š Welcome to the 35th edition Cyber Weekly DigestĀ of 2024
Monday was š¶ INTERNATIONAL DOG DAY š¶ (a day that we'd be happy to celebrate every day!) so thought we'd introduce the extended Cyber Vigilance team. Meet Winnie, Gilley, Frodo, Shayla, Chuck, Chesney and Louis.
š«¶ This week we spent some quality time with the team at Imperva, discussing all things application and data security. As Gartner Peer Insights Customers' choice: Best Security Solution for WAF and DDOS, we're excited for what this brings to our portfolio!
š Big thank you to Censys who also visited The Stable this week! We're covering all aspects of security & compliance and solving customer pain points by striking up partnerships with the best vendors on the planet. Those that eat pizza together, protect together š
š¢ Your weekly reminder... š“ó §ó ¢ó ³ó £ó “ó æ Scotland š“ó §ó ¢ó ³ó £ó “ó æ next month = DIGIT.FYIĀ Ā Scot-Secure WestĀ (Glasgow 11th September). Post event, join us and our sponsors Egress, a KnowBe4 company, Automox, BugcrowdĀ and One IdentityĀ for a unique evening combining the world of cyber security with the laughter of stand up comedy: Cyber Security is no JokeĀ
š Dad Joke of the Week: Never buy anything made from velcro, itās a total rip-off (OK OK that one's bad but the choice is overwhelming!!)
NewĀ and noteworthyĀ from our vendor community this week:
Ā
š£ October 2nd... This is a drill, this is a drill - A cyber Drill!
The next Immersive Labs Cyber Drills RoadshowĀ is now open for registration. This unique hands-on experience allows cyber leaders and practitioners to put their skills to the test in a live-fire crisis simulation. The immersive half-day event includes:Ā Ā
Hands-On Cyber Drills: Dive deep into real-world cybersecurity scenarios designed to challenge and strengthen your skills.
Interactive Workshops: Gain invaluable insights from industry experts and practitioners through engaging workshops and discussions.
Cutting-Edge Technologies: Explore the latest tools and techniques driving cyber resilience.
Networking Opportunities:Ā Connect with like-minded professionals and expand your professional network.
š£ Bugcrowd introduce the new Insights Dashboard
With this dashboard, Bugcrowd Platform users can get a comprehensive view of program and engagement health, impact, and direction across numerous dimensions including:
Submissions: Trends and counts for states, state transitions, and severity (per target or VRT category)
Performance: Mean time needed to detect, triage, review, and resolve
Researchers/Hackers: Total number and new versus returning
Spend: Reward amounts (total/highest/lowest/average), dates, severity breakdowns, and remaining pool trends
š£ This week Forrester named Illumio a leader in The Forrester Waveā¢: Microsegmentation Solutions, Q3, 2024
āLarger Organisations with mature cybersecurity programs that are on a Zero Trust journey or are bolstering defenses against ransomware should put Illumio at the top of their shortlistā according to Forrester.Ā Highlights include:
Strengths of the Illumio Zero Trust Segmentation Platform
Considerations for choosing a microsegmentation solution
How top vendors stack up
LastĀ but not least...
š£ DDoS attacks are growing in number, scale, and sophistication!
111% increase in DDOS attacks mitigated by Imperva
215% increase in the number of DNS DDOS attacks
548% increase in attacks on Telecommunications and ISPs
Check out these key findings and more insights by downloading the full 2024 Imperva DDoS Threat Landscape Report
Now, let's take a look at our top Cyber Security News picks of the week:
ā ļø This week we were warned of #RussianHackers via government websites, #Microsoft issues with #FalsePositives and a #PhishingCampaign spotted by #Netskope...
Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared.
Cybersecurity firm Check Point Software Technologies (NASDAQ: CHKP) has agreed to acquire Cyberint Technologies, a company that fuses threat intelligence with attack surface reconnaissance to help organizations manage external risk exposure. Cyberintās platform uses a combination of dark web data harvesting and continuous testing of an organizationās attack surface and augments that data with threat intelligence experts to deliver security-themed alerts.
Ā
Microsoft is investigating an Exchange Online false positive issue causing emails containing images to be wrongly tagged as malicious and sent to quarantine. "Users' email messages containing images may be incorrectly flagged as malware and quarantined," Microsoft said in a service alert posted on the Microsoft 365 admin center two hours ago. "We're reviewing service monitoring telemetry to isolate the root cause and develop a remediation plan."
Ā
WTF?! Chinese-made chips used in popular contactless cards contain hardware backdoors that are easy to exploit. These chips are compatible with the proprietary Mifare protocol developed by Philips spin-off NXP Semiconductors and are inherently "intrinsically broken," regardless of the card's brand. Security researchers at Quarkslab have discovered a backdoor in millions of RFID cards developed by Shanghai Fudan Microelectronics (FMSH). When properly exploited, this backdoor could be used to quickly clone contactless smart cards that regulate access to office buildings and hotel rooms worldwide.
A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials. The attacks were spotted by Netskope Threat Labs in July 2024 after detecting a dramatic 2,000-fold increase in attacks exploiting Microsoft Sway to host phishing pages that steal Microsoft 365 credentials. This surge sharply contrasts the minimal activity reported during the year's first half, showing the large scale of this campaign.
Comments