Threat Intelligence Blog

Contact our Experts Now

Subscribe to our Weekly Cyber Threat Intelligence Briefing

Black Arrow Admin 16/03/2025 Black Arrow Admin 16/03/2025

Black Arrow Cyber Threat Intelligence Briefing 14 March 2025

Black Arrow Cyber Threat Intelligence Briefing 14 March 2025:

-95% of Data Breaches Tied to Human Error in 2024

-Hackers Using Advanced Social Engineering Techniques with Phishing Attacks

-Confidence Gap in Cyber Security Leaves Businesses at Risk

-Over Half of UK Organisations Experienced a Security Breach Resulting from Third-Party Access in the Past Year

-Ransomware Gang Encrypted Network from a Webcam to Bypass Security Controls

-Microsoft Reveals Over a Million PCs Hit by Malvertising Campaign

-How Cyber Attacks Affect Your Staff

-UK Government Officials: The UK Is Unprepared and Vulnerable to Russian Cyber Attacks.

-Navigating AI-Powered Cyber Threats in 2025: 4 Expert Security Tips for Businesses

-86% of Financial Firms are Still Not Fully Compliant With DORA

-The CISO as Business Resilience Architect

-Data Breach at Japanese Telecom Giant NTT Hits 18,000 Companies

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Summary

Black Arrow Cyber’s review of threat intelligence this week highlights that human error and susceptibility to social engineering remain at the heart of cyber security failures. A new report reveals that 95% of data breaches in 2024 were due to human mistakes, with just 8% of employees responsible for 80% of incidents. Despite widespread training efforts, a confidence gap persists: 86% of employees believe they can detect phishing scams, yet many still fall victim. Meanwhile, cyber criminals are deploying more sophisticated pretexting techniques, such as fake job offers, to exploit trust before launching attacks. The financial impact of phishing-related breaches now averages $4.88 million per incident.

Third-party access and unmonitored IoT devices also present major risks, with over half of UK firms experiencing a breach due to supplier access. The Akira ransomware gang recently exploited an unsecured webcam to bypass endpoint defences, highlighting the need for a more layered approach to cyber security. Additionally, AI-driven threats are accelerating, enabling criminals to automate cyber attacks and create deepfake scams, such as one that resulted in a $25 million theft.

Looking ahead, regulatory compliance pressures are mounting, with 86% of financial firms still unprepared for the EU’s DORA framework. Meanwhile, UK government officials warn of national cyber security vulnerabilities due to outdated systems and staffing shortages. Black Arrow Cyber believes that businesses must take a proactive stance, adopting zero-trust security, strengthening third-party risk management, and ensuring human resilience against evolving cyber threats.

Governance, Risk and Compliance

Tech Complexity Puts UK Cyber Security at Risk - Infosecurity Magazine

The CISO as Business Resilience Architect

KnowBe4 Research Reveals a Confidence Gap in Cyber Security, Leaving Organisations at Risk

Why effective cyber security is a team effort | TechRadar

Why cyber security specialists should focus on minimizing damage caused by hackers rather than stopping all of their attacks | Fortune

The state of procurement: tackling inflation, supply chain disruptions, and cyber security risks | The Independent

Cyber Security Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Europe, Don't Forget the Information War - CEPA

Nation State Actors

UK AI Research Under Threat From Nation-State Hackers - Infosecurity Magazine

China

Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits

Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers - SecurityWeek

Salt Typhoon: A Wake-up Call for Critical Infrastructure

China's Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days - SecurityWeek

‘Ban These Chinese Routers NOW,’ Cries House Committee - Security Boulevard

UK AI Research Under Threat From Nation-State Hackers - Infosecurity Magazine

Beware of DeepSeek Hype: It’s a Breeding Ground for Scammers - SecurityWeek

Russia

The UK is unprepared and vulnerable to Russian cyber attacks. Here's why

The risks of standing down: Why halting US cyber ops against Russia erodes deterrence | CSO Online

The Geopolitical Fallout of a Potential US Cyber Stand-Down – The Diplomat

Europe, Don't Forget the Information War - CEPA

Ex-NSA vet slams reported halt to Russia cyber ops | Cybernews

Ukraine loses Signal support for anti-Russian cyber threat efforts, says official | SC Media

North Korea

Microsoft: North Korean hackers join Qilin ransomware gang

EU investigates OKX for its role in Lazarus' $1.5 billion Bybit hack | Cryptopolitan

North Korean hackers cash out hundreds of millions from $1.5bn ByBit hack - BBC News

North Korean hackers spread spyware through Google Play disguised as utility apps | Engineering and Technology Magazine

Spyware in bogus Android apps is attributed to North Korean group | The Record from Recorded Future News

Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa

1,600 Victims Hit by South American APT's Malware - SecurityWeek

Tools and Controls

Hackers spotted using unsecured webcam to launch cyber attack | TechRadar

95% of Data Breaches Tied to Human Error in 2024 - Infosecurity Magazine

How to safely dispose of old tech without leaving a security risk - Help Net Security

4 expert security tips for navigating AI-powered cyber threats | ZDNET

Lessons from the Field, Part III: Why Backups Alone Won’t Save You - Security Boulevard

Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025

Threat Groups Using RMM Tools for Initial-Stage in Attacks | MSSP Alert

Defending against EDR bypass attacks - Help Net Security

Security operations centres are fundamental to cyber security — here’s how to build one | CSO Online

Other News

Tech Complexity Puts UK Cyber Security at Risk - Infosecurity Magazine

How Cyber Attacks Affect Your Staff

AI, 5G, and Fiber: The Telecom Infrastructure Boom No One’s Monitoring

Every Truth (And Lie) Told in Netflix's 'Zero Day,' Ranked | HackerNoon

Slow development of Irish maritime security strategy raises concerns

Zut Alors! Surge in Cyber Attacks Targeting France in 2024

Does the NHS have a security culture problem? • The Register

Vulnerability Management

Why Now is the Time to Adopt a Threat-Led Approach to Vulnerability Management

CISOs Connect Research Report on Cyber Security Debt Exposes Widespread Vulnerabilities

Balancing Cyber Security Accountability & Deregulation

Vulnerabilities

Thousands of Orgs Risk Zero-Day VM Escape Attacks

Microsoft Flags Six Active Zero-Days, Patches 57 Flaws: Patch Tuesday - SecurityWeek

Patch Tuesday: Critical Code Execution Bugs in Adobe Acrobat and Reader - SecurityWeek

Fortinet Patches 18 Vulnerabilities - SecurityWeek

Newly Patched Windows Zero-Day Exploited for Two Years - SecurityWeek

Google researchers uncover critical security flaw in all AMD Zen processors | TechSpot

Mass Exploitation of Critical PHP Vulnerability Begins - SecurityWeek

Top Bluetooth chip security flaw could put a billion devices at risk worldwide | TechRadar

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver - SecurityWeek

CISA tags critical Ivanti EPM flaws as actively exploited in attacks

Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw - SecurityWeek

Critical PHP RCE vulnerability mass exploited in new attacks

Apple fixed the third actively exploited zero-day of 2025

Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits

Zoom Patches 4 High-Severity Vulnerabilities - SecurityWeek

PoC Exploit Released for Actively Exploited Linux Kernel Write Vulnerability

New SuperBlack ransomware exploits Fortinet auth bypass flaws

Cisco Patches 10 Vulnerabilities in IOS XR - SecurityWeek

Mozilla warns users to update Firefox before certificate expires

GitLab patches critical authentication bypass vulnerabilities

FreeType Zero-Day Being Exploited in the Wild - SecurityWeek

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Black Arrow Admin 12/03/2025 Black Arrow Admin 12/03/2025

Black Arrow Cyber Advisory 12 March 2025 – Security Updates from Microsoft, Fortinet, Apple, Adobe, Zoom and SAP

Executive Summary

Microsoft’s Patch Tuesday for March 2025 delivered 57 security updates across its product line, including 6 actively exploited zero-day vulnerabilities. This month, several other major software and hardware vendors also released critical security updates to address vulnerabilities that could be exploited by attackers.

Fortinet issued 17 security advisories with updates addressing various high, medium, and low severity vulnerabilities across multiple product ranges, including FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiAnalyzer, FortiManager, FortiAnalyzer-BigData, FortiSandbox, FortiNDR, FortiWeb, FortiSIEM, and FortiADC.

Apple released updates to address zero-day security issues across its iPhone, iPad, macOS, and visionOS product ranges, specifically targeting vulnerabilities in WebKit, the browser engine used within Safari and other Apple products.

Adobe provided updates addressing 35 vulnerabilities, including critical issues in various product lines such as Acrobat and Reader, InDesign, and Substance 3D Sampler.

Zoom patched five vulnerabilities in its applications, including four rated ‘high severity’, affecting Zoom Workplace, Rooms Controller, Rooms Client, and Meeting SDK products.

SAP also released 21 new security notes, covering high, medium, and low severity vulnerabilities addressed by security patches.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to compromise the confidentiality, integrity and availability of the affected applications and the organisations data on the affected systems.

What can I do?

Black Arrow recommends applying the available security updates for all supported versions of products that have been impacted by the various vulnerabilities. The updates should be applied as soon as possible for actively exploited vulnerabilities and all other vulnerabilities that have a critical or high severity ratings.

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Mar

Apple, Adobe, Fortinet, Zoom, SAP

Further details of the vulnerabilities in affected Apple, Adobe, Fortinet and SAP:

https://helpx.adobe.com/security/security-bulletin.html

https://support.apple.com/en-us/100100

https://fortiguard.fortinet.com/psirt

https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2025.html

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 09/03/2025 Black Arrow Admin 09/03/2025

Black Arrow Cyber Threat Intelligence Briefing 07 March 2025

Black Arrow Cyber Threat Intelligence Briefing 07 March 2025:

-Cyber Security's Future Is All About Governance, Not More Tools

-'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

-Why Cyber Drills are as Vital as Fire Drills

-Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%

-Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview

-Old Unpatched Vulnerabilities Among the Most Widely Exploited

-Chinese State Back Threat Actor ‘Silk Typhoon’ Shifted to Specifically Targeting Outsourced IT Providers

-Social Engineering and Stolen Credential Threats Continue to Dominate Cyber Attacks

-Security CEOs Warn Your Voicemail Greeting is the Latest Target for Cyber Criminals

-Would-be Extortionists Send “BianLian” Ransom Notes in the Mail

-Cyber Threat Highest It’s Ever Been, Ex-Five Eyes Leader Warns

-Trump Administration Retreats in Fight Against Russian Cyber Threats

Executive Summary

Our review this week includes the evolving shift in cyber security, where governance and proactive risk management is becoming more critical than tool proliferation as exemplified by the inclusion of the ‘Govern’ function in the NIST Cyber Security Framework. Businesses still face a cocktail of cyber risks as geopolitical tensions, misinformation, and AI-driven threats continue to evolve. Despite increased awareness, cyber risk integration remains insufficient at the executive level, leaving many organisations, particularly smaller businesses, exposed.

