (thehackernews.com)

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale (thehackernews.com)

The new front in China’s cyber campaign against America (economist.com)

Kaspersky Finds 24 Flaws in Chinese Biometric Hardware Provider - Infosecurity Magazine (infosecurity-magazine.com)

22 Chinese nationals sentenced to long prison terms in Zambia for multinational cyber crimes | AP News

Russia

Microsoft Says Russia 'More Aggressive' In Cyber Space (rferl.org)

bne IntelliNews - Russian cyberwar against Ukraine and the West

Switzerland encounters rise in cyber attacks and disinformation prior to upcoming Ukraine summit (kyivindependent.com)

NATO to take tougher action on Russian spies, says Stoltenberg – POLITICO

'Sticky Werewolf' APT Stalks Aviation Sector (darkreading.com)

Pro-Russia cyber attack targets Netherlands parties on first day of European elections - JURIST - News

Pro-Russian hacker group claims responsibility for attempted cyber attacks on Irish websites (irishexaminer.com)

Russia Is Targeting Germany With Fake Information as Europe Votes | WIRED

The Paris Olympic games will likely present a high cyber risk | Security Magazine

Hundreds of Russian organisations hit with infostealer campaign | SC Media (scmagazine.com)

Putin's subs have exposed Ireland's shameless hypocrisy (telegraph.co.uk)

Tools and Controls

CISOs may be too reliant on EDR/XDR defenses | CSO Online

How to conduct an API risk assessment and improve security | TechTarget

A Third-Party Risk Management Lifecycle for Cyber Security | UpGuard

What is ELINT (electronic intelligence)? | Definition from TechTarget

9 out of 10 businesses seek AI-led threat detection and vulnerability management - IT Security Guru

What is IT incident management? | Definition from TechTarget

Strategies to Manage and Reduce Alert Fatigue in SOCs - IT Security Guru

A CISO game plan for cloud security | InfoWorld

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale (thehackernews.com)

Why SaaS Security is Suddenly Hot: Racing to Defend and Comply (thehackernews.com)

Marsh Insurance: Volume of Cyber Insurance Claims Reaches New Heights (darkreading.com)

Windows Security vs. Microsoft Defender: Important differences you should know | PCWorld

Assigning a Monetary Value to Cyber Risk | MSSP Alert

20 Questions To Assess Cyber Security Risks Within An Organisation (forbes.com)

Top 10 Critical Pentest Findings 2024: What You Need to Know (thehackernews.com)

Modern fraud detection need not rely on PII - Help Net Security

How to meet evolving MFA demands in the current threat landscape (bleepingcomputer.com)

The Big Question: Is the cyber market becoming too soft for the risks it writes? - Emerging Risks Media Ltd

How Enterprise Browsers Enhance Security and Efficiency (inforisktoday.com)

What is communications intelligence (COMINT)? | Definition from TechTarget

Cyber Security Consolidation Ahead: Tool Sprawl Rolls Up to Platforms | MSSP Alert

AI cyber security solutions detect ransomware in under 60 seconds (securityintelligence.com)

Why CISOs need to build cyber fault tolerance into their business - Help Net Security

What Is Attack Path Mapping? - TechRound

How PE Firm CFOs Cost-Effectively Manage Cyber Risk | Kovrr - Security Boulevard

How to Create a Cyber Risk Assessment Report (cybersaint.io)

Other News

Collaboration is Key to an Effective Security Culture - Infosecurity Magazine (infosecurity-magazine.com)

Microsoft president to testify about security lapses - Security - iTnews

Cyber attacks are hitting research institutions — with devastating effects (nature.com)

After Recall's mess, Microsoft isn't beating the security loopholes allegation any time soon - MSPoweruser

Introducing SMEs to cyber security (admin.ch)

Beware of these 7 new hacker tricks — and how to protect yourself | PCWorld

Microsoft Ignored Whistleblower Warnings Before SolarWinds Attack (pcmag.com)

Why CISOs need to build cyber fault tolerance into their business - Help Net Security

How to combat cyber threats and secure democracy in the digital age (federaltimes.com)

New Tallinn Paper focuses on Cyber Diplomacy Concepts and Practices

'I just don’t trust what you’re saying': Lawmakers grill Microsoft executive on cyber lapses - POLITICO

Microsoft in damage-control mode, says it will prioritize security over AI | Ars Technica

Microsoft now says employees will be graded on their cyber security contributions - Neowin

How PE Firm CFOs Cost-Effectively Manage Cyber Risk | Kovrr - Security Boulevard

Navigating cyber risk in the manufacturing sector | Retail Technology Review

5 Cost-Effective Cyber Security Tips To Boost Startup EBITDA (forbes.com)

Cyber Attacks on Higher Ed Rose Dramatically Last Year, Report Shows | EdTech Magazine

Vulnerability Management

9 out of 10 businesses seek AI-led threat detection and vulnerability management - IT Security Guru

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools - Security Week

Solving the systemic problem of recurring vulnerabilities - Help Net Security

AI’s role in accelerating vulnerability management - Help Net Security

Vulnerabilities

Exploit for critical Veeam auth bypass available, patch now (bleepingcomputer.com)

Exploit for Veeam Recovery Orchestrator auth bypass available, patch now (bleepingcomputer.com)

Chinese hackers breached 20,000 FortiGate systems worldwide (bleepingcomputer.com)

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs (bleepingcomputer.com)

Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities - Security Week

PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager (darkreading.com)

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) - Help Net Security

Cisco fixes WebEx flaw after government comms exposed • The Register

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution (thehackernews.com)

Nvidia Patches High-Severity GPU Driver Vulnerabilities - Security Week

JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens (bleepingcomputer.com)

Ransomware Group Exploits PHP Vulnerability Days After Disclosure - Security Week

Black Basta Actors Exploited Windows 0day Privilege Vulnerability (cybersecuritynews.com)

Google patches 50 Pixel security flaws, including one hackers are using in their attacks — update your phone now | Tom's Guide (tomsguide.com)

Multiple flaws in Fortinet FortiOS fixed (securityaffairs.com)

Netgear WNR614 flaws allow device takeover, no fix available (bleepingcomputer.com)

Adobe Plugs Code Execution Holes in After Effects, Illustrator - Security Week

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 13/06/2024 Black Arrow Admin 13/06/2024

Black Arrow Cyber Advisory 13 June 2024 – Microsoft Patches Critical RCE Flaw and Zero-Click Vulnerability

Executive summary

Microsoft have released patches for a ‘critical’ remote code execution vulnerability (CVE-2024-30080) and a ‘high’ zero-click vulnerability (CVE-2024-30103) this week. The critical vulnerability allows an attacker to perform remote code execution by sending a specially crafted malicious Microsoft Message Queuing (MSMQ) technology packet to an MSMQ server. The zero-click vulnerability allows an attacker to bypass Outlook registry block lists and enable the creation of malicious files, which is initiated when an affected email is previewed in Outlook or opened.

What’s the risk to me or my business?

If the vulnerabilities are successfully exploited this will allow an attacker to perform arbitrary remote code execution, and the other will allow for malicious DLL files to be created. Both vulnerabilities if exploited could have a high impact on the confidentiality, integrity and availability of the organisations data on affected systems.

What can I do?

Black Arrow recommends applying the available patches for the vulnerability as soon as possible following their organisations update policies due to the severity.

