👋 Welcome to the 32nd edition Cyber Weekly Digest of 2024

‍

⭐️ Another week, another new signing for Team CV. Welcome Danielle Lang, our new Customer Success Manager. Being super passionate about what we do, real people helping real people and supporting our customers every step of the way, Danielle is the perfect addition to our team.

‍

When Danielle isn't in the local gym or paddle boarding she is hanging out with Winnie, the sassy Frenchie we can't wait to meet!

‍

This week we also introduced a very exciting new partnership with Horizon3.ai, offering a different approach to security validation through their NodeZero platform for Automated Security Validation.

‍

🎧 Plus, listen to our latest podcast episode with AJ N. from Horizon3.ai to hear insights into the world of security validation and how you can prove your controls as well as finding the fastest way to remediate through automated validation.

‍

In case you missed it... our next 'Cyber Security... Is No Joke' Comedy Night is in 🏴󠁧󠁢󠁳󠁣󠁴󠁿 Glasgow 🏴󠁧󠁢󠁳󠁣󠁴󠁿 on 11th September. Grab your spot here before we hit capacity!

🏃‍♀️ Huuuuge congratulations to Abnormal's Georgia Bell who qualified for this Sunday's 1500m final at the Olympics 🇬🇧 Good luck Georgia!!

😁 Dad Joke of the Week: I once submitted 10 puns to a joke competition. I really thought with that many, one was sure to be a winner. Sadly, no pun in ten did.

‍

New and noteworthy from the vendor community this week:

🟣  As GenAI tools become increasingly integrated into business operations, it is crucial to proactively manage and mitigate potential threats! 

Immersive Labs latest blog explores 4 actionable strategies for protection:

🔍 Identify and monitor risks

💂 Implement safeguards 

💪 Leverage GenAI for defense

📚 Educate and train your people

‍

🟣 SentinelOne is a Representative Vendor in the 2024 Gartner® Market Guide for CNAPP!

Gain insights on the drivers shaping the CNAPP market, learn the Core, recommended, and optional capabilities which Gartner establish for the CNAPP market and understand why SentinelOne is named a Representative Vendor in the CNAPP Market Guide

‍

🟣 Announcing: Continuous Attack Surface Pen Testing from BugCrowd

You may already be aware of Bugcrowd EASM, a solution for getting a complete, always up-to-date view of your external risk exposure. This week they announced the first net-new product enabled by the ongoing integration of Bugcrowd EASM with the Bugcrowd Platform: Continuous Attack Surface Penetration Testing. 

‍

🟣 Why do organisations continue to stick with ineffective security awareness training programmes? Isn't there a better way to tackle human risk?

To answer these questions, CultureAI interviewed four industry experts and gathered their insights in one handy report. Dive into the report to discover:

➡️ Frustrations with conventional security awareness and training

➡️ Recommendations for engaging employees and improving behaviours

➡️ Untapped strategies they aim to implement in the future

‍

Last but not least...

🟣 In SentinelOne's latest ExecBrief by Matthew Pines, learn more about how nation-state sabotage is increasing and reshaping the threat landscape for private companies.

Multiple acts of sabotage targeting critical infrastructure surrounding the 2024 Paris Olympics. Cyberattacks disrupting European railway networks. An arson attack on a Ukrainian-linked warehouse in London. Intelligence and security reports indicate a marked increase in sabotage and “grey-zone” or “hybrid” attacks across Europe and potentially targeting the U.S. These activities, primarily attributed to Russia and China, represent an evolution in geopolitical conflict that falls below the threshold of traditional warfare, but poses risks to national security and economic stability.

‍

Now, let's take a look at our top Cyber Security News picks of the week:

☠️ This week we were warned of new #PhishingScams, huge #Ransomware threats and a big #DataBreach at a well known American building security giant...

‍

1. New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links

Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information. "The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements, and an Amazon look-alike to harvest the victim's information," Menlo Security researcher Ashwin Vamshi said. "This attack is a great example of a Living Off Trusted Sites (LoTS) threat."

‍

2. FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 Million

The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million. That's according to an updated advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). "BlackSuit actors have exhibited a willingness to negotiate payment amounts," the agencies said. "Ransom amounts are not part of the initial ransom note, but require direct interaction with the threat actor via a .onion URL (reachable through the Tor browser) provided after encryption."

3. Cisco Warns of Critical RCE Zero-Days in End of Life IP Phones

Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. The vendor has not made fixes available for these devices and shared no mitigation tips, so users of those products will have to move to newer and actively supported models as soon as possible.

4. ADT Confirms Data Breach after Customer info Leaked on Hacking Forum

American building security giant ADT confirmed it suffered a data breach after threat actors leaked allegedly stolen customer data on a popular hacking forum. ADT is a public American company that specializes in security and smart home solutions for residential and small business customers. The firm employs 14,300 people, has an annual revenue of $4.98 billion, and serves approximately 6 million customers across 200 locations in the United States. In a Thursday morning Form 8-K regulatory filing with the Securities and Exchange Commission (SEC), ADT says threat actors breached some of its databases and stole customer information.

‍

5. CISA Warns of Hackers Abusing Cisco Smart Install Feature

​On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommended disabling the legacy Cisco Smart Install (SMI) feature after seeing it abused in recent attacks. CISA has spotted threat actors using this tactic and leveraging other protocols or software to steal sensitive data, such as system configuration files, which prompted an alert advising admins to disable the legacy SMI protocol (superseded by the Cisco Network Plug and Play solution) to block these ongoing attacks. It also recommended reviewing the NSA's Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for further configuration guidance.

‍