Vulnerability management remains a pressing concern. 40% of vulnerabilities leveraged in 2024 date back to 2020 or earlier, while ransomware and botnet expansion thrive on unpatched systems. Meanwhile, the financial sector continues to be a target for cyber attacks, with European regulators responding through stricter risk management frameworks like DORA. The rise of state-sponsored actors such as China-backed Silk Typhoon, which targets IT service providers, further underscores the importance of securing supply chains and third-party dependencies.

Our review this week also highlights the importance of rehearsing how to respond to a cyber incident, as well as the changing tactics of attackers such as the use of AI voice cloning from voicemail recordings to impersonate individuals, and false extortion demands. These, and other observations from our threat intelligence briefings, highlight the need for comprehensive security awareness. With cyber threats at an all-time high, organisations must adopt a strategic, governance-led approach to resilience, ensuring robust defences against both sophisticated adversaries and opportunistic cyber criminals.

Governance, Risk and Compliance

Cybersecurity’s Future Is All About Governance, Not More Tools

Why Employee Training Is A Critical Component Of Effective Business Cybersecurity - Minutehack

Why Cyber Drills Are As Vital As Fire Drills

'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

SolarWinds CISO says security execs are ‘nervous’ about individual liability for data breaches | CyberScoop

Top security CEOs warn your voicemail greeting is the latest target for cyber criminals | Cybernews

Third-Party Attacks Drive Major Financial Losses in 2024 - Infosecurity Magazine

Third-Party Risk Top Cybersecurity Claims

Cyber risks see SME focus but big risks remain

Board Oversight of Cyber Security Incidents

How to create an effective incident response plan | CSO Online

CFOs’ Risk Outlook—The Economy, Cyber and Talent Are Top Concerns

What CISOs need from the board: Mutual respect on expectations | CSO Online

The evolving landscape of regulatory compliance in cybersecurity - Digital Journal

WTF? Why the cyber security sector is overrun with acronyms | CSO Online

The 5 stages of incident response grief - Help Net Security

A Shield of Defensibility Protecting CISOs and Their Companies

CISO Liability Risks Spur Policy Changes at 93% of Organisations - Infosecurity Magazine

Are cybersecurity chiefs focusing too much on legal liability—and not enough on fixing vulnerabilities? | Fortune

CISO vs. CIO: Where security and IT leadership clash (and how to fix it) - Help Net Security

Cyber Threats Are Evolving Faster Than Defences

Cyber threat highest it’s ever been, ex-Five Eyes leader warns - NZ Herald

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Evolution: From Encryption to Extortion

Mad, Bad, And Dangerous To Know: Cyber Criminals Are More Sophisticated Than Ever

Cyber criminals picked up the pace on attacks last year | CyberScoop

Ransomware 2025: Lessons from the Past Year and What Lies Ahead

Report: CISA Vulnerabilities Catalog Monitored By Ransomware Gangs | MSSP Alert

Ransomware activity surged last year, report finds | SC Media

Ransomware Attacks Appear to Keep Surging - InfoRiskToday

Inside the Minds of Cyber Criminals: A Deep Dive into Black Basta’s Leaked Chats  - Security Boulevard

Your New Car Could Be the Next Ransomware Target

Ransomware scum abusing Microsoft Windows-signed driver • The Register

VulnCheck Exposes CVEs From Black Bastas' Chats

Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

Would-be Extortionists Send “BianLian” Ransom Notes in the Mail - Infosecurity Magazine

Cactus Ransomware: What You Need To Know | Tripwire

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Emulating the Relentless RansomHub Ransomware - Security Boulevard

Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom

Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks

Ransomware: from REvil to Black Basta, what do we know about Tramp? | Computer Weekly

Schools Vs Ransomware: Lessons Learned From A Cyber Attack - TeachingTimes

Ransomware Victims

Hunters International ransomware claims attack on Tata Technologies

Qilin claims attacks on cancer, women's clinics • The Register

Ransomware crew threatens to leak 'stolen' Tata Tech data • The Register

‘My company thrived for 150 years — then Russian hackers brought it down in three months’

Ransomware Group Takes Credit for Lee Enterprises Attack - SecurityWeek

Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine

Phishing & Email Based Attacks

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

Phishing Campaign Uses Havoc Framework to Control Infected Systems - Infosecurity Magazine

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar

5,000 CAPTCHA Tests Used As Infostealer Gateways—Do Not Complete Them

Massive Phishing Campaign Spreads Lumma Stealer Via Bogus CAPTCHA PDFs | MSSP Alert

How a Manual Remediation for a Phishing URL Took Down Cloudflare R2 - InfoQ

Business Email Compromise (BEC)/Email Account Compromise (EAC)

From Event to Insight Unpacking a B2B Business Email Compromise BEC Scenario | Trend Micro (US)

Other Social Engineering

2025 CrowdStrike Global Threat Report: 442% Surge in Social Engineering and Credential Theft

How QR code attacks work and how to protect yourself - Help Net Security

Vishing attacks surged 442% last year - how to protect yourself | ZDNET

The Hidden Risks Of Job Hunting: Recruitment Fraud And Cybersecurity

What is vishing? Voice phishing is surging - expert tips on how to spot it and stop it | ZDNET

North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds

Digital nomads and risk associated with the threat of infiltred employees

YouTube warns of AI-generated video of its CEO used in phishing attacks

Scammers take over social media - Help Net Security

Fake police call cryptocurrency investors to steal their funds

Artificial Intelligence

Top security CEOs warn your voicemail greeting is the latest target for cyber criminals | Cybernews

89% of enterprise AI usage is invisible to the organisation - Help Net Security

Deepfake cyber attacks proliferated in 2024, iProov claims • The Register

Nearly 12,000 API keys and passwords found in AI training dataset

The Urgent Need to Address Cyber Security in the GenAI Market

Web DDoS attacks see major surge as AI allows more powerful attacks | TechRadar

How New AI Agents Will Transform Credential Stuffing Attacks

YouTube warns of AI-generated video of its CEO used in phishing attacks

New Report Finds that 78% of Chief Information Security Officers Globally are Seeing a Significant Impact from AI-Powered Cyber Threats - up 5% from last year

Private 5G Networks Face Security Risks Amid AI Adoption - Infosecurity Magazine

Anorexia coaches, self-harm buddies and sexualized minors: How online communities are using AI chatbots for harmful behavior | CyberScoop

Police arrests suspects tied to AI-generated CSAM distribution ring

Innovation vs. security: Managing shadow AI risks - Help Net Security

Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows | Kaspersky official blog

Malware

Microsoft says malvertising campaign impacted 1 million PCs

Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains

Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar

Hackers Weaponizing PowerShell & Microsoft Legitimate Apps To Deploy Malware

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Devs beware: fake Golang packages target Mac users | Cybernews

Polyglot files used to spread new backdoor | CSO Online

1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers | WIRED

5,000 CAPTCHA Tests Used As Infostealer Gateways—Do Not Complete Them

Typosquatted Go Packages Distribute Malware Loader Targeting Linux And MacOS

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

Badbox Android botnet disrupted through coordinated threat hunting | CSO Online

Massive Phishing Campaign Spreads Lumma Stealer Via Bogus CAPTCHA PDFs | MSSP Alert

26 Million Devices Hit By Infostealers—Bank Cards Leaked To Dark Web

1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers | WIRED

Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

Attackers distributing Trojans disguised as DeepSeek or Grok clients for Windows | Kaspersky official blog

Russian-Speaking Hackers Goad Users Into Installing Havoc

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

Bots/Botnets

Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet | TechRadar

Widespread network edge device targeting conducted by PolarEdge botnet | SC Media

Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices - SecurityWeek

Badbox Android botnet disrupted through coordinated threat hunting | CSO Online

Mobile

Over 500K Android, iOS, iPadOS, Devices Impacted By Spyzie Stalkerware | MSSP Alert

Governments can't seem to stop asking for secret backdoors • The Register

New Android RAT Dubbed “AndroRAT” Attacking to Steal Pattern, PIN & Passcodes

Do you really need to worry about spyware on your phone?

Google’s 'consent-less' Android tracking probed by academics • The Register

Google confirms mass app deletion on Play Store after ad fraud | Android Central

Denial of Service/DoS/DDoS

Massive botnet that appeared overnight is delivering record-size DDoSes - Ars Technica

Web DDoS attacks see major surge as AI allows more powerful attacks | TechRadar

New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices - SecurityWeek

Internet of Things – IoT

Top risks produced by old wireless routers and smart home devices

8 ways to secure your smart home from hackers

Your New Car Could Be the Next Ransomware Target

BadBox Botnet Powered by 1 Million Android Devices Disrupted - SecurityWeek

How Can Your Smart Washer Pose A Threat To Your Privacy?

Badbox Android botnet disrupted through coordinated threat hunting | CSO Online

Goodbye Kia - this is the serious vulnerability that affects all vehicles registered after this date

Data Breaches/Leaks

Inside a cyber attack: How hackers steal data

Lost luggage data leak exposes nearly a million records | Cybernews

75% of US government websites experienced data breaches | Cybernews

Angel One Breach Compromises Client Data | MSSP Alert

Organised Crime & Criminal Actors

Mad, Bad, And Dangerous To Know: Cyber Criminals Are More Sophisticated Than Ever

Cyber criminals picked up the pace on attacks last year | CyberScoop

Cyber threat highest it’s ever been, ex-Five Eyes leader warns - NZ Herald

Online crime-as-a-service skyrockets with 24,000 users selling attack tools - Help Net Security

US Soldier Intends to Admit Hacking 15 Telecom Carriers

Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement | CyberScoop

Nigerian Accused of Hacking Tax Preparation Firms Extradited to US - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

How North Korea stole $1.5bn from Bybit – the biggest ever crypto theft - AML Intelligence

International cops seize Russian crypto exchange Garantex • The Register

Bybit hackers resume laundering activities, moving another 62,200 ETH

US recovers $31 million stolen in 2021 Uranium Finance hack

$51,300,000,000: Crypto Scams 2025 Report by Chainalysis is Out

Lazarus Group at it again - New victim suspected in $3.1M Tron hack | Cryptopolitan

North Korea’s $1.5 billion heist puts the crypto world on notice - The Japan Times

Shape-shifting Chrome extensions target wallets | Cybernews

Fake police call cryptocurrency investors to steal their funds

Insider Risk and Insider Threats

Digital nomads and risk associated with the threat of infiltred employees

Insurance

Third-Party Risk Top Cyber Security Claims

Supply Chain and Third Parties

Third-Party Attacks Drive Major Financial Losses in 2024 - Infosecurity Magazine

Third-Party Risk Top Cyber Security Claims

China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access

Why Vendor Risk Management Can't Be a One-Time Task | UpGuard

Ransomware crew threatens to leak 'stolen' Tata Tech data • The Register

Cloud/SaaS

How to plan your cloud migration with security in mind | SC Media

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

New Microsoft 365 outage impacts Teams, causes call failures

Microsoft Teams and other Windows tools hijacked to hack corporate networks | TechRadar

Attackers Leverage Microsoft Teams and Quick Assist for Access - Infosecurity Magazine

Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld

Outages

New Microsoft 365 outage impacts Teams, causes call failures

Barclays: bank to pay £12.5m compensation for online outage

Microsoft Blames Widespread Outage On “Problematic Code Change”

How a Manual Remediation for a Phishing URL Took Down Cloudflare R2 - InfoQ

Identity and Access Management

Misconfigured access management systems expose global enterprises to security risks | CSO Online

Identity: The New Cyber Security Battleground

Prioritising data and identity security in 2025 - Help Net Security

Encryption

The UK will neither confirm nor deny that it’s killing encryption | The Verge

Encryption Wars: Governments Want a Backdoor, but Hackers Are Watching | HackerNoon

"We will not walk back" – Signal would rather leave the UK and Sweden than remove encryption protections | TechRadar

France pushes for law enforcement access to Signal, WhatsApp and encrypted email | Computer Weekly

Governments can't seem to stop asking for secret backdoors • The Register

Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld

Why a push for encryption backdoors is a global security risk - Help Net Security

UK cyber security damaged by “clumsy Home Office political censorship” | Computer Weekly

Linux and Open Source

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Typosquatted Go Packages Distribute Malware Loader Targeting Linux And MacOS

Open Source Security Risks Continue To Rise

Passwords, Credential Stuffing & Brute Force Attacks

2025 CrowdStrike Global Threat Report: 442% Surge in Social Engineering and Credential Theft

How New AI Agents Will Transform Credential Stuffing Attacks

‘My company thrived for 150 years — then Russian hackers brought it down in three months’

Social Media

UK probes TikTok, Reddit over child data privacy concerns • The Register

Watch out - that LinkedIn email could be a fake, laden with malware | TechRadar

YouTube warns of AI-generated video of its CEO used in phishing attacks

Scammers take over social media - Help Net Security

USCIS mulls policing social media of all would-be citizens • The Register

Malvertising

Microsoft says malvertising campaign impacted 1 million PCs

Training, Education and Awareness

Why Employee Training Is A Critical Component Of Effective Business Cyber Security - Minutehack

Regulations, Fines and Legislation

Former intelligence officials denounce job cuts to federal cyber roles - Nextgov/FCW

Cyber resilience under DORA – are you prepared for the challenge? | TechRadar

The Crime and Policing Bill Explained

Governments can't seem to stop asking for secret backdoors • The Register

Apple begins legal battle to resist 'egregious' iCloud backdoor demand | Macworld

Why a push for encryption backdoors is a global security risk - Help Net Security

What is the Digital Operational Resilience Act (DORA)? | Definition from TechTarget

The evolving landscape of regulatory compliance in cyber security - Digital Journal

Is Trump risking US national security to woo Putin? US no longer sees Russia as major cyber threat, tweaks foreign policy- The Week

CISA: No Change on Defending Against Russian Cyber Threats - SecurityWeek

UK security in shock as America signals end to cyber operations against Russia

The Wiretap: How Trump, Hegseth And DOGE Are Undermining Ukrainian Security

DoD, CISA Deny Reports of Pausing Cyber Operations Against Russia | MSSP Alert

Gadgets Used By American Presidents (And Why They Were A Security Nightmare)

National Security Threatened By Cyber Security Job Cuts, Experts Say | MSSP Alert

CISA Cuts: A Dangerous Gamble in a Dangerous World

Building cyber resilience in banking: Expert insights on strategy, risk, and regulation - Help Net Security

Trump's Staffing Overhauls Hit Nation's Cyber Defense Agency

Strengthening Telecommunications Security: A Call to Action for Cyber Resilience

Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates - Security Boulevard

Google asks US government to drop breakup plan over national security fears | TechRadar

Models, Frameworks and Standards

Cyber resilience under DORA – are you prepared for the challenge? | TechRadar

What is the Digital Operational Resilience Act (DORA)? | Definition from TechTarget

Financial Organisations Urge CISA to Revise Proposed CIRCIA Implementation - SecurityWeek

Navigating NIS 2 compliance [Q&A]

Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates - Security Boulevard

Careers, Working in Cyber and Information Security

New 2025 SANS Threat Hunting Survey Reveals 61% of Organisations Struggle with Staffing Shortages

The days of easy hiring in cyber security coming to an end • The Register

Stress and Burnout Impacting Vast Majority of IT Pros - Infosecurity Magazine

Cyber Security Job Satisfaction Plummets, Women Hit Hardest - Infosecurity Magazine

Why Cyber Security Jobs Are Hard to Find in a Worker Shortage

Will AI Start Taking Cyber Security Professionals' Jobs?

Law Enforcement Action and Take Downs

International cops seize Russian crypto exchange Garantex • The Register

US seizes domain of Garantex crypto exchange used by ransomware gangs

US Soldier Intends to Admit Hacking 15 Telecom Carriers

Police arrests suspects tied to AI-generated CSAM distribution ring

Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement | CyberScoop

Nigerian Accused of Hacking Tax Preparation Firms Extradited to US - SecurityWeek

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

Will Chinese cyberespionage be more aggressive in 2025? CrowdStrike thinks so | TechRadar

Silk Typhoon shifted to specifically targeting IT management companies | CyberScoop

In case we forgot, Typhoon attacks remind us of China’s cyber capability—and intent | The Strategist

Chinese cyber espionage growing across all industry sectors | CSO Online

Defence, not more assertive cyber activity, is the right response to Salt Typhoon | The Strategist

US Charges Members of Chinese Hacker-for-Hire Group i-Soon - Infosecurity Magazine

Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

Russia

The Trump Administration Is Deprioritizing Russia as a Cyber Threat | WIRED

As Trump warms to Putin, U.S. halts offensive cyber operations against Moscow - The Washington Post

Finland's secret service says frequency of cable incidents is 'exceptional' | Reuters

France has ‘trouble understanding’ US halt on cyber operations against Russia – POLITICO

Is Trump risking US national security to woo Putin? US no longer sees Russia as major cyber threat, tweaks foreign policy- The Week

CISA: No Change on Defending Against Russian Cyber Threats - SecurityWeek

US Cyber Command Russia stand-down: Strategic diplomacy or security gamble? | SC Media

DHS says CISA won’t stop looking at Russian cyber threats | CyberScoop

UK security in shock as America signals end to cyber operations against Russia

National Security Threatened By Cyber Security Job Cuts, Experts Say | MSSP Alert

CISA Cuts: A Dangerous Gamble in a Dangerous World

Russian telecom Beeline facing outages after cyber attack | The Record from Recorded Future News

Russian-Speaking Hackers Goad Users Into Installing Havoc

International cops seize Russian crypto exchange Garantex • The Register

‘My company thrived for 150 years — then Russian hackers brought it down in three months’

Ukraine's intel service honors civilian hackers for the first time with military award | The Record from Recorded Future News

Qilin Ransomware gang claims the hack of the Ministry of Foreign Affairs of Ukraine

Iran

Large cyber attack emanated from Iran days after Trump sanctions - watchdogs | Iran International

Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector

Crafty Camel APT Targets Aviation, OT With Polygot Files

North Korea

How North Korea stole $1.5bn from Bybit – the biggest ever crypto theft - AML Intelligence

Bybit hackers resume laundering activities, moving another 62,200 ETH

North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds

Digital nomads and risk associated with the threat of infiltred employees

Lazarus Group at it again - New victim suspected in $3.1M Tron hack | Cryptopolitan

The rise of Lazarus Group from Sony hacks to billion dollar crypto heists

Tools and Controls

Why Employee Training Is A Critical Component Of Effective Business Cyber Security - Minutehack

Why Cyber Drills Are As Vital As Fire Drills

Board Oversight of Cyber Security Incidents

How to create an effective incident response plan | CSO Online

How to plan your cloud migration with security in mind | SC Media

RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable

British Tech Industry Backs UK Proposal on Software Security

Misconfigured access management systems expose global enterprises to security risks | CSO Online

'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

Why Vendor Risk Management Can't Be a One-Time Task | UpGuard

EDR And Vendor Consolidation Are A Losing Approach To Cyber Security

Prioritising data and identity security in 2025 - Help Net Security

Will AI Start Taking Cyber Security Professionals' Jobs?

Other News

Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview | HaystackID - JDSupra

Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35% - Infosecurity Magazine

Cyber risks see SME focus but big risks remain

Attackers could hack smart solar systems and cause serious damages

This Browser-Based Attack Can Dodge Security Protections to Take Over Your Account

What is cyber stalking and how to prevent it? | Definition from TechTarget

The More You Care, The More You Share: Information Sharing And Cyber Awareness

What is a Watering Hole Attack? | Definition from TechTarget

WTF? Why the cyber security sector is overrun with acronyms | CSO Online

If you want security, start with secure products – Computerworld

ICS/OT Security Budgets Increasing, but Critical Areas Underfunded: Report - SecurityWeek

Over Half of Organisations Report Serious OT Security Incidents - Infosecurity Magazine

Building cyber resilience in banking: Expert insights on strategy, risk, and regulation - Help Net Security

Finland's secret service says frequency of cable incidents is 'exceptional' | Reuters

Polish Space Agency offline as it recovers from cyber attack

Hackers breach military walls as funding falls short | Cybernews

Why Decommissioned Nuclear Sites Must Stay on the Security Agenda | SC Media UK

15 Percent of Healthcare PCs Fail Security Test, Increasing Risk of Ransomware, Breaches, and Compliance Violations | Business Wire

3 Cyber Security Steps Every Local Government Should Take

First EU “cyber” Council focusses on crisis management and critical infrastructure security – ministry - Delfi EN

Google asks US government to drop breakup plan over national security fears | TechRadar

Vulnerability Management

CISA's KEV list informs ransomware attacks, paper suggests • The Register

Old Vulnerabilities Among the Most Widely Exploited - Infosecurity Magazine

Report: CISA Vulnerabilities Catalog Monitored By Ransomware Gangs | MSSP Alert

VulnCheck Exposes CVEs From Black Bastas' Chats

Vulnerabilities

CISA tags Windows, Cisco vulnerabilities as actively exploited

Android security update contains 2 actively exploited vulnerabilities | CyberScoop

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks - SecurityWeek

Cisco warns some Webex users of worrying security flaw, so patch now | TechRadar

Hackers can turn any Bluetooth device into an AirTag and track its location | Cybernews

Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities - SecurityWeek

Cisco warns of Webex for BroadWorks flaw exposing credentials

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors

Vulnerabilities Patched in Qualcomm, Mediatek Chipsets - SecurityWeek

Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 02/03/2025 Black Arrow Admin 02/03/2025

Black Arrow Cyber Threat Intelligence Briefing 28 February 2025

Black Arrow Cyber Threat Intelligence Briefing 28 February 2025:

-Cyber Security's Biggest Blind Spot - Third-Party Risk

-Cyber Criminals Can Now Clone Any Legitimate Website, and It’s Pretty Terrifying

-Over 25 New Malware Variants Created Every Single Hour

-Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour

-Only a Fifth of Ransomware Attacks Now Encrypt Data

-Biggest Crypto Heist in History, Worth $1.5Bn, Linked to North Korea Hackers

-89% of Enterprise GenAI Usage is Invisible to Organisations, Exposing Critical Security Risks

-Combating Deepfakes in Financial Services: A Call to Action

-Threat Actors Are Increasingly Trying to Grind Business to a Halt

-With AI and Automation, Hackers are Stealing Data at Unprecedented Speeds

-Mobile Phishing Attacks on the Rise

-With Millions Upon Millions of Victims, Scale of Info-Stealer Malware Laid Bare

Executive Summary

The last week has identified several critical cyber security threats that demand immediate attention from business leaders. Third-party risk has become a major concern, with supply chain vulnerabilities now driving 31% of cyber insurance claims. Attackers are also leveraging new techniques, such as MFA fatigue and AI-powered phishing, to bypass traditional defences. The emergence of sophisticated phishing toolkits and deepfake fraud highlights the growing challenge of verifying digital identities, while mobile phishing (mishing) is increasingly targeting employees through personal devices.