Technical Summary

CVE-2024-30080 – This vulnerability allows an attacker to completely take over an affected server by sending a specially crafted malicious MSMQ packet to a MSMQ server, performing arbitrary remote code execution on the server side.

CVE-2024-30103 – This vulnerability allows an authenticated malicious actor using valid Exchange user credentials to bypass the Outlook registry block lists and enable the creation of malicious DLL files, allowing them to perform other malicious activities.

Further information on Microsoft Patches released this week can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Jun

Further information on the RCE vulnerability can be found here:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30080

Further information on the Zero-Click vulnerability can be found here:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-30103

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 12/06/2024 Black Arrow Admin 12/06/2024

Black Arrow Cyber Advisory 12 June 2024 – Fortinet FortiGate SSL VPN Vulnerability Leads to 20,000 Systems Being Breached by China Globally

Executive summary

The Dutch cyber security agency has recently State-sponsored threat actors backed by China have gained access to 20,000 Fortinet Fortigate systems globally between 2022 and 2023 through the Coathanger malware campaign. The vulnerability (CVE-2022-42475) allows a malicious actor to remotely execute malicious code. The Coathanger malware is persistent and remains on the devices even after reboots and firmware and software updates. While Fortinet silently released an update to fix this vulnerability in November 2022, they did not announce this until December 2022 in which during this time 14,000 devices were backdoored.

What’s the risk to me or my business?

The vulnerability in Fortinet’s products affected by this could pose a significant risk to your organisation. If exploited it could allow an attacker to remain in the product even after reboots and firmware updates. It also could allow an attacker to remotely execute malicious code. This could compromise the confidentiality, integrity, and availability of your organisation’s data

What can I do?

The vulnerability is difficult to identify and remove even if the patch has been installed to fix this vulnerability, indicators of compromise can be found in the link below. If you are unsure of what to do, please contact Black Arrow for further help and guidance.

Technical Summary

CVE-2022-42475: This is a heap-based buffer overflow vulnerability which may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

The affected products are:

· FortiOS version 7.2.0 through 7.2.2

· FortiOS version 7.0.0 through 7.0.8

· FortiOS version 6.4.0 through 6.4.10

· FortiOS version 6.2.0 through 6.2.11

· FortiOS version 6.0.0 through 6.0.15

· FortiOS version 5.6.0 through 5.6.14

· FortiOS version 5.4.0 through 5.4.13

· FortiOS version 5.2.0 through 5.2.15

· FortiOS version 5.0.0 through 5.0.14

· FortiOS-6K7K version 7.0.0 through 7.0.7

· FortiOS-6K7K version 6.4.0 through 6.4.9

· FortiOS-6K7K version 6.2.0 through 6.2.11

· FortiOS-6K7K version 6.0.0 through 6.0.14

· FortiProxy version 7.2.0 through 7.2.1

· FortiProxy version 7.0.0 through 7.0.7

· FortiProxy version 2.0.0 through 2.0.11

· FortiProxy version 1.2.0 through 1.2.13

· FortiProxy version 1.1.0 through 1.1.6

· FortiProxy version 1.0.0 through 1.0.7

Further information from the National Cyber Security Centre can be found here:

https://www.ncsc.nl/actueel/nieuws/2024/juni/10/aanhoudende-statelijke-cyberspionagecampagne-via-kwetsbare-edge-devices

Further information on the FortiGuard Advisory can be found here:

https://www.fortiguard.com/psirt/FG-IR-22-398

Further information on the Indicators of compromise can be found here:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Critical-vulnerability-Protect-against-heap-based/ta-p/239420

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 11/06/2024 Black Arrow Admin 11/06/2024

Black Arrow Cyber Advisory 11 June 2024 – Active exploitation of Check Point Zero-Day Vulnerability

Executive summary

Recent exploitation of Check Point VPN zero-days have been ramping up since the proof of concept was released to the public. The actively exploited zero-day (CVE2024-24919) has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog and could allow an attacker to access sensitive information on Check Point Security gateways and allow them to obtain admin privileges. Check Point have recently stated that it is thought exploitation to have begun in early April, however Checkpoint is not due to release any patches until 20 June.

What’s the risk to me or my business?

The vulnerability in Check Point’s products could pose a significant risk to your organisation. If exploited, it could potentially allow an attacker to access sensitive information from your Check Point Security Gateways. In some instances, the attacker might even gain domain admin privileges. This could compromise the confidentiality, integrity, and availability of your organisation’s data

What can I do?

Check Point have not released any patches for this vulnerability however they have released automatic interim preventative measures deployed through AutoUpdater utility. Black arrow recommends following Check Points advice, which can be found in their advisory linked below.

Technical Summary

CVE-2024-24919 - A path traversal vulnerability, which could allow an attacker to read any file on the system. No specific privilege level is required to exploit this vulnerability.

The affected products are:

· CloudGuard Network

· Quantum Maestro

· Quantum Scalable Chassis

· Quantum Security Gateways

· Quantum Spark Appliances

A security gateway is vulnerable if one of the configurations is applied:

· If the “IPSec VPN” blade has been enabled and the Security Gateway device is part of the “Remote Access” VPN community.

· If the “Mobile Access” blade has been enabled.

The advisory provided by Check Point can be found here:

https://support.checkpoint.com/results/sk/sk182336

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 09/06/2024 Black Arrow Admin 09/06/2024

Black Arrow Cyber Threat Briefing 07 June 2024

Black Arrow Cyber Threat Intelligence Briefing 07 June 2024:

-Urgent Training Gap Exposed as a Quarter of Organisations Provide No Cyber Training to End-Users

-UK SMEs Unaware of the True Cost of Cyber Attacks, Whilst 78% of SMBs Fear Cyber Attacks Could Shut Down Their Business

-Major Cyber Crime Networks Dismantled in US and Europe Deemed a Wake-Up Call for Businesses, Ransomware Rises Despite Law Enforcement Takedowns

-Companies Need to Be Aware of Cyber Risks Related to Proliferation of IoT, or How the Smart TV in your Office Could Infect Your Whole Business with Malware

-CISOs Are Facing a ‘Tsunami of Regulations’; Here’s Why It’s Crucial They Focus on Quantifying Cyber Risk

-90% of Threats are Social Engineering

-UK Businesses Faced with Month-Long Recoveries from Supply Chain Attacks

-Account Takeovers Outpace Ransomware as Top Security Concern

-The Impact of Legacy Vulnerabilities in Today's Cyber Security Landscape

-Nearly All FTSE 100 Companies Exposed to Third and Fourth-Party Breaches

-Snowflake Denies Breach, Blames Data Theft on Poorly Secured Customer Accounts

-97 percent of Security Experts Worry about AI Security Related Threats and Incidents

-85% of Managed Service and Security Providers Face “Significant” Challenges Maintaining Security Compliance for Clients

-Cyber Attack Causes Critical Incident in London Hospitals with Operations Cancelled and Emergency Patients Diverted

Governance, Risk and Compliance

78% of SMBs fear cyber attacks could shut down their business - Help Net Security

26% of organisations lack any form of IT security training - Help Net Security

Cyber attacks on financial services firms hit 20m people in 2023 - CIR Magazine

Small Firms Need to Stretch Security Budgets - Infosecurity Magazine (infosecurity-magazine.com)

