👋 Welcome to the 28th edition Cyber Weekly Digest of 2024.

‍

Overhead worldies, last minute bangers, eerily calm penalty shoot outs... yes it's been a nail biting and overly frustrating path at times but come on the lads, we've only gone and made the final! Cyber Vigilance has got your back, bring it home boys 🦁🦁🦁 Vamos!

‍

In case you missed the announcement, Cyber Vigilance will be attending the Scot-Secure West summit in Glasgow on 11th September. Look forward to seeing you there! We won't mention the Euro's (if we lose)

‍

♣️ We also announced this week that CV are an official partner of S4S Club! Join us on September 17th in London to learn from experts and partners who explain current risks, strategies, and real-life case studies. We're incredibly proud to be part of an event bringing true value to all attendees.

‍

New and noteworthy this week:

🟣 Traditional security tools can't provide the flexible and consistent security needed in the cloud, so how do we solve these issues to build modern cloud security? Check out this blog from Tony Bailey at Illumio covering Why traditional cloud security is failing - and 5 strategies to fix it

‍

🟣 The crowdsourced security market includes many different vendors and solution types, and it can be confusing trying to figure out how to leverage them to solve today’s cybersecurity challenges. The Bugcrowd Platform offers their customers a modern approach to crowdsourced security that works to tackle their cybersecurity challenges proactively. Here's 5 reasons why customer choose them

‍

🟣 KnowBe4 officially closed on its acquisition of Egress, congratulations! Following the release of the powerful updates to Egress Prevent Analytics, they have introduced enhancements designed to provide deeper insights, richer data, and enhanced functionality for all their customers. Read their latest blog to uncover how these updates can transform your outbound email security strategy

‍

🟣 As cyber attacks grow more sophisticated, financial institutions face unprecedented challenges. Censys new one-pager shows how they help #FinServ pros stay one step ahead with customising threat intel feeds, enhancing brand protection and improving third-party risk visibility.

‍

Last but not least...

🟣 You can register now for an interactive workshop about GenAI chatbot cybersecurity risks with Immersive Labs and Darktrace. Drawing from real-world examples, the experts will explore the implications for businesses and discuss strategies for identifying and mitigating the risks associated with GenAI at your organisation.

‍

Now, let's take a look at our top cyber security news picks of the week.

‍

1. Advance Auto Parts Data Breach Impacts 2.3 Million People

Advance Auto Parts is sending data breach notifications to over 2.3 million people whose personal data was stolen in recent Snowflake data theft attacks. Advance operates 4,777 stores and 320 Worldpac branches, serving 1,152 independently owned Carquest stores in the United States, Canada, Puerto Rico, the U.S. Virgin Islands, Mexico, and various Caribbean islands. On June 5, 2024, a threat actor known as 'Sp1d3r' began selling a massive 3TB database allegedly containing 380 million Advance customer records, orders, transaction details, and other sensitive information.

‍

2. GitLab: Critical Bug Lets Attackers Run Pipelines as Other Users

GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user. The GitLab DevSecOps platform has over 30 million registered users and is used by over 50% of Fortune 100 companies, including T-Mobile, Goldman Sachs, Airbus, Lockheed Martin, Nvidia, and UBS. The flaw patched in today's security update is tracked as CVE-2024-6385, and it received a CVSS base score severity rating of 9.6 out of 10.

3. CRYSTALRAY Hacker Expands to 1,500 Breached Systems using SSH-Snake Tool

A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers deployed. This is being reported by researchers at Sysdig, who have tracked the threat actor since February, when they first reported their use of the SSH-Snake open-source worm to spread laterally on breached networks. SSH-snake is an open-source worm that steals SSH private keys on compromised servers and uses them to move laterally to other servers while dropping additional payloads on breached systems. Previously, Sysdig identified roughly 100 CRYSTALRAY victims impacted by the SSH-Snake attacks and highlighted the network mapping tool's capabilities to steal private keys and facilitate stealthy lateral network movement.

4. New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024. The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense. "The majority of the custom code in the malware appears to be focused on anti-analysis, communicating with its command-and-control center (C2), and downloading and running files with a limited focus on monitoring or harvesting credentials," it said.

‍

5. New Ransomware Group Exploiting Veeam Backup Software Vulnerability

A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities. Initial access to the target environment is said to have been facilitated by means of a Fortinet FortiGate firewall SSL VPN appliance using a dormant account.

‍