The accelerating pace of cyber threats is evident, with 25 new malware variants created every hour and cyber criminals leveraging AI and automation to exfiltrate data at unprecedented speeds, sometimes within minutes. Meanwhile, ransomware actors are shifting strategies, focusing 80% of attacks on data theft rather than encryption, making traditional defences less effective. The surge in generative AI usage within enterprises, often without IT oversight, introduces further risks, including data leakage and code exposure.

Black Arrow Cyber believes that businesses must adopt a proactive, layered security approach. This includes real-time threat detection, robust vendor risk management, AI-driven fraud prevention, and enhanced employee training. With cyber extortion demands rising sharply and operational disruptions increasing, organisations that fail to adapt will face significant financial, operational, and reputational consequences.

Governance, Risk and Compliance

Speed of cyber-attacks increased in 2024 with lateral movement achieved in just 27 minutes: ReliaQuest Annual Threat Report | Business Wire

Threat actors are increasingly trying to grind business to a halt | CyberScoop

A pivotal year for geopolitical cyber attacks – how should businesses manage the risks? | Insurance Business America

Geopolitical Tension Fuels APT and Hacktivism Surge - Infosecurity Magazine

The Time to Speak to Employees About Insider Risk Is Now

Cyber attacks Become Increasingly Efficient | MSSP Alert

The CISO's dilemma of protecting the enterprise while driving innovation - Help Net Security

Insurers still concerned over cyber risk unknowns

2025 CrowdStrike Global Threat Report: Cyber Criminals Are Shifting Tactics – Are You Ready? - Security Boulevard

Data: Cyber threats skyrocket as attackers think like businesses | Capacity Media

The Future of Auditing: What to Look for in 2025 - Security Boulevard

Failure, Rinse, Repeat: Why do Both History and Security Seem Doomed to Repeat Themselves? - SecurityWeek

Cyber security professionals face expanding responsibilities, with 61% covering multiple domains

Threats

Ransomware, Extortion and Destructive Attacks

Only a Fifth of Ransomware Attacks Now Encrypt Data - Infosecurity Magazine

AI is helping hackers get access to systems quicker than ever before | TechRadar

FBI Has Warned About 'Ghost' Cyber Attacks. What You Need to Know. - Business Insider

Warning issued over prolific 'Ghost' ransomware group | ITPro

Arctic Wolf Threat Report: 96 Percent of Ransomware Cases Included Data Theft as Cyber Criminals Double Down on Extortion

New Anubis Ransomware Could Pose Major Threat to Organisations - SecurityWeek

EncryptHub breaches 618 orgs to deploy infostealers, ransomware

With AI and automation, hackers are stealing data at unprecedented speeds | Cybernews

23 Vulnerabilities in Black Basta's Chat Logs Exploited in Wild

CL0P Ransomware Attacking Telecommunications & Healthcare Sectors In Large Scale

Threat actors are increasingly trying to grind business to a halt | CyberScoop

Massive leak exposes the inner workings of top ransomware syndicate Black Basta | TechSpot

Black Basta ransomware leak sheds light on targets, tactics | TechTarget

NCC Group tracks alarming ransomware surge in January | TechTarget

A landscape forever altered? The LockBit takedown one year on | Computer Weekly

Should ransomware payments be illegal? | TechRadar

Black Basta Goes Dark Amid Infighting, Chat Leaks Show

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail | Malwarebytes

Targeted by Ransomware, Middle East Banks Shore Up Security

Dragos: Ransomware attacks against industrial orgs up 87% | TechTarget

Ransomware Victims

Ransomware attack on Southern Water cost £4.5 million – DataBreaches.Net

Hackers claim responsibility for NHS provider attack - BBC News

DISA took a year to disclose a breach affecting 3.3M+ people • The Register

DragonForce Ransomware Group is Targeting Saudi Arabia

British celebs warned their private details could be leaked online after cyber criminals hacked agency | Daily Mail Online

'Paddington' victim of Russian cyber attack

Ransomware Gang Publishes Stolen Genea IVF Patient Data - Infosecurity Magazine

LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat

Home Depot Refutes Clop Ransomware Attack Claims | MSSP Alert

‘Cyber incident’ shuts down Cleveland Municipal Court for third straight day | The Record from Recorded Future News

Phishing & Email Based Attacks

Cyber criminals can now clone any legitimate website, and it's pretty terrifying

Cyber Crooks Exploit URL Manipulation In Sophisticated Phishing Scam

Forget phishing, now "mishing" is the new security threat to worry about | TechRadar

Cyber Criminals Can Now Clone Any Brand's Site in Minutes Using Darcula PhaaS v3

Job Application Spear Phishing - Security Boulevard

Deceptive Signatures: Advanced Techniques in BEC Attacks

Beware: PayPal "New Address" feature abused to send phishing emails

FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services

Be careful! That legit PayPal email might be a phishing scam | PCWorld

How I Keep Myself Safe From Phishing When I Work From Home

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Deceptive Signatures: Advanced Techniques in BEC Attacks

Other Social Engineering

Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour - IT Security Guru

CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks

One wrong SMS can wipe your savings, thanks to this Android Trojan | Cybernews

Pump.fun X account hacked to promote scam governance token

DeepSeek-Spoofing Leveraged For Crypto Exfiltration | MSSP Alert

Artificial Intelligence

Deep trouble: Deepfakes and their implications for cyber security - Verdict

4 Low-Cost Ways to Defend Your Organisation From Deepfakes

Combating Deepfakes in Financial Services: A Call to Action: By Adam Preis

AI is helping hackers get access to systems quicker than ever before | TechRadar

With AI and automation, hackers are stealing data at unprecedented speeds | Cybernews

CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks

The truth about GenAI security: your business can't afford to “wait and see” | TechRadar

The First International AI Safety Report: A Call To Action

89% of Enterprise GenAI Usage Is Invisible to Organisations Exposing Critical Security Risks, New Report Reveals

Quarter of Brits Report Deepfake Phone Scams - Infosecurity Magazine

Microsoft names cyber criminals behind AI deepfake network

AI-Powered Deception is a Menace to Our Societies

Why AI deployment requires a new level of governance - Help Net Security

AI Is Everywhere Since October 7, From the Battlefield to the Cyber Arena - The Media Line

DeepSeek-Spoofing Leveraged For Crypto Exfiltration | MSSP Alert

OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns

Nearly a third of UK public sector IT professionals anxious about AI security risks

2FA/MFA

Understanding MFA Fatigue: Why Cyber Criminals Are Exploiting Human Behaviour - IT Security Guru

Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine

Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to know | ITPro

Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News

Why Gmail is replacing SMS codes with QR codes - and what it means for you | ZDNET

Malware

Scale of unstoppable info-stealer malware laid bare • The Register

Cyber criminals prefer remote tools over malware, says CrowdStrike | SC Media

Why ‘malware as a service’ is becoming a serious problem | ITPro

Over 25 new malware variants created every single hour as smart device cyber attacks more than double in 2024 | TechRadar

Have I Been Pwned adds 284M accounts stolen by infostealer malware

Is your email or password among the 240+ million compromised by infostealers? - Help Net Security

3.9 Billion Passwords Stolen—Infostealer Malware Blamed

EncryptHub breaches 618 orgs to deploy infostealers, ransomware

AI malware pioneers | Cybernews

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

5 Active Malware Campaigns in Q1 2025

2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT

GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets

New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems

Hundreds of GitHub repos served up malware for years - Help Net Security

Mac malware masks as job interview to steal crypto | Cybernews

‘Auto-Color’ Linux Malware Uses Advanced Stealth Tactics To Evade Detection

Two new pieces of Mac malware in the wild – one being fixed this week

FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services

Vo1d malware botnet grows to 1.6 million Android TVs worldwide

Chinese-Backed Silver Fox Plants Backdoors in Healthcare Networks - Infosecurity Magazine

New malware disrupts critical industrial processes • The Register

Bots/Botnets

Massive botnet hits Microsoft 365 accounts - Help Net Security

Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine

Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to know | ITPro

Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News

Vo1d malware botnet grows to 1.6 million Android TVs worldwide

Mobile

Mobile phishing attacks on the rise | SC Media

Forget phishing, now "mishing" is the new security threat to worry about | TechRadar

SpyLend Android malware downloaded 100,000 times from Google Play

Apple currently only able to detect Pegasus spyware in half of infected iPhones

Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors

Flaw found in stalkerware apps, exposing millions of people. Here's how to find out if your phone is being spied upon

One wrong SMS can wipe your savings, thanks to this Android Trojan | Cybernews

Unmanaged Devices: The Overlooked Threat CISOs Must Confront

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail | Malwarebytes

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades

Security flaw in popular stalkerware apps is exposing phone data of millions | TechRadar

Why this Android image-scanning feature is controversial - and how to get rid of it | ZDNET

A Major Security Flaw Has Been Discovered in Samsung's Secure Folder Feature | Extremetech

Denial of Service/DoS/DDoS

How DDoS Attacks Work and How You Can Protect Your Business From Them - Security Boulevard

Web DDoS attacks up over 500 percent

Radware’s Cyber Threat Report: Web DDoS Attacks Surge 550%

Internet of Things – IoT

Cyber Attacks On EV Chargers Pose A Growing Threat | The Truth About Cars

Vo1d malware botnet grows to 1.6 million Android TVs worldwide

Hackers Can Crack Into Car Cameras in Minutes Flat

Data Breaches/Leaks

Orange Group confirms breach after hacker leaks company documents

Cyber Security's Biggest Blind Spot: Third-Party Risk, New Resilience Analysis Finds

Third parties now dominant cyber-attack point

Background check, drug testing provider DISA suffers data breach - Help Net Security

Hacker Behind Over 90 Data Leaks Arrested in Thailand - SecurityWeek

DISA took a year to disclose a breach affecting 3.3M+ people • The Register

Top digital loan firm security slip-up puts data of 36 million users at risk | TechRadar

Organised Crime & Criminal Actors

B1ack’s Stash released 1 Million credit cards - Security Affairs

Thailand Targets Cyber Sweatshops to Free 1000s of Captives

Microsoft names cyber criminals behind AI deepfake network

INSIGHT: Fraud-as-a-Service: Creating a new breed of fraudsters - AML Intelligence