CISOs are facing a ‘tsunami of regulations’ — here’s why it’s crucial they focus on quantifying cyber risk | ITPro

Microsoft: weak cyber defences set to hit economic growth (cityam.com)

How to Prove Security Effectiveness with a Cyber Security Board Report - Security Boulevard

Skills shortages exposing MSPs to security risks | Microscope (computerweekly.com)

85% of Managed Service and Security Providers Face “Significant” Challenges Maintaining Security Compliance for Clients, Apptega Survey Finds | Business Wire

Urgent training gap exposed as a quarter of organisations unprepared for cyber attacks, Hornetsecurity survey reveals (prnewswire.com)

Is your workplace ‘cyber savvy’? (siliconrepublic.com)

Governance Essentials for Businesses in the AI Era | News | GRC World Forums

49% of organisations feel somewhat prepared to handle a breach | Security Magazine

UK Businesses Face Month-Long Recoveries from Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Mastering Cyber Risk Quantification Methods: A Strategic Approach - Security Boulevard

Deciding cyber security spend: how much is enough? | Propertymark

Effective Incident Response: A Cyber Security Playbook for Executives - Security Boulevard

1/3 of CISOs in the UK ignore NCSC cyber security guidance (verdict.co.uk)

4 communication mistakes to avoid during a data breach - PR Daily

80 percent of organisations not ready for CISA rules on security practices (betanews.com)

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Rises Despite Law Enforcement Takedowns - Infosecurity Magazine (infosecurity-magazine.com)

Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools | Google Cloud Blog

Darknet site for Qilin gang, suspected in London hospitals ransomware attack, goes down (therecord.media)

With over 1.7 million employees, the UK's NHS has become a 'rinse-and-repeat target' for cyber criminals—disrupting services and risking lives | Fortune Europe

Account Takeovers Outpace Ransomware as Top Security Concern - Infosecurity Magazine (infosecurity-magazine.com)

RansomHub extortion gang linked to now-defunct Knight ransomware (bleepingcomputer.com)

RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks (darkreading.com)

FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out (bleepingcomputer.com)

New ransomware attack based on an evolutional generative adversarial network can evade security measures (techxplore.com)

Security industry has ransomware-as-a-service model wrong, says expert | SC Media (scmagazine.com)

Ransomware Ecosystem Transformed, New Groups “Changing the Rules” - Infosecurity Magazine (infosecurity-magazine.com)

'Fog' Ransomware Rolls in to Target Education, Recreation Sectors (darkreading.com)

New Gitloker attacks wipe GitHub repos in extortion scheme (bleepingcomputer.com)

Cyber insurance isn't the answer for ransom payments - Help Net Security

Linux version of TargetCompany ransomware focuses on VMware ESXi (bleepingcomputer.com)

What is ransomware? 7 things you must know before it's too late | PCWorld

Ransomware Victims

MediSecure in administration just weeks after confirming large cyber attack - ABC News

Former cyber security boss 'believes a Russian group' is behind the NHS 'major IT incident' (cityam.com)

A ransomware attack on Synnovis impacted several London hospitals (securityaffairs.com)

Darknet site for Qilin gang, suspected in London hospitals ransomware attack, goes down (therecord.media)

Wrongful death lawsuit alleges baby dies as a result of Springhill Medical Center’s negligence during cyber attack (fox10tv.com)

Consulting Firm Greylock Hit With Ransomware Attack Class Action (bloomberglaw.com)

RansomHub gang claims the hack of Frontier Communications (securityaffairs.com)

Christie's avoids leak of stolen data, is sold instead • The Register

FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out (bleepingcomputer.com)

Ransomware ravaged schools and cities in May | TechTarget

What If The Scathing UnitedHealth Cyber Rebuke Was Yours? (forbes.com)

Hack of UK Hospitals Highlights Growing Threat (itprotoday.com)

UK School Forced to Close Following Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

Ransomware Gang Leaks Data From Australian Mining Company - Security Week

Phishing & Email Based Attacks

90% of threats are social engineering - Help Net Security

AI Will Increase the Quantity—and Quality—of Phishing Scams - Schneier on Security

New V3B phishing kit targets customers of 54 European banks (bleepingcomputer.com)

AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)

Microsoft: The brand attackers love to imitate | CSO Online

AI fuels rise in attacks from ‘unsophisticated threat actors,’ federal cyber leaders say | FedScoop

Why your inbox is still so bad at blocking malware and spam - 9to5Mac

Phishing scams using QR codes are surging, here's what you should know | Tech News - Business Standard (business-standard.com)

The Art of Hooking the Phish: Educating Users Without Scaring Them (thefastmode.com)

BEC

90% of threats are social engineering - Help Net Security

US Authorities Attempting to Recover $5.3 Million Stolen in BEC Scam - Security Week

Other Social Engineering

Have you answered a spam call by accident? Your next move is extremely important

Artificial Intelligence

"China, Russia, North Korea and Iran are leveraging ChatGPT for their needs" | Ctech (calcalistech.com)

OpenAI report reveals threat actors using ChatGPT in influence operations | SC Media (scmagazine.com)

AI Will Increase the Quantity—and Quality—of Phishing Scams - Schneier on Security

AI vs. human deceit: Unravelling the new age of phishing tactics (securityintelligence.com)

97% of security experts worry about AI-related security incidents | Security Magazine

Coinbase's top cyber exec warns deepfake threat is growing | Fortune Crypto

Five AI-based threats security pros need to understand | SC Media (scmagazine.com)

AI fuels rise in attacks from ‘unsophisticated threat actors,’ federal cyber leaders say | FedScoop

Forrester report highlights 2024 IAM trends & AI impact (securitybrief.co.nz)

ChatGPT privacy tips: Two important ways to limit the data you share with OpenAI | ZDNET

AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform (thehackernews.com)

2FA/MFA

Snowflake’s Lack of MFA Control Leaves Companies Vulnerable, Experts Say (informationweek.com)

What is MFA bombing? Apple users were targeted using this phishing technique (securitybrief.co.nz)

Security keys unlock nothing but inconvenience (techmonitor.ai)

Malware

Hundreds of Snowflake customer passwords found online are linked to info-stealing malware | TechCrunch

FlyingYeti APT Serves Up Cookbox Malware Using WinRAR (darkreading.com)

Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (thehackernews.com)

Europol identifies 8 cyber criminals tied to malware loader botnets (bleepingcomputer.com)

Europol's Hunt Begins for Emotet Malware Mastermind (darkreading.com)

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware (thehackernews.com)

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks (thehackernews.com)

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File (darkreading.com)

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan (thehackernews.com)

Comms Business - Malware targeting endpoints on the rise, finds report

Non-mobile malware statistics, Q1 2024 | Securelist

Stealthier DarkGate malware campaign emerges | SC Media (scmagazine.com)

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected (thehackernews.com)

Mobile

The NSA advises you to turn your phone off and back on once a week - here's why | ZDNET

In case you missed it: Bank info-stealing malware found in 90+ Android apps with 5.5M installs | Mashable

Hackers Targeting 1,500 Banks and Their Customers in Push To Drain Accounts Across 60 Countries: Report - The Daily Hodl

37 Vulnerabilities Patched in Android - Security Week

361 million account credentials leaked on Telegram: Are yours among them? - Help Net Security

Android malware and unwanted software statistics for Q1 2024 | Securelist

Denial of Service/DoS/DDOS

Conflicts Drive DDoS Attacks Surge in EMEA - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