10 cyber security insights from ex hacker and FBI agent who arrested him

2025 CrowdStrike Global Threat Report: Cyber Criminals Are Shifting Tactics – Are You Ready? - Security Boulevard

Data: Cyber threats skyrocket as attackers think like businesses | Capacity Media

'Silver Fox' APT Skirts Windows Blocklist in BYOVD Attack

26 New Threat Groups Spotted in 2024: CrowdStrike - SecurityWeek

Army soldier linked to Snowflake attack spree allegedly tried to sell data to foreign spies | CyberScoop

Hacker Behind Over 90 Data Leaks Arrested in Thailand - SecurityWeek

Leader of cyber blackmail gang faces jail – Court News UK

The evolution of Russian cyber crime | Intel 471

Beware of Fake Cyber Security Audits: Cyber Criminals Use Scams to Breach Corporate Systems | Tripwire

How Anonymous Actually Works, According to a Founding Member - Business Insider

Criminal hacker known as ALTDOS, DESORDEN, GHOSTR and 0mid16B arrested – DataBreaches.Net

US Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Biggest crypto heist in history, worth $1.5bn, linked to North Korea hackers | Science, Climate & Tech News | Sky News

Lazarus Group moves funds to multiple wallets as Bybit offers bounty

Lazarus Group launches ‘QinShihuang’ meme coin to launder $26M more from Bybit stash | Cryptopolitan

AI Tricksters Spin Up Fake DeepSeek Sites to Steal Crypto

Mac malware masks as job interview to steal crypto | Cybernews

Inside the Lazarus Group money laundering strategy

Fake CS2 tournament streams used to steal crypto, Steam accounts

Pump.fun X account hacked to promote scam governance token

DeepSeek-Spoofing Leveraged For Crypto Exfiltration | MSSP Alert

Argentina’s $4.6 Billion Crypto Scandal; Largest-Ever Crypto Theft

Insider Risk and Insider Threats

The Time to Speak to Employees About Insider Risk Is Now

US Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security

Insurance

Insurers still concerned over cyber risk unknowns

Supply Chain and Third Parties

Cyber Security's Biggest Blind Spot: Third-Party Risk, New Resilience Analysis Finds

Third parties now dominant cyber-attack point

Survey: Nearly Half of Data Breaches Involved Third-Party Remote Access - Security Boulevard

Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware

Russia warns financial sector organisations of IT service provider LANIT compromise

Cloud/SaaS

UK backdoor order forces Apple to disable cloud encryption | Digital Trends

Apple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand - SecurityWeek

Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine

Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News

Are False Positives Killing Your Cloud Security? Veriti Research Reveals - Security Boulevard

The Future of Auditing: What to Look for in 2025 - Security Boulevard

Encryption

Apple Pulls Encrypted iCloud Security Feature in UK Amid Government Backdoor Demands - MacRumors

Government has made UK user data ‘less secure’ with Apple row – experts - LBC

How end-to-end encryption will and won't change for Apple users in the UK | Tech News - Business Standard

Experts Slam Government After “Disastrous” Apple Encryption Move - Infosecurity Magazine

Public told to use Apple security tool Advanced Data Protection that Home Office tried to crack

Quantum Computing Has Arrived; We Need To Prepare For Its Impact

The encryption backdoor debate: Why are we still here?

The Case for Encryption | Open Rights Group

Google Says Its Encryption Has Not Changed—Does Android Now Beat iPhone?

FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data

UK blindsided US intelligence by asking for Apple backdoor, "a violation of American’s privacy and civil liberties" | TechRadar

Signal May Exit Sweden If Government Imposes Encryption Backdoor - Infosecurity Magazine

Privacy tech firms warn France’s encryption and VPN laws threaten privacy

Linux and Open Source

New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems

‘Auto-Color’ Linux Malware Uses Advanced Stealth Tactics To Evade Detection

OpenSSF Releases Security Baseline for Open Source Projects - SecurityWeek

Passwords, Credential Stuffing & Brute Force Attacks

Scale of unstoppable info-stealer malware laid bare • The Register

Hackers stole this engineer's 1Password database. Could it happen to you? | ZDNET

Is your email or password among the 240+ million compromised by infostealers? - Help Net Security

3.9 Billion Passwords Stolen—Infostealer Malware Blamed

HaveIBeenPwned Adds 244 Million Passwords Stolen By Infostealers - Infosecurity Magazine

Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics - SecurityWeek

Social Media

As Meta gets rid of fact-checkers, misinformation is going viral | TechCrunch

How new Facebook policies incentivize spreading misinformation | ZDNET

Pump.fun X account hacked to promote scam governance token

Regulations, Fines and Legislation

Government has made UK user data ‘less secure’ with Apple row – experts - LBC

Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace | CyberScoop

Cyber security Needs to Stay Nonpartisan in the Age of DOGE

UK Home Office’s new vulnerability reporting mechanism leaves researchers open to prosecution | The Record from Recorded Future News

DOGE must halt all ‘negligent cyber security practices,’ House Democrats tell Trump | The Record from Recorded Future News

House Dems say DOGE is leaving publicly exposed entry points into government systems | CyberScoop

Firing of 130 CISA staff worries cyber security industry | CSO Online

Federal cyber security layoffs could leave U.S. vulnerable to hackers - CBS News

Why we need an expanded CISA to fight today’s cyber threats | SC Media

UK blindsided US intelligence by asking for Apple backdoor, "a violation of American’s privacy and civil liberties" | TechRadar

Gabbard Calls for Investigation of UK’s Apple Backdoor Request

The Future of Auditing: What to Look for in 2025 - Security Boulevard

Trump 2.0 Brings Cuts to Cyber, Consumer Protections – Krebs on Security

Fake video of Trump kissing Musk's toes beamed to federal computers

China compromised GOP emails ahead of Republican convention • The Register

NIST Purge Puts US Semiconductors, AI Safety At Risk

Models, Frameworks and Standards

We must all safeguard against cyber attacks

UK businesses should look to Ireland amid EU cyber security overhaul | Computer Weekly

How To Take Your Firm From Risk To Resilience In 8 DORA-compliant Steps

Careers, Working in Cyber and Information Security

The CISO's dilemma of protecting the enterprise while driving innovation - Help Net Security

The cyber security skills gap reality: We need to face the challenge of emerging tech | CSO Online

Many cyber security pros report low job satisfaction—all while trying to fend off increasing threats from hackers | Fortune

Cyber security professionals face expanding responsibilities, with 61% covering multiple domains

Law Enforcement Action and Take Downs

Microsoft names cyber criminals behind AI deepfake network

Hacker Behind Over 90 Data Leaks Arrested in Thailand - SecurityWeek

Leader of cyber blackmail gang faces jail – Court News UK

Criminal hacker known as ALTDOS, DESORDEN, GHOSTR and 0mid16B arrested – DataBreaches.Net

US Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security

Misinformation, Disinformation and Propaganda

As Meta gets rid of fact-checkers, misinformation is going viral | TechCrunch

How new Facebook policies incentivize spreading misinformation | ZDNET

AI-Powered Deception is a Menace to Our Societies

Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations

Opinion | The right-wing media machine hits a wall - The Washington Post

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Aggressive Tactics, Weaponization of AI-powered Deception Rises | Business Wire

The Growing Threat of Cyber Warfare from Nation-States - PaymentsJournal

Nation State Actors

A pivotal year for geopolitical cyber attacks – how should businesses manage the risks? | Insurance Business America

Geopolitical Tension Fuels APT and Hacktivism Surge - Infosecurity Magazine

How APT Naming Conventions Make Us Less Safe

China

It's not just Salt Typhoon: All China-backed attack groups are showcasing specialized offensive skills | CyberScoop

FBI Has Warned About 'Ghost' Cyber Attacks. What You Need to Know. - Business Insider

Chinese Botnet Bypasses MFA in Microsoft 365 Attacks - Infosecurity Magazine

A Tale of Two Typhoons: Properly Diagnosing Chinese Cyber Threats - War on the Rocks

2025 CrowdStrike Global Threat Report: China’s Cyber Espionage Surges 150% with Increasingly Aggressive Tactics, Weaponization of AI-powered Deception Rises | Business Wire

CrowdStrike: China hacking has reached 'inflection point' | TechTarget

Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)'s staff emails

Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations

Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics - SecurityWeek

China compromised GOP emails ahead of Republican convention • The Register

Chinese-Backed Silver Fox Plants Backdoors in Healthcare Networks - Infosecurity Magazine

Russia

The evolution of Russian cyber crime | Intel 471

Ukrainian hackers claim breach of Russian loan company linked to Putin’s ex-wife | The Record from Recorded Future News

Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware

Russia warns financial sector organisations of IT service provider LANIT compromise

Cyber Attacks Hits Leading Russian IT Service Provider’s Subsidiaries | MSSP Alert

Russia warns financial sector of major IT service provider hack

Australia Bans Kaspersky Software Over National Security and Espionage Concerns

Apple Cuts Off Russian Developers from Enterprise Program Amid Ongoing Sanctions - gHacks Tech News

Sweden investigates suspected sabotage of undersea telecoms cable - BBC News

Germany takes the fight to Russia in undersea cable war

Drone-Equipped U.S. Marines Now Helping Protect Baltic Sea Submarine Cables

Putin’s secret weapon: The threat to the UK lurking on our sea beds - BBC News

North Korea

Biggest crypto heist in history, worth $1.5bn, linked to North Korea hackers | Science, Climate & Tech News | Sky News

Lazarus Group launches ‘QinShihuang’ meme coin to launder $26M more from Bybit stash | Cryptopolitan

FBI Confirms North Korea’s Lazarus Group as Bybyit Hackers - Infosecurity Magazine

Inside the Lazarus Group money laundering strategy

FBI fingers North Korea for $1.5B Bybit cryptocurrency heist • The Register

Lazarus Group moves funds to multiple wallets as Bybit offers bounty

EU sanctions North Korean tied to Lazarus group over involvement in Ukraine war | The Record from Recorded Future News

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Modern Approach to Attributing Hacktivist Groups - Check Point Research

How Anonymous Actually Works, According to a Founding Member - Business Insider

Tools and Controls

Cyber criminals prefer remote tools over malware, says CrowdStrike | SC Media

Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs

Why you can’t afford to botch staff onboarding processes | ITPro

Why Internal Audit Services Are Key to Risk Management in Today’s Business Landscape - Security Boulevard

99% of Organisations Report API-Related Security Issues - Infosecurity Magazine

Nations Open 'Data Embassies' to Protect Critical Info

Privacy tech firms warn France’s encryption and VPN laws threaten privacy

Reports Published in the Last Week

CrowdStrike 2025 Global Threat Report: Beware the Enterprising Adversary

Other News

Cyber Attacks Become Increasingly Efficient | MSSP Alert

26 New Threat Groups Spotted in 2024: CrowdStrike - SecurityWeek

SITA report reveals how aviation industry is doubling down on cyber security | Times Aerospace

Failure, Rinse, Repeat: Why do Both History and Security Seem Doomed to Repeat Themselves? - SecurityWeek

OpenSSF Releases Security Baseline for Open Source Projects - SecurityWeek

What Netflix's 'Zero Day' Got Right (and Wrong) About Cyber Attacks

Threat Actors Stealing Users Browser Fingerprints To Bypass Security Measures & Impersonate Users

Mounting Threats to Cyber-Physical Systems - Security Boulevard

Manufacturers told beware cyber-attacks as sector becoming rising target

Experts Warn of Maritime Industry’s Cyber Vulnerabilities | AFCEA International

Security and privacy concerns challenge public sector's efforts to modernize - Help Net Security

Nine Threat Groups Active in OT Operations in 2024: Dragos - SecurityWeek

Report: Health System Cyber Security Budgets Increasing, But Lack of AI Governance Threatens Security | HIMSS

New malware disrupts critical industrial processes • The Register

Vulnerability Management

23 Vulnerabilities in Black Basta's Chat Logs Exploited in Wild

Software Vulnerabilities Take Almost Nine Months to Patch - Infosecurity Magazine

UK Home Office’s new vulnerability reporting mechanism leaves researchers open to prosecution | The Record from Recorded Future News

61% of Hackers Use New Exploit Code Within 48 Hours of Attack - Infosecurity Magazine

Software security debt is spiralling out of control – remediation times have surged 47% in the last five years, and it’s pushing teams to breaking point | ITPro

What is VMaaS? Why You Should Consider Vulnerability-Management-as-a-Service

Misconfigured Access Systems Expose Hundreds Of Thousands Of Employees And Organisations

US Government Supercharges Security Vulnerabilities

Vulnerabilities

Atlassian fixed critical flaws in Confluence and Crowd

Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls - SecurityWeek

Huge cyber attack found hitting vulnerable Microsoft-signed legacy drivers to get past security | TechRadar

Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

Cisco Patches Vulnerabilities in Nexus Switches - SecurityWeek

Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers - SecurityWeek

Mac security researchers expose two new exploits | Macworld

Max Severity RCE Vuln in All Versions of MITRE Caldera

Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363) - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 23/02/2025 Black Arrow Admin 23/02/2025

Black Arrow Cyber Threat Intelligence Briefing 21 February 2025

Black Arrow Cyber Threat Intelligence Briefing 14 February 2025:

-Supply Chain Cyber Attacks Surge Over 400%, Expected to Continue Rising

-98% of Business Leaders Can't Spot a Phishing Scam

-Two-Thirds of UK Businesses Still Failing on Cyber Security

-44% of Middle-Market Firms Invest in Cyber Crime Protection

-A Deepfake Epidemic Is Coming: People Are Simply Not Good Enough at Identifying Fakes

-Cyber Security Gaps Exposed as 96% of S&P 500 Firms Hit by Data Breaches

-Cyber Criminals Shift Focus to Social Media as Attacks Reach Historic Highs

-Is a Lack of Supply Chain Visibility Undermining Board-Level Confidence in Cyber Security Programs?

-Ransomware Gangs Extort Victims 17 Hours After Intrusion on Average

-Over 330 million Credentials Compromised by Infostealers

-Mobile Phishing Attacks Surge, Accounting for 16% of Phishing Incidents

-Phishing-as-a-Service (PhaaS) Can Now Auto-Generate Phishing Kits for Any Brand

-This Open Text-to-Speech Model Needs Just Seconds of Audio to Clone Your Voice

Executive Summary

Black Arrow Cyber has identified a significant surge in cyber threats targeting organisations worldwide, with supply chain vulnerabilities, phishing scams, and ransomware tactics evolving at an alarming rate. Supply chain cyber attacks have increased by 431% in just two years, exposing weaknesses in third-party security oversight and operational dependencies. Simultaneously, phishing attacks remain a major risk, with 98% of senior business leaders unable to recognise key warning signs. The rapid rise of deepfake technology, infostealer malware, and mobile phishing further exacerbates these threats, with cyber criminals leveraging AI and automation to enhance their attack strategies.

Corporate cyber security measures remain insufficient, as evidenced by 96% of S&P 500 firms experiencing data breaches and 69% of UK businesses failing to implement basic network security protections. Ransomware gangs are accelerating their attacks, demanding ransoms within 17 hours of infiltration, while Phishing-as-a-Service platforms are making sophisticated attacks accessible to criminals with little technical knowledge. Social media has also become a prime target, with 2.55 billion threats blocked in a single quarter.

Black Arrow Cyber believes that urgent action is required. Businesses must prioritise proactive security strategies, including continuous supply chain monitoring, robust phishing awareness training, and advanced authentication measures to mitigate these growing risks. As cyber threats evolve, only a strong, multi-layered defence will ensure operational resilience and data security in an increasingly volatile digital landscape.

Governance, Risk and Compliance

Gartner: CISOs struggling to balance security, business objectives | Computer Weekly

Is a lack of supply chain visibility undermining board-level confidence in cyber security programs?

2024 a 'record year for cyber attacks on business' - Director of Finance Online

How Slashing the SAT Budget Is Appreciated By Hackers - Security Boulevard

Cyber security gaps exposed as 96% of S&P 500 firms hit by data breaches

Two-thirds of UK businesses still failing on cyber security | Total Telecom

Latest EY and IIF survey reveals cyber security as top risk for global CROs amid geopolitical tensions | EY - Global

IT spending will be driven by cybesecurity and AI

44% of Middle-Market Firms Invest in Cyber Crime Protection

New GRC and cyber risk strategies emphasize risk adaptability - Help Net Security

Cyber Security in 2025: AI, Attack Surfaces and the Shift to Cyber Resilience - Security Boulevard

Signs Your Organisation's Culture Is Hurting Your Cyber Security

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware gangs extort victims 17 hours after intrusion on average | CSO Online

Ransomware and reputation | Professional Security Magazine

Ransomware Detection: Attack Types & Latest Techniques in 2025 - Security Boulevard

BlackLock ransomware onslaught: What to expect and how to fight it - Help Net Security

Ransomware Spike Driven By RaaS Operations | MSSP Alert

The new ransomware groups worrying security researchers in 2025 | ITPro

Ransomware Attacks on Critical Infrastructure, AI Use to Grow in 2025 | MSSP Alert

Dozens of Orgs Claimed To Be Hacked by Cl0p Ransomware | MSSP Alert

Ending the Ransomware Scourge Requires Punishing Its Enablers

There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victims | ITPro

BlackLock On Track to Be 2025’s Most Prolific Ransomware Group - Infosecurity Magazine

The growing cyber threat: Ransomware, China, and state-sponsored attacks - GZERO Media

Feds warn Ghost ransomware crew remains active, potent • The Register

CISA and FBI: Ghost ransomware breached orgs in 70 countries

Inside A LockBit Ransomware Attack: A Firsthand Account Of Financial And Security Fallout

Updated Shadowpad Malware Leads to Ransomware Deployment | Trend Micro (US)

Darktrace Report Highlights The Growing Power Of MaaS, Sneaky Evasion Tactics

Black Basta ransomware gang's internal chat logs leak online

Acronis H2 2024 Cyber Threats Report Unveils Rise in

The complete story of the 2024 ransomware attack on UnitedHealth

Consultation launched to protect critical national infrastructure from ransomware | New Civil Engineer

Is Russia Reining In Ransomware-Wielding Criminals?

Ransomware losses tumble but threat remains: Chainalysis

NailaoLocker ransomware targets EU healthcare-related entities

Ransomware Victims

Dozens of Orgs Claimed To Be Hacked by Cl0p Ransomware | MSSP Alert

Lee Enterprises newspaper disruptions caused by ransomware attack

Cyber attack likely to have ‘material impact’ on media giant Lee Enterprises’ bottom line | The Record from Recorded Future News

Christie's Ransomware Hack Settlement Pact Wins Court's Approval

Army soldier linked to Snowflake extortion to plead guilty • The Register

The complete story of the 2024 ransomware attack on UnitedHealth

Medusa extortion gang demands $2M from UK's HCRG Care Group • The Register

NailaoLocker ransomware targets EU healthcare-related entities

Phishing & Email Based Attacks

Darcula PhaaS can now auto-generate phishing kits for any brand

Mobile Phishing Attacks Surge with 16% of Incidents in US - Infosecurity Magazine

98% of Business Leaders Can't Spot a Phishing Scam Tech.co Report Reveals | Business Wire

Russian Hackers Target Microsoft 365 Accounts with Device Code Attacks - Infosecurity Magazine

What is device code phishing, and why are Russian spies so successful at it? - Ars Technica

Suspected Russian spies caught spoofing Teams invites • The Register

Threat actors are using legitimate Microsoft feature to compromise M365 accounts - Help Net Security

Hackers are using this new phishing technique to bypass MFA | ITPro

What is barrel phishing? All you need to know | NordVPN

Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains

Phishing with AI is cyber security’s new hook

This New Email Attack Can Bypass Spam Filters: Here's How to Protect Against It

Amazon Phish Hunts for Security Answers and Payment Information - Security Boulevard

Phishing attack hides JavaScript using invisible Unicode trick

Russian phishing campaigns exploit Signal's device-linking feature

A Signal Update Fends Off a Phishing Technique Used in Russian Espionage | WIRED

200 businesses take part in first nationwide phishing test as part of Exercise SG Ready | The Straits Times

Spear Phishing vs Phishing: What Are the Main Differences?

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Mining Company NioCorp Loses $500,000 in BEC Hack - SecurityWeek

Other Social Engineering

Zypher's speech model can clone your voice with 5s of audio • The Register

Cyber criminals shift focus to social media as attacks reach historic highs - Help Net Security

Venture capital giant Insight Partners hit by cyber attack

Cyber Investor Insight Partners Suffers Security Breach - Infosecurity Magazine

Insight Partners, VC Giant, Falls to Social Engineering

A deepfake epidemic is coming as survey shows that people are simply not good enough at identifying fakes | TechRadar

Artificial Intelligence

Zypher's speech model can clone your voice with 5s of audio • The Register

The AI Hype Frenzy Is Fueling Cyber Security Risks

IT spending will be driven by cyber security and AI

The Hidden Cyber Security Crisis: How GenAI is Fueling the Growth of Unchecked Non-Human Identities - Security Boulevard

Cyber security pros are preparing for a new adversary: AI agents | Fortune

Ransomware Attacks on Critical Infrastructure, AI Use to Grow in 2025 | MSSP Alert

Why Regulating AI Is So Hard — And Necessary - The Good Men Project

The overlooked cyber security threat of AI

UK’s AI Safety Institute Rebrands Amid Government Strategy Shift - Infosecurity Magazine

The risks of autonomous AI in machine-to-machine interactions - Help Net Security

Sounding the alarm on AI-powered cyber security threats in 2025 | TechRadar

AI vs. Endpoint Attacks: What Security Leaders Need To Know | VentureBeat

Phishing with AI is cyber security’s new hook

A deepfake epidemic is coming as survey shows that people are simply not good enough at identifying fakes | TechRadar