Companies Need to Be Aware of Cyber Risks Related to Proliferation of IoT (insurancejournal.com)

That smart TV in your office could be infecting your whole business with malware | TechRadar

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours (securityaffairs.com)

Data Breaches/Leaks

The Ticketmaster Data Breach May Be Just the Beginning | WIRED

Ticketmaster confirms massive breach after stolen data for sale online (bleepingcomputer.com)

Snowflake denies breach, blames data theft on poorly secured customer accounts - Help Net Security

Hundreds of Snowflake customer passwords found online are linked to info-stealing malware | TechCrunch

Snowflake account hacks linked to Santander, Ticketmaster breaches (bleepingcomputer.com)

Snowflake’s Lack of MFA Control Leaves Companies Vulnerable, Experts Say (informationweek.com)

The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever | WIRED

Santander hit by massive cyber attack: All staff and '30million' customers have personal data stolen by gang 'behind Ticketmaster hack' | Daily Mail Online

The Billericay School pupils have details exposed in cyber attack - BBC News

Crooks threaten to leak 2.9B records of personal info • The Register

Threat actor considers leaking 3B records from background check firm | SC Media (scmagazine.com)

Secrets Exposed in Hugging Face Hack - Security Week

Google's hidden logs detail thousands of privacy breaches - CyberGuy

Spanish police investigate whether hackers stole millions of drivers' data - CNA (channelnewsasia.com)

Blackbaud Class Action Lawsuit Denied by Federal Court | MSSP Alert

Ticketek customer details exposed in cyber security breach | Data and computer security | The Guardian

Club Penguin fans breached Disney Confluence server, stole 2.5GB of data (bleepingcomputer.com)

Check-in terminals used by thousands of hotels leak guest info (bleepingcomputer.com)

Debt Collector Data Breach Exposes Data on 3 Million+ Americans | PCMag

Nearly 400,000 affected by data breach at eye care management services company (therecord.media)

Over 2.5 billion free Android VPN users at risk of data leaks | TechRadar

Advance Auto Parts stolen data for sale after Snowflake attack (bleepingcomputer.com)

Organised Crime & Criminal Actors

Major Cyber Crime Networks Dismantled in US and Europe: A Wake-Up Call for Businesses | News | GRC World Forums

International Cyber Crime Ringleaders Arrested In Armenia, Ukraine – Eurasia Review

Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet (thehackernews.com)

4 cuffed following probe into holiday scheme for cyber crooks • The Register

Security industry has ransomware-as-a-service model wrong, says expert | SC Media (scmagazine.com)

Ransomware Ecosystem Transformed, New Groups “Changing the Rules” - Infosecurity Magazine (infosecurity-magazine.com)

Why Hackers Love Logs - Security Week

Police dismantle pirated TV streaming network that made $5.7 million (bleepingcomputer.com)

Hacker ordered to pay Nintendo 25-30% of his salary for the rest of his life still hasn't got a full-time job

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Two 39-year-old Estonian men are the alleged kingpins behind a massive half billion fraud targeting thousands of US investors | Fortune

Hackers exploit Chrome plugin to steal millions from Binance accounts (cointelegraph.com)

Microsoft India’s X account hijacked in Roaring Kitty crypto scam (bleepingcomputer.com)

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers | Trend Micro (US)

Insider Risk and Insider Threats

4 Tips For Strengthening Data Security Through The Human Firewall (forbes.com)

Insurance

30% of Organisations with Cyber Insurance Implemented Additional Security Measures to Be Eligible for the Policy, up from 22% in 2023 (prnewswire.com)

Cyber insurance isn't the answer for ransom payments - Help Net Security

The top three cyber policy gaps - Insurance News | InsuranceNewsNet

Supply Chain and Third Parties

Hundreds of Snowflake customer passwords found online are linked to info-stealing malware | TechCrunch

Third-party vendors pose serious cyber security threat to national security - Help Net Security

London NHS hospitals revert to paper records after cyber attack | NHS | The Guardian

Software Supply Chain Attacks Have Increased Financial and Reputational Impacts on Companies Globally, New BlackBerry Research Reveals (prnewswire.com)

UK Businesses Face Month-Long Recoveries from Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Third-party software supply chain threats continue to plague CISOs | CSO Online

Nearly All of FTSE 100 Exposed to Third and Fourth-Party - Infosecurity Magazine (infosecurity-magazine.com)

Snowflake data breach claims spark war of words over culpability; researchers may have been trolled - DataBreaches.net

Ticketmaster Breach Showcases SaaS Data Security Risks (darkreading.com)

Ticketek customer details exposed in cyber security breach | Data and computer security | The Guardian

Basic cyber security can protect from rising supply chain attacks | TechRadar

Advance Auto Parts stolen data for sale after Snowflake attack (bleepingcomputer.com)

Cloud/SaaS

Snowflake denies breach, blames data theft on poorly secured customer accounts - Help Net Security

Snowflake account hacks linked to Santander, Ticketmaster breaches (bleepingcomputer.com)

Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access | CISA

2024-State-of-Multicloud-Security-Risk-Report.pdf (microsoft.com)

Shadow IT and Zombie Accounts: Sabotaging Your SaaS Security - Security Boulevard

Azure Service Tags tagged as security risk, Microsoft disagrees (bleepingcomputer.com)

Identity and Access Management

The Top Trends Shaping Identity And Access Management I... | Forrester

Why (and how) threat actors target your Active Directory (bleepingcomputer.com)

Encryption

WhatsApp encryption isn't the problem, metadata is | TechRadar

Using entangled particles to create unbreakable encryption (phys.org)

Linux and Open Source

CISA warns of actively exploited Linux privilege elevation flaw (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

Hundreds of Snowflake customer passwords found online are linked to info-stealing malware | TechCrunch

Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (thehackernews.com)

Understanding Credential Phishing - Security Boulevard

Should Employee Password Management Be Mandatory? (forbes.com)

361 million account credentials leaked on Telegram: Are yours among them? - Help Net Security

Account Takeovers Outpace Ransomware as Top Security Concern - Infosecurity Magazine (infosecurity-magazine.com)

Prevent Account Takeover with Better Password Security (thehackernews.com)

Security keys unlock nothing but inconvenience (techmonitor.ai)

Social Media

Microsoft India’s X account hijacked in Roaring Kitty crypto scam (bleepingcomputer.com)

TikTok fixes zero-day bug used to hijack high-profile accounts (bleepingcomputer.com)

Donald Trump Joins TikTok, App He Tried to Ban as President (variety.com)

Malvertising

Google Chrome’s plan to limit ad blocking extensions kicks off next week | Ars Technica

Training, Education and Awareness

26% of organisations lack any form of IT security training - Help Net Security

Urgent training gap exposed as a quarter of organisations unprepared for cyber attacks, Hornetsecurity survey reveals (prnewswire.com)

Is your workplace ‘cyber savvy’? (siliconrepublic.com)

How to Change Security Behaviours Beyond Awareness Training - Infosecurity Magazine (infosecurity-magazine.com)

4 Tips For Strengthening Data Security Through The Human Firewall (forbes.com)

The Art of Hooking the Phish: Educating Users Without Scaring Them (thefastmode.com)

Regulations, Fines and Legislation

CISOs are facing a ‘tsunami of regulations’ — here’s why it’s crucial they focus on quantifying cyber risk | ITPro