Russia’s AI-Powered Cyber Attacks Threaten to Outpace Western Defences

The cyber insurance reckoning: Why AI-powered attacks are breaking coverage (and what comes next) | VentureBeat

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

UK’s AI Security Institute to protect against AI risks to national security

DarkMind: A new backdoor attack that leverages the reasoning capabilities of LLMs

Controlling Shadow AI: Protecting Knowledge Management From Cyber Threats

How to run DeepSeek AI locally to protect your privacy - 2 easy ways | ZDNET

US AI Safety Institute will be 'gutted,' Axios reports | ZDNET

Europe Mounts the Artificial-Intelligence Barricades - Bloomberg

Yikes: Jailbroken Grok 3 can be made to say and reveal just about anything | ZDNET

2FA/MFA

Hackers are using this new phishing technique to bypass MFA | ITPro

Malware

Microsoft Outlook targeted by new malware attacks allowing sneaky hijacking | TechRadar

New FinalDraft Malware Spotted in Espionage Campaign - SecurityWeek

ESentire Uncovers EarthKapre/RedCurl Attack Targeting Law Firms

Malware-as-a-Service accounts for 57 percent of all threats

300% increase in endpoint malware detections - Help Net Security

Why ‘malware as a service’ is becoming a serious problem | ITPro

Over 330 Million Credentials Compromised by Infostealers - Infosecurity Magazine

Beware of Fake BSOD Delivered by Malicious Python Script

PirateFi game on Steam caught installing password-stealing malware

Microsoft Detects New XCSSET MacOS Malware Variant - Infosecurity Magazine

Telegram Used as C2 Channel for New Golang Malware - Infosecurity Magazine

Russian malware discovered with Telegram hacks for C2 operations | CSO Online

Proofpoint Uncovers FrigidStealer, A New MacOS Infostealer - Infosecurity Magazine

Evolving Snake Keylogger Variant Targets Windows Users - Infosecurity Magazine

Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack

Hackers used free Steam game to steal passwords, Valve warns affected users | TechSpot

US military and defence contractors hit with Infostealer malware | TechRadar

Updated Shadowpad Malware Leads to Ransomware Deployment | Trend Micro (US)

Darktrace Report Highlights The Growing Power Of MaaS, Sneaky Evasion Tactics

Google Calendar Malware Is on the Rise. Here’s How to Stay Safe | WIRED

Hide and Seek in Memory: Outsmarting Sneaky Malware with Data Magic | HackerNoon

Phishing attack hides JavaScript using invisible Unicode trick

Chinese hackers use custom malware to spy on US telecom networks

Mobile

Mobile Phishing Attacks Surge with 16% of Incidents in US - Infosecurity Magazine

The 6 most notorious and dangerous Android malware of all time

Chrome for Android adds new protection against malicious apps | Digital Trends

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

Apple resists UK regulator demands to open up iOS browsers, citing security risks | TechSpot

Your Android phone could have stalkerware — here's how to remove it | TechCrunch

Denial of Service/DoS/DDoS

Qualys Identifies Critical Vulnerabilities That Enable DDoS, MITM Attacks

Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites - Security Affairs

Pro-Russian hackers target Italy for the third consecutive day in retaliation for Mattarella’s remarks - Euractiv

Internet of Things – IoT

Massive Data Exposure At Mars Hydro Highlights IoT Security Risks

Connected vehicle hacking on the increase

Data Breaches/Leaks

Cyber security gaps exposed as 96% of S&P 500 firms hit by data breaches

N Ireland police charges suspected terrorists using FoI data • The Register

Insight Partners, VC Giant, Falls to Social Engineering

When Brand Loyalty Trumps Data Security

Massive data breach in France: Protect yourself from cyber attacks

Zacks Investment hit in data breach - 12 million users potentially at risk | TechRadar

Fintech giant Finastra notifies victims of October data breach

Massive Data Exposure At Mars Hydro Highlights IoT Security Risks

Zacks Investment Research Breach Hits 12 Million - Infosecurity Magazine

US Coast Guard paychecks delayed by cyber attack | TechRadar

Cyber attack compromises leading Australian IVF provider’s data | SC Media

Data breach risk confirmed - Bailiwick Express News Guernsey

Organised Crime & Criminal Actors

Malware-as-a-Service accounts for 57 percent of all threats

Why ‘malware as a service’ is becoming a serious problem | ITPro

127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police - SecurityWeek

Black Basta ransomware gang's internal chat logs leak online

Thousands of trafficked scammers await return to Thailand • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack

Two arrested after pensioner scammed out of crypto nest egg • The Register

Insider Risk and Insider Threats

The Bourne Insecurity: When Defence Employees Unwittingly Help Attackers

Forrester Report: The Complexities Of Human-Element Breaches

Insurance

The cyber insurance reckoning: Why AI-powered attacks are breaking coverage (and what comes next) | VentureBeat

Supply Chain and Third Parties

Is a lack of supply chain visibility undermining board-level confidence in cyber security programs?

Supply chain cyber attacks surge over 400%, expected to continue rising – Cowbell report | Insurance Business America

Third party delegation risk - IT Security Guru

Cloud/SaaS

Hackers are using this new phishing technique to bypass MFA | ITPro

Russian Hackers Target Microsoft 365 Accounts with Device Code Attacks - Infosecurity Magazine

What is device code phishing, and why are Russian spies so successful at it? - Ars Technica

Suspected Russian spies caught spoofing Teams invites • The Register

Threat actors are using legitimate Microsoft feature to compromise M365 accounts - Help Net Security

ZEST Security's Cloud Risk Exposure Impact Report Reveals 62% of Incidents are Related to Risks Known to the Organisation

Trump admin sought to counter UK-ordered iCloud encryption backdoor | SC Media

New "whoAMI" Attack Exploits AWS AMI Name Confusion for Remote Code Execution

How CISOs can balance security and business agility in the cloud - Help Net Security

Identity and Access Management

The Hidden Cyber Security Crisis: How GenAI is Fueling the Growth of Unchecked Non-Human Identities - Security Boulevard

Identity is the Breaking Point—Get It Right or Zero Trust Fails | VentureBeat

Encryption

What is an encryption backdoor? | TechCrunch

Trump admin sought to counter UK-ordered iCloud encryption backdoor | SC Media

10 years on after Data and Goliath warned of data collection • The Register

Rethinking the Debate on Encryption Backdoors | SC Media UK

Quantum computing in cyber security: A double-edged sword | Computer Weekly

Passwords, Credential Stuffing & Brute Force Attacks

Over 330 Million Credentials Compromised by Infostealers - Infosecurity Magazine

PirateFi game on Steam caught installing password-stealing malware

The Bourne Insecurity: When Defence Employees Unwittingly Help Attackers

Hackers used free Steam game to steal passwords, Valve warns affected users | TechSpot

US military and defence contractors hit with Infostealer malware | TechRadar

Hundreds of US Military and Defence Credentials Stolen - Infosecurity Magazine

Credential Theft Becomes Cyber Criminals' Favorite Target

Social Media

Cyber criminals shift focus to social media as attacks reach historic highs - Help Net Security

Training, Education and Awareness

How Slashing the SAT Budget Is Appreciated By Hackers - Security Boulevard

Regulations, Fines and Legislation

Why Regulating AI Is So Hard — And Necessary - The Good Men Project

Trump admin sought to counter UK-ordered iCloud encryption backdoor | SC Media

UK’s AI Safety Institute Rebrands Amid Government Strategy Shift - Infosecurity Magazine

Insider threat: cyber security experts on giving Elon Musk and DOGE the keys to US government IT systems

UK’s AI Security Institute to protect against AI risks to national security

SEC creates Cyber and Emerging Technologies Unit

CIOs to the DORA test: how to speed up the process for compliance | CSO Online

Top US Election Security Watchdog Forced to Stop Election Security Work | WIRED

Elon Musk's DOGE launched its website. It was hacked within days | Fortune

Why dismantling the PCLOB and CSRB threatens privacy and national security

DoD's new CISO once had clearance revoked for data leak • The Register

DOGE Now Has Access to the Top US Cyber Security Agency | WIRED

DOGE access to Social Security, IRS data could create privacy and security risks, experts say | The Record from Recorded Future News

Consultation launched to protect critical national infrastructure from ransomware | New Civil Engineer

US AI Safety Institute will be 'gutted,' Axios reports | ZDNET

Europe Mounts the Artificial-Intelligence Barricades - Bloomberg

Models, Frameworks and Standards

CIOs to the DORA test: how to speed up the process for compliance | CSO Online

PCI DSS 4.0 Mandates DMARC By 31st March 2025

Careers, Working in Cyber and Information Security

Cyber security jobs are on the rise as digital threats continue to evolve - The Globe and Mail

Cyber security Salaries Stay Competitive, Retention Challenges Persist - Security Boulevard

Cyber security is tough: 4 steps leaders can take now to reduce team burnout | CSO Online

Q&A: Tackling the cyber skills gap — Financier Worldwide

Cyber security professionals not happy in their jobs

West Coast Cyber Security Salaries Outshine Rest of Country - Infosecurity Magazine

Law Enforcement Action and Take Downs

127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police - SecurityWeek

US Army soldier pleads guilty to AT&T and Verizon hacks | TechCrunch

The Zservers takedown is another big win for law enforcement | ITPro

Two arrested after pensioner scammed out of crypto nest egg • The Register

Thousands of trafficked scammers await return to Thailand • The Register

Ending the Ransomware Scourge Requires Punishing Its Enablers

Is Russia Reining In Ransomware-Wielding Criminals?

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Banking sector wrestling with cyber concerns amid spectre of geopolitical impacts

ESentire Uncovers EarthKapre/RedCurl Attack Targeting Law Firms

Latest EY and IIF survey reveals cyber security as top risk for global CROs amid geopolitical tensions | EY - Global

Spies Eye AUKUS Nuclear Submarine Secrets - Infosecurity Magazine

Nation State Actors

China

Salt Typhoon telecom breach remarkable for its ‘indiscriminate’ targeting, FBI official says | CyberScoop

The growing cyber threat: Ransomware, China, and state-sponsored attacks - GZERO Media

China-Linked Threat Group Targets Japanese Orgs' Servers

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

Chinese hackers use custom malware to spy on US telecom networks

Salt Typhoon used custom malware JumbledPath to spy on US telecom providers

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

AI Could Help the US Evade a Crippling Cyber Attack on Its Satellites - Business Insider

How to run DeepSeek AI locally to protect your privacy - 2 easy ways | ZDNET

Russia

Hackers are using this new phishing technique to bypass MFA | ITPro

Russian Hackers Target Microsoft 365 Accounts with Device Code Attacks - Infosecurity Magazine

Suspected Russian spies caught spoofing Teams invites • The Register

Russian malware discovered with Telegram hacks for C2 operations | CSO Online

Russia’s AI-Powered Cyber Attacks Threaten to Outpace Western Defences

Russian Groups Target Signal Messenger in Spy Campaign

Pro-Russia collective NoName057(16) launched a new wave of DDoS attacks on Italian sites - Security Affairs

Ending the Ransomware Scourge Requires Punishing Its Enablers

Russian phishing campaigns exploit Signal's device-linking feature

Is Russia Reining In Ransomware-Wielding Criminals?