104 EU Laws Have Different Definitions of Cyber Security - Infosecurity Magazine (infosecurity-magazine.com)

Here’s what a US surveillance law means for European data privacy | Euronews

80 percent of organisations not ready for CISA rules on security practices (betanews.com)

Data Protection

Here’s what a US surveillance law means for European data privacy | Euronews

Careers, Working in Cyber and Information Security

Narrowing the Stubborn Cyber Security Worker Gap - Security Boulevard

What is a typical day like as an SOC analyst? (siliconrepublic.com)

Law Enforcement Action and Take Downs

Major Cyber Crime Networks Dismantled in US and Europe: A Wake-Up Call for Businesses | News | GRC World Forums

Europol identifies 8 cyber criminals tied to malware loader botnets (bleepingcomputer.com)

Two 39-year-old Estonian men are the alleged kingpins behind a massive half billion fraud targeting thousands of US investors | Fortune

Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet (thehackernews.com)

4 cuffed following probe into holiday scheme for cyber crooks • The Register

Police dismantle pirated TV streaming network that made $5.7 million (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

Poland Suspects Russia Behind False PAP Story on Mobilization (bloomberglaw.com)

Information Warfare: The Future Is Here | Proceedings - June 2024 Vol. 150/6/1,456 (usni.org)

Microsoft Security is warning of Russian misinformation campaigns during the 2024 Olympics - Neowin

Fake Tom Cruise warns of violence at Paris Olympics in pro-Russian info op | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Resilience isn't enough, NATO must be 'proactive' for cyber defence, warns official (therecord.media)

Information Warfare: The Future Is Here | Proceedings - June 2024 Vol. 150/6/1,456 (usni.org)

Conflicts Drive DDoS Attacks Surge in EMEA - Infosecurity Magazine (infosecurity-magazine.com)

Cyber Attacks and the Risk of Real War: A NATO Perspective - Defence News | The Financial Express

Nation State Actors

China

"China, Russia, North Korea and Iran are leveraging ChatGPT for their needs" | Ctech (calcalistech.com)

China outsourcing its cyber attacks to hackers-for-hire - Asia Times

Donald Trump Joins TikTok, App He Tried to Ban as President (variety.com)

Russia

"China, Russia, North Korea and Iran are leveraging ChatGPT for their needs" | Ctech (calcalistech.com)

Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (thehackernews.com)

Europe subjected to multi-phase APT28 cyberespionage attacks | SC Media (scmagazine.com)

Poland Suspects Russia Behind False PAP Story on Mobilization (bloomberglaw.com)

FlyingYeti APT Serves Up Cookbox Malware Using WinRAR (darkreading.com)

European IT Coalition raises 58 million euros for Ukraine's IT, cyber security defence capabilities (kyivindependent.com)

Poland to spend almost $760 million to improve digital security following suspected Russian cyber attack (kyivindependent.com)

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File (darkreading.com)

Pro-Russia group claims responsibility for cyber attacks on first day of EU elections | Euronews

Poland sees ‘Russian cyber attack’ behind fake military draft report – Euractiv

Russia jams Elon Musk’s Starlink sats in Ukraine for the first time (interestingengineering.com)

Microsoft Security is warning of Russian misinformation campaigns during the 2024 Olympics - Neowin

Fake Tom Cruise warns of violence at Paris Olympics in pro-Russian info op | CyberScoop

Olympics 2024: Cyber Attackers are Targeting Companies Associated With Paris Games (techrepublic.com)

Poland launches investigation into Russian, Belarusian political influence (voanews.com)

Polish government will spend more than $ 3 billion on cyber security - BiznesAlert EN

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan (thehackernews.com)

Russian hackers claim cyber attack on Spanish defence company | Reuters

Iran

"China, Russia, North Korea and Iran are leveraging ChatGPT for their needs" | Ctech (calcalistech.com)

North Korea

A US Company Enabled a North Korean Scam That Raised Money for WMDs | WIRED

"China, Russia, North Korea and Iran are leveraging ChatGPT for their needs" | Ctech (calcalistech.com)

Tools and Controls

26% of organisations lack any form of IT security training - Help Net Security

CISOs are facing a ‘tsunami of regulations’ — here’s why it’s crucial they focus on quantifying cyber risk | ITPro

How to Prove Security Effectiveness with a Cyber Security Board Report - Security Boulevard

Mastering Cyber Risk Quantification Methods: A Strategic Approach - Security Boulevard

Should Employee Password Management Be Mandatory? (forbes.com)

Security challenges mount as companies handle thousands of APIs - Help Net Security

Comms Business - Malware targeting endpoints on the rise, finds report

Why Hackers Love Logs - Security Week

Security experts call for unity again... - Mobile World Live

The Top Trends Shaping Identity And Access Management I... | Forrester

Lawyers Ask Forensics Investigators for Help Outside Cyber Security (darkreading.com)

Why (and how) threat actors target your Active Directory (bleepingcomputer.com)

30% of Organisations with Cyber Insurance Implemented Additional Security Measures to Be Eligible for the Policy, up from 22% in 2023 (prnewswire.com)

How to Change Security Behaviours Beyond Awareness Training - Infosecurity Magazine (infosecurity-magazine.com)

4 Tips For Strengthening Data Security Through The Human Firewall (forbes.com)

The Art of Hooking the Phish: Educating Users Without Scaring Them (thefastmode.com)

Deciding cyber security spend: how much is enough? | Propertymark

Effective Incident Response: A Cyber Security Playbook for Executives - Security Boulevard

4 communication mistakes to avoid during a data breach - PR Daily

More Than One-Third of Healthcare Organisations Lack Cyber Security Response Plan | HealthLeaders Media

Reports Published in the Last Week

The Top Trends Shaping Identity And Access Management I... | Forrester

2024-State-of-Multicloud-Security-Risk-Report.pdf (microsoft.com)

Other News

Cyber attacks on financial services firms hit 20m people in 2023 - CIR Magazine

National infrastructure cyber attacks ‘have increased dramatically’ (power-technology.com)

What Cyber Security Memes Reveal About the Industry (itprotoday.com)

What Could Possibly Go Wrong?: New Study Examines Aftermath of Cyber Attacks | HealthLeaders Media

Security experts call for unity again... - Mobile World Live

Achieving Cyber Security in Finance Through Collaborative Efforts (finextra.com)

Lawyers Ask Forensics Investigators for Help Outside Cyber Security (darkreading.com)

ESAs and ENISA sign a Memorandum of Understanding to strengthen cooperation and information exchange - European Union (europa.eu)

Apple refused to pay bug bounty to Russian cyber security firm Kaspersky Lab (therecord.media)

A Major Industrial Cyber Security Threat: Living off the Land Attacks - Security Boulevard

Germany: Major hack targets center-right CDU party – DW – 06/01/2024

Public sector security debt is becoming a pervasive issue | ITPro

New Military Program Aids Cyber Defences in Latin America and the Caribbean | AFCEA International

No summer break for cyber crime: Why educational institutions need better cyber resilience - Help Net Security

Moldova Cracks Down On Interpol Evasion Scheme With Help From France, US, Britain (rferl.org)

Officials accused of trying to sabotage Interpol's Red Notice system to tip off international fugitives - CBS News

Vulnerability Management

The impact of legacy vulnerabilities in today's cyber security landscape | TechRadar

NIST turns to IT consultants to help clear NVD backlog • The Register

Vulnerabilities

Exploitation of Recent Check Point VPN Zero-Day Soars - Security Week

CISA warns of actively exploited Linux privilege elevation flaw (bleepingcomputer.com)

Critical Apache Log4j2 flaw still threatens global finance - Security Affairs

FlyingYeti APT Serves Up Cookbox Malware Using WinRAR (darkreading.com)

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) - Help Net Security

Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions (thehackernews.com)

37 Vulnerabilities Patched in Android - Security Week

PoC Exploit Released for macOS Root Access Vulnerability (cybersecuritynews.com)

Cisco addressed Webex flaws used to compromise German government meetings (securityaffairs.com)

RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks (darkreading.com)

CISA says 'patch now' to 7-year-old Oracle WebLogic bug • The Register

Azure Service Tags tagged as security risk, Microsoft disagrees (bleepingcomputer.com)

Critical Progress Telerik vulnerability under attack | TechTarget

TikTok fixes zero-day bug used to hijack high-profile accounts (bleepingcomputer.com)

Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models (thehackernews.com)

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 04/06/2024 Black Arrow Admin 04/06/2024

Black Arrow Cyber Threat Briefing 31 May 2024

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC

HP Report Surfaces Shifts in Cyber Attack Tactics - Security Boulevard

Other Social Engineering

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

AI’s role in FS businesses’ cyber defence and risk assessment (finextra.com)

Supply Chain and Third Parties

ABN Amro discloses data breach following an attack on a third-party provider (securityaffairs.com)

Cloud/SaaS

Identity and Access Management

Identity-related incidents becoming severe, costing organisations a fortune - Help Net Security

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Malvertising

Arc browser’s Windows launch targeted by Google ads malvertising (bleepingcomputer.com)

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

GDPR Turns Six: Reflecting on a Global Privacy Benchmark - IT Security Guru

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Phones of journalists and activists in Europe targeted with Pegasus | CyberScoop

Vulnerability Management

Vulnerabilities

Tools and Controls

Reports Published in the Last Week

Q1 2024 Threat Landscape Report: Insider Threat & Phishing Evolve Under AI Auspices (kroll.com)

Other News

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 26/05/2024 Black Arrow Admin 26/05/2024

Black Arrow Cyber Threat Briefing 24 May 2024

Black Arrow Cyber Threat Intelligence Briefing 24 May 2024:

-Human Error and AI Tops Cyber Threats as 70% of CISOs Worry About Risk

-Threat Research Highlights Growing Mobile Security Risks

-The State of Cyber Security: AI and Geopolitics Mean a Bigger Threat Than Ever

-Family Offices Become Prime Targets for Cyber Hacks and Ransomware

-Ransomware Fallout - 94% Experience Downtime, 40% Face Work Stoppage

-Employee Discontent - Insider Threat No. 1

-Report Reveals 341% Rise in Advanced Phishing Attacks

-Ransomware and GenAI Raise Security Challenges, Driving Cyber Investment

-New Rules Prompt 93% of Organisations to Rethink Cyber Security Plans

-HR and IT Related Phishing Scams Still Most Popular According to KnowBe4’s Latest Phishing Report

-80% of Exposures from Misconfigurations, as 15 Vendors Account for 62% of Global Attack Surface

-UK to Propose Mandatory Reporting for Ransomware Attacks and Licensing Regime for all Payments

-UK’s Legal Sector Needs to Improve its Cyber Security, Says Experts

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Internet of Things – IoT

Teslas Can Still Be Stolen With a Cheap Radio Hack—Despite New Keyless Tech | WIRED

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Yet more ransomware uses BitLocker to encrypt victims' files • The Register

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Cyber crime on the rise as account takeovers become leading method (investmentnews.com)

Social Media

Malvertising

Training, Education and Awareness

Three Psychological Theories to Ensure Cyber Security Training Sticks - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

Backup and Recovery

Are Your SaaS Backups as Secure as Your Production Data? (thehackernews.com)

Data Protection

87% of medical practice data is digital | Security Magazine

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Vulnerability Management

Vulnerabilities

Tools and Controls

Reports Published in the Last Week

Other News

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 20/05/2024 Black Arrow Admin 20/05/2024

Black Arrow Cyber Alert 20 May 2024 – Flaw in Popular PDF Reader Foxit Exploited by Hackers to Deliver Variety of Malware

Executive summary

An active campaign has been identified in which a flaw in Foxit, a popular PDF reader, is being exploited by attackers to deploy a variety of malware. Check Point, who have identified the campaign have said that it has been used by multiple threat actors in campaigns ranging “from e-crime to espionage”. The campaign takes advantage of a flaw in which the PDF reader is set to accept a document as trusted by default. Once a user clicks OK on this, a second display pops up which has the default option of allowing the PDF to open additional programs and execute commands.

What’s the risk to me or my business?

There is a risk that organisations using Foxit PDF reader are vulnerable to this exploitation, which has a low detection rate. Additionally, this risk extends to employees who have access to corporate data on their personal device and are using Foxit. In both cases, the confidentiality, integrity and availability of information is at risk.

Reports indicate that the malicious PDF’s are being distributed in traditional manners including email, as well as social media such as Facebook, capitalising on the low-level of detection of this exploit.

What can I do?

Black Arrow recommends organisations evaluate the most suitable risk treatment approach for their environment. This may involve exploring alternative software solutions or uninstalling the affected software altogether. Additionally, disabling non-essential features, such as command prompt and PowerShell execution, for standard users is recommended. Cyber awareness training should also emphasise the importance of not opening unexpected files or granting permissions via pop-up windows to mitigate risks.

#threatadvisory #threatintelligence #cybersecurity

Further information from Check Point can be found here:

https://research.checkpoint.com/2024/foxit-pdf-flawed-design-exploitation/

Black Arrow Admin 19/05/2024 Black Arrow Admin 19/05/2024

Black Arrow Cyber Threat Briefing 17 May 2024

Black Arrow Cyber Threat Intelligence Briefing 17 May 2024:

-Social Engineering is the Biggest Cyber Threat as Study Finds Most Workers Have Clicked on a Suspicious Email Link

-Business Leaders are Stressing Out Over Pace of Technological Change, as Cyber Security Incidents Seen as Main Business Disruptor

-ICO Warns That Many UK Businesses Neglect Basic Cyber Security: More Ransomware and Cyber Attacks Last Year Than Ever Before

-Data Breaches are Getting Worse, Many are Employee Errors or Social Engineering Attacks

-Why Cyber Insurance isn’t a Substitute for Cyber Risk Management

-China Presents Defining Challenge to Global Cyber Security, Says GCHQ

-Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign

-Global Financial Stability at Risk Due to Cyber Threats, IMF warns

-Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

-Santander Data Breach via Third-Party Provider Impacted Customers and Employees

-40% of Cyber Teams Have Held Back from Reporting Cyber Attacks Over Fear of Losing Jobs

-Digital Resilience – a Step Up from Cyber Security

-UK Lags Europe on Exploited Vulnerability Remediation

-Cyber Threats Demand More Focus Says Zurich, as UK Insurance And NCSC Join Forces to Fight Ransomware Payments

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC

Visualizing Global Losses from Financial Scams (visualcapitalist.com)

Other Social Engineering

Artificial Intelligence

2FA/MFA

How to Prevent Attacks that Bypass MFA - InfoRiskToday

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Encryption

You want us to think of the children? Couldn't agree more • The Register

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

The 10 most common 4-digit PIN numbers — are you at risk of a cyber attack? (nypost.com)

Social Media

It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

Iran most likely to launch destructive cyber attack on US • The Register

North Korea

Vulnerability Management

Vulnerabilities

Tools and Controls

Reports Published in the Last Week

Other News

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 15/05/2024 Black Arrow Admin 15/05/2024

Black Arrow Cyber Advisory 15 May 2024 – Microsoft, Adobe, Apple, Mozilla Firefox, Google Chrome, SAP and VMware Updates

Executive summary

Microsoft’s May Patch Tuesday provides updates to address 61 security issues across its product range. Notably, the update tackles two actively exploited zero-day vulnerabilities. The zero-days include a security feature bypass and an elevation of privilege vulnerability. Among the updates provided by Microsoft were 1 critical vulnerability, allowing an attacker remote code execution.

In addition to the Microsoft updates this week also saw Adobe, Apple, Firefox, Google Chrome, SAP and VMware all provide updates for vulnerabilities in a variety of their products, including multiple zero-days and critical vulnerabilities.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an unauthenticated attacker to gain code execution as well as elevating to system privileges, the highest available. Both of which compromise the confidentiality, integrity and availability of data stored by an organisation.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the actively exploited vulnerability and all other vulnerabilities that have an available patch should be updated as soon as possible.

Technical Summary

Microsoft

CVE-2024-30040 – A security feature bypass, in which an unauthenticated attacker can gain code execution through convincing a user to open a malicious document. It is now known how this flaw was abused in attacks.

CVE-2024-30051- A flaw in Windows DWM Core Library which upon exploitation, allows an attacker to elevate to system privileges, the highest available.

Apple

Apple have addressed multiple vulnerabilities in its products, including 16 vulnerabilities on iPhone and iPads. This includes include one vulnerability which the company say “may have been exploited”.

Adobe

Adobe have addressed 37 vulnerabilities in its products, including 9 critical vulnerabilities in Adobe Acrobat and Reader, , 2 critical vulnerabilities in Adobe Commerce, Adobe InDesign, Adobe Experience manager, 1 critical vulnerability in Adobe Media Encoder and Adobe Bridge, 3 critical vulnerabilities in Adobe Illustrator and 2 critical vulnerabilities in Adobe Animate. The company said it was not aware of any exploits in the wild for any of the documented issues.

Firefox

Firefox has upgraded to version 126. The new version addresses 16 unique security issues. None of the vulnerabilities are currently under active exploitation. The release also comes with some quality-of-life changes such as search telemetry changes and copy link without site tracking.

Google Chrome

Google Chrome released an emergency update to fix their 6th zero-day exploited this year, just one week after a previous one. Google are aware that an exploit for the vulnerability exists in the wild. Users are recommended to update as soon as possible.

SAP

This month, SAP has released 17 patches, which include 14 new fixes and 3 updates from previous releases. Two patches and one update have been given the “hot news” priority in SAP, the highest severity. The vulnerabilities encompass a range of issues, including CSS Injection, Remote Code Execution, File Upload flaws, and Cross-Site Scripting (XSS).

VMWare

Multiple security flaws, including one critical vulnerability, have been addressed by VMware after their exploitation was demonstrated at a security event. Some of the vulnerabilities do not have a fix yet and as such, users are advised to disable Bluetooth support and 3D acceleration as temporary workarounds until patches are applied.

More info:

Microsoft

Further details on other specific updates within Microsoft’s May patch Tuesday can be found here:

https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-patch-tuesday-fixes-3-zero-days-61-flaws/

https://www.ghacks.net/2024/05/14/microsoft-releases-the-may-2024-security-updates-for-windows/

Apple

Further details of the vulnerabilities in Apple can be found here:

https://support.apple.com/en-gb/HT201222

Adobe

Further details of the vulnerabilities in Adobe Acrobat and Reader can be found here:

https://helpx.adobe.com/security/products/acrobat/apsb24-29.html

Further details of the vulnerabilities in Adobe Photoshop can be found here:

https://helpx.adobe.com/security/products/photoshop/apsb24-16.html

Further details of the vulnerabilities in Adobe Commerce can be found here:

https://helpx.adobe.com/uk/security/products/magento/apsb24-18.html

Further details of the vulnerabilities in Adobe InDesign can be found here:

https://helpx.adobe.com/uk/security/products/indesign/apsb24-20.html

Further details of the vulnerabilities in Adobe Experience Manager can be found here:

https://helpx.adobe.com/uk/security/products/experience-manager/apsb24-21.html

Further details of the vulnerabilities in Adobe Media Encoder can be found here:

https://helpx.adobe.com/uk/security/products/media-encoder/apsb24-23.html

Further details of the vulnerabilities in Adobe Bridge can be found here:

https://helpx.adobe.com/uk/security/products/bridge/apsb24-24.html

Further details of the vulnerabilities in Adobe Illustrator can be found here:

https://helpx.adobe.com/uk/security/products/illustrator/apsb24-25.html

Further details of the vulnerabilities in Adobe Animate can be found here:

https://helpx.adobe.com/uk/security/products/animate/apsb24-26.html

Firefox

Further details on the vulnerabilities addressed in the Firefox release can be found here:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/

Google Chrome

Further details on the vulnerabilities addressed in the Google Chrome update can be found here:

https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html

SAP

Further details on the vulnerabilities addressed in SAP can be found here:

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2024.html

VMware

Further details on the vulnerabilities addressed by VMware can be found here:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 12/05/2024 Black Arrow Admin 12/05/2024

Black Arrow Cyber Threat Briefing 10 May 2024

Black Arrow Cyber Threat Intelligence Briefing 10 May 2024:

-China Suspected of Hacking MoD, Through Its Payroll Provider

-Security Tools Fail to Translate Risks for Executives

-Gang Accused of MGM Hack Shifts Attacks to Finance Sector

-Are SMEs Paving the Way for Cyber Attacks on Larger Companies?

-Misconfigurations Drive 80% of Security Exposure, Report Finds

-Only 45% of Organisations Employ MFA Protections

-You Cannot Protect What You Do Not Know You Have, as Criminals are Exploiting Vulnerabilities Faster Than Ever

-The Rise and Stealth of The Socially Engineered Insider

-Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training

-Don't Be the Weakest Link – You and Your Team's Crucial Role in Cyber Security

-Ransomware Activity Thrives, Despite Law enforcement Efforts

-NATO Warns of Russian Hybrid Warfare

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

87% of DDoS Attacks Targeted Windows OS Devices in 2023 (darkreading.com)

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering (securityaffairs.com)

Insider Risk and Insider Threats

Supply Chain and Third Parties

Cloud/SaaS

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED

Training, Education and Awareness

Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training - IT Security Guru

Regulations, Fines and Legislation

Models, Frameworks and Standards

The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard

Data Protection

Privacy requests increased 246% in two years - Help Net Security

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Vulnerability Management

Vulnerabilities

Tools and Controls

Reports Published in the Last Week

The State of Ransomware 2024 - Sophos

Other News

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 05/05/2024 Black Arrow Admin 05/05/2024

Black Arrow Cyber Threat Briefing 03 May 2024

Black Arrow Cyber Threat Intelligence Briefing 03 May 2024:

-Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities

-91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit

-BEC and Fund Transfer Fraud Top Insurance Claims

-Correlating Cyber Investments with Business Outcomes

-Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link

-MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer

-Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties

-Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats

-95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right

-Human Factor a Significant Risk for Small and Medium-Sized Businesses.

-Microsoft CEO Says it is Putting Security Above All Else in Major Refocus

-Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC

BEC and Fund Transfer Fraud Top Insurance Claims - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering

Artificial Intelligence

2FA/MFA

Change Healthcare breached via Citrix portal with no MFA | TechTarget

Malware

Mobile

Denial of Service/DoS/DDOS

Hackers Target New NATO Member Sweden with Surge of DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Encryption

Linux and Open Source

Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Data Protection

How AI and data protection intersect in today's threat era - SiliconANGLE

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

'DuneQuixote' Shows Stealth Cyber Attack Methods Are Evolving (darkreading.com)

Nation State Actors

China

Russia

Iran

Israel winning cyber war against Iran, says former officer of elite IDF intelligence unit | All Israel News

North Korea

DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Vulnerability Management

Vulnerabilities

Tools and Controls

Reports Published in the Last Week

Other News

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 02/05/2024 Black Arrow Admin 02/05/2024

It’s World Password Day today; if you are protecting your systems access using a password, then you need to know this

Passwords are one of the basic ways that we confirm our identity when we access systems on our company network, or our own person email account for example. Although many organisations have a policy that requires users to create passwords of a certain length and complexity, the challenge is that the user can fulfil those criteria even if they create a weak password that can be easily guessed or cracked by an attacker. This is yet another intersection of technology and human behaviours that can make or break cyber security.

Did you know that attackers exchange lists of passwords from previous attacks, which they use at high speed in combination with a user’s email address for example, to try to break into a system?

If you are told that you need to create a password that uses upper and lower case letters, with numbers and special characters, the chances are you will use a word that starts with a capital letter, then add a number and use an exclamation point or similar at the end. The attackers know this, and they have millions of examples of them in their password listing. Equally, passwords like querty12345 are, sadly, still frequently used.

The trick is for us all to avoid using ‘weak’ passwords that are likely to feature on the password listing, which means we need to avoid falling into predictable human behaviour patterns. Equally, users need to avoid obvious passwords, like the name of their town or their pet dog, which can be guessed or cracked by a dedicated attacker.

As a solution consider using a passphrase such as “BananaHippoCyclist” and if you want it even more complex, trying adding a few numbers and special characters. And make sure every access you have uses a different password. We all live in the real world, and it can be hard to manage multiple passwords, so you could consider a password manager application to store your passwords, providing you use a very strong master password to access it.

Even strong passwords need extra security, which is why they should be used in conjunction with other multi-factor authentication methods such as facial recognition or biometrics (something you are) or verification codes received on your mobile phone (something you have). Utilising multiple methods of authentication makes it significantly harder for attackers to compromise your accounts.

If you are wondering how to implement this in your organisation, then reach out to us for a free 30-minute consultation to discuss your specific needs and proportionate options. We love discussing this and other aspects of cyber security, so contact us through our website page www.blackarrowcyber.com/contact, and we will get back to you shortly.

In the meantime, Happy World Password Day!

Black Arrow Admin 30/04/2024 Black Arrow Admin 30/04/2024

Black Arrow Cyber Insight 30 April 2024 – UK’s New IoT Legislation Aiming to Protect Consumers From Cyber Attacks Comes in to Force

Executive summary

The UK Government has released new legislation to protect consumers from cyber criminals.

The regime comprises of two pieces of legislation:

Part 1 of the Product Security and Telecommunications Infrastructure (PSTI) Act 2022; and
The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023.

Now that this new legislation is in force, the UK’s consumer connectable product security regime will be enforced, aiming to protect consumers against hacking and cyber attacks. This regulation sets out the minimum-security standards that all IoT (Internet of Things) devices are now legally obliged to meet.

What are the security requirements?

The regulations set out specific requirements that the relevant people, manufacturer, importer and distributor of the products have to follow:

1. Passwords must be unique per the product. This includes banning common and easily guessable passwords for example admin or 12345 to prevent vulnerabilities and hacking.

2. The manufacturer must provide clear and transparent information on how to report security issues about their product. Manufacturers are also obligated to provide information on timescales of acknowledging, reporting and updating the status of security issues to the consumer until they have been resolved.

3. The manufacturers and retailers must publish to consumers in a clear and accessible way, the minimum time they can expect to receive important security updates. This information should be available without prior request in English and free of charge.

While these security requirements demonstrate the seriousness in which the Government regards cyber security, they should not be relied upon alone and organisations ensure they are employing their own controls such as changing default passwords, performing vulnerability scanning and conducting timely patch management. Effective cyber security requires multiple layers of defence

The official UK Government legislation can be found below:

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Threat Intelligence Blog

Black Arrow Cyber Advisory 10 July 2024 – Microsoft Patch Tuesday, Adobe and Citrix Updates

Black Arrow Cyber Threat Briefing 05 June 2024

Top Cyber Stories of the Last Week

Nearly 10 billion Passwords Leaked in the Largest Compilation of All-time

Half of Employees Fear Punishment for Reporting Security Mistakes

New RUSI Report Exposes Psychological Toll of Ransomware

Cyber Extortion Soars: SMBs Hit Four Times Harder

2024 Is Already the Year of the Cyber Attack

Survey Reveals Growing Lack of Cyber Security Confidence

Cyber Security is Worth the Spend

Only 13% of Organisations are Cyber Mature

Full-Blown Cyber War: a Hollywood Worthy Scenario

Rising Risks Set to Drive Huge Investment in Cyber Security

Authorised Push Payment Fraud Singled Out as Biggest Financial Crime Threat

Setting the Tone at the Top to Manage Enterprise Risk

Cyber Criminals are Free to Exploit Vulnerabilities Without Fear

Sources:

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Tools and Controls

Reports Published in the Last Week

Other News

Vulnerability Management

Vulnerabilities

Sector Specific

Black Arrow Cyber Advisory 02 July 2024 – Critical Vulnerabilities identified in OpenSSH, Juniper, and Apple App Development Supply Chain

Black Arrow Cyber Threat Briefing 28 June 2024

Top Cyber Stories of the Last Week

Cyber Attacks on The Rise with Financial Sector a Top Target, Report Reveals

Cloud Resources Have Become Biggest Targets for Cyber Attacks, Finds Thales

Hackers Grow More Sinister and Brazen in Hunt for Bigger Ransoms

1 Out of 3 Breaches Go Undetected

Optiv Report Shows Nearly 60% Increase in Security Budgets as Most Organisations Experience Cyber Breaches and Incidents

Why Are Threat Actors Faking Data Breaches?

China-Sponsored Attackers Target 40K Corporate Users in 90 Days

Cyber Security Neglect: The Silent Killer of Businesses

Third of Organisations Have Suffered Three or More Data Breaches in the Last 24 Months

75% of New Vulnerabilities Exploited Within 19 Days

It’s a Hard Time to Be a CISO. Transformational Leadership is More Important Than Ever.

Tackling The Role Human Error Plays in Data Breaches

Governance, Risk and Compliance

Threats