North Korea

North Korea's Kimsuky Attacks Rivals' Trusted Platforms

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

N Ireland police charges suspected terrorists using FoI data • The Register

Tools and Controls

How Slashing the SAT Budget Is Appreciated By Hackers - Security Boulevard

44% of Middle-Market Firms Invest in Cyber Crime Protection

IT spending will be driven by cyber security and AI

The Hidden Cyber Security Crisis: How GenAI is Fuelling the Growth of Unchecked Non-Human Identities - Security Boulevard

300% increase in endpoint malware detections - Help Net Security

CISO's Expert Guide To CTEM And Why It Matters

New GRC and cyber risk strategies emphasize risk adaptability - Help Net Security

Edge device vulnerabilities fueled attack sprees in 2024 | CyberScoop

Most impactful cyber attacks linked to vulnerable edge devices | SC Media

AI vs. Endpoint Attacks: What Security Leaders Need To Know | VentureBeat

API Security Matters: The Risks of Turning a Blind EyeWebinar.

Identity is the Breaking Point—Get It Right or Zero Trust Fails | VentureBeat

How CISOs can balance security and business agility in the cloud - Help Net Security

The Cyber Security Threat Lurking in Your Operational Efficiency Efforts: Remote Access Vulnerabilities

PCI DSS 4.0 Mandates DMARC By 31st March 2025

Other News

Two-thirds of UK businesses still failing on cyber security | Total Telecom

Robert De Niro Tries to Save America in Netflix’s High-Profile Mini-Series Zero Day | Vanity Fair

How to improve cyber security in healthcare | McKinsey

US Coast Guard paychecks delayed by cyber attack | TechRadar

Another Cyber Security Flaw: Automakers Still Risking Too Much

Securing E-Commerce in an Age of Relentless Cyber Threats

AI Could Help the US Evade a Crippling Cyber Attack on Its Satellites - Business Insider

4 Cyber Security Misconceptions to Leave Behind in 2025 - The New Stack

Five cyber security basics that stand the test of time | SC Media

Vulnerability Management

Cyber security experts defend CVSS amid criticism | SC Media

Edge device vulnerabilities fuelled attack sprees in 2024 | CyberScoop

Microsoft reminds admins to prepare for WSUS driver sync deprecation

Vulnerabilities

Hackers Exploit Palo Alto Firewall Vulnerability Day After Disclosure - SecurityWeek

SonicWall firewalls under attack. Patch now • The Register

Palo Alto Networks and SonicWall Firewalls Under Attack - Infosecurity Magazine

Microsoft is pushing a security update to Windows 11 that breaks File Explorer

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability

Ivanti endpoint manager can become endpoint ravager • The Register

Xerox Versalink Printer Vulnerabilities Enable Lateral Movement - SecurityWeek

Qualys Identifies Critical Vulnerabilities That Enable DDoS, MITM Attacks

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products

OpenSSH bugs threaten enterprise security, uptime • The Register

Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities - SecurityWeek

Palo Alto warns firewalls flaws are under active attack • The Register

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

WordPress Plugin Vulnerability Exposes 90,000 Sites to Attack - Infosecurity Magazine

Firefox 135.0.1: important security update and bug fixes - gHacks Tech News

Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target US Telecom Networks

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 16/02/2025 Black Arrow Admin 16/02/2025

Black Arrow Cyber Threat Intelligence Briefing 14 February 2025

Black Arrow Cyber Threat Intelligence Briefing 14 February 2025:

-Russian State Threat Group Shifts Focus to US, UK Targets

-Majority of Businesses Expect a Cyber Breach in 2025

-The Hidden Cyber Threat Lurking in Your Supply Chain

-Cyber Resilience: A C-Suite Game Plan for Balancing Innovation, Compliance and Risk

-NIS2: the GDPR of Cyber Security

-Hackers Ramp Up Efficiency, Speed, and Scale in 2024, Targeting Business of All Sizes

-Number of Active Dark Web Ransomware Groups Up 38% in 2024

-Nation State Hackers Want in on the Ransomware Action – Ransomware Isn’t Always About the Money: Government Spies Have Objectives, Too

-Enterprises Under Growing Pressure to Demonstrate Readiness for Cyber Threats

-Cyber Criminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks

-The UK’s Secret iCloud Backdoor Request Raises Concerns from Critics

Executive Summary

There has been a clear surge in cyber threats targeting UK and US organisations in recent weeks, particularly from state-backed and criminal ransomware groups. Russian state-affiliated actors are exploiting vulnerabilities in critical infrastructure sectors, while nation-state groups from China, Iran, and North Korea increasingly use ransomware for espionage and financial gain. The number of active ransomware groups rose by 38% in 2024, with attacks becoming more efficient through automation. The evolving threat landscape demands proactive cyber defence, including robust endpoint protection, threat intelligence, and rapid incident response.

Despite growing awareness, organisations remain vulnerable due to inadequate investment and outdated security strategies. Research shows that 60% of businesses expect a cyber breach in 2025, yet nearly half have not reviewed their security posture recently. Supply chain risks are particularly pressing, with financial services firms facing repeated third-party breaches. The EU’s NIS2 directive is set to impose stricter cyber security standards, with UK firms working with EU partners already required to comply. Leadership alignment is crucial, as gaps between CIOs, CTOs, and CISOs continue to hinder cyber resilience.

Regulatory pressure is mounting, with the UK government reportedly seeking backdoor access to encrypted data. Meanwhile, cyber criminals are exploiting seasonal events, such as Valentine’s Day, to launch sophisticated scams. As cyber threats intensify, Black Arrow Cyber advises organisations to adopt a ‘Resilient by Design’ approach, prioritising zero trust security models, continuous monitoring, and executive-level collaboration to mitigate risks and safeguard long-term business continuity.

Governance, Risk and Compliance

58% of UK financial firms targeted in supply chain cyber attacks, survey reveals

Third-Party Risk Management Failures Expose UK Finance Sector - Infosecurity Magazine

Majority Of Businesses Expect A Cyber Breach In 2025 | Silicon UK

Gartner: Most Security Leaders Cannot Balance Data Security, Business Goals

Enterprises under growing pressure to demonstrate readiness for cyber threats

Cyber resilience: A C-suite game plan for balancing innovation, compliance and risk | SC Media

From Reactive to Predictive: Building Cyber Resilience for 2025 - Security Boulevard

7 tips for improving cyber security ROI | CSO Online

Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire

Cyber Security, Enterprise Risk Management, and Meeting Effectiveness Are Top Priorities for Audit Committees, According to Deloitte, Center for Audit Quality Survey

Cyber Resilience: What’s in store for 2025? | SC Media UK

Human Risk Management Will Be the Hot Topic of 2025 | Mimecast

Inconsistent security strategies fuel third-party threats - Help Net Security

Business leaders see risks in economy, cyber threats and talent | Accounting Today

Why CFOs and CISOs Should Care About B2B Cyber Audits

New Cyber Attack Severity Classification Scale Unveiled By UK Org | MSSP Alert

Financial crime in the shadows of the dark web | Premium | Compliance Week

74% of Security Directors in Regulated Industries Say Detection Security Technologies Fall Short | Business Wire

Threats

Ransomware, Extortion and Destructive Attacks

2024 Breaks Records With Highest Ever Ransomware Attacks

Number of active dark web ransomware groups up 38 percent in 2024

Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks - Infosecurity Magazine

Ransomware attacks spiked in 2024—but they're nothing compared to what's coming this year, tech expert warns. 'I’m very afraid of the things we’re going to see in 2025' | Fortune

Hackers Ramp Up Efficiency, Speed, and Scale in 2024,

Cyber crime is helping fund rogue nations across the world - and it's only going to get worse, Google warns | TechRadar

Nation-state hackers want in on the ransomware action • The Register

Chinese Cyber Spy Possibly Launching Ransomware Attacks as Side Job - SecurityWeek

Triplestrength hits with ransomware, cloud crypto mining • The Register

Google says policymakers must stem upward cyber crime trend • The Register

US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop

Warning: Cyber Crime Services Underpin National Security Risk

‘We Don’t Negotiate with Terrorists’: Ransomware Strategy in Modern Cyber Security | MSSP Alert

Cyber attacks targeting medical organisations up 32% in 2024 | SC Media

US indicts 8Base ransomware operators for Phobos encryption attacks

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Thai authorities detain four Europeans in ransomware crackdown | CyberScoop

Ransomware Victims

Label maker Avery says ransomware investigation also found credit-card scraper | The Record from Recorded Future News

Was Cisco Just Hit By Ransomware? What Happened And What To Do

Cisco Hacked – Ransomware Group Allegedly Breached & Gained AD Access

Cisco Says Ransomware Group's Leak Related to Old Hack - SecurityWeek

Cisco dispels Kraken data breach claims, insists stolen data came from old attack | ITPro

120K Compromised in Memorial Hospital Ransomware Attack

'Cyber event' delaying US newspaper prints enters 2nd week • The Register

Phishing & Email Based Attacks

SVG files are offering cyber criminals an easy way in with new phishing attacks | TechRadar

Cyber Criminals Weaponize Graphics Files in Phishing Attacks - Infosecurity Magazine

AI-Powered Social Engineering: Reinvented Threats

Cyber Criminals Exploit Valentine’s Day with Romance Scams, Phishing Attacks - Security Boulevard

Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques - Infosecurity Magazine

Google's DMARC Push Pays Off, but Challenges Remain

A new Facebook phishing campaign looks to trick you with emails sent from Salesforce | TechRadar

Cloudflare outage caused by botched blocking of phishing URL

Phishing Season 2025: The Latest Predictions Unveiled - Security Boulevard

Study: Workplace Phishing Tests Only Have a 2% Success Rate

Other Social Engineering

DPRK hackers dupe targets into typing PowerShell commands as admin

Windows, Mac And Linux Users Given New LinkedIn Security Warning

I'm a security expert and I almost fell for this IT job scam • The Register

Artificial Intelligence

Malicious AI Models on Hugging Face Exploit Novel Attack Technique - Infosecurity Magazine

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

AI-Powered Social Engineering: Reinvented Threats

Bad Actors Target DeepSeek In LLMJacking Attacks

DeepSeek-R1: A Smorgasbord Of Security Risks

CISOs Brace for LLM-Powered Attacks: Key Strategies to Stay Ahead - Security Boulevard

How to Steer AI Adoption: A CISO Guide

AI-Driven Cyber Threats Require New Defence Strategies | MSSP Alert

Biz Beware: DeepSeek AI Fails Multiple Security Tests

AI chatbots distort the news, BBC finds - see what they get wrong | ZDNET

A review of the UK Government AI security guidance

How fake security reports are swamping open-source projects, thanks to AI | ZDNET

Rapid growth of AI poses ‘profound’ threat to privacy – The Irish Times

In Paris, US signals shift from AI safety to deregulation | CyberScoop

ChatGPT maker OpenAI taking claims of data breach ‘seriously’ | The Independent

20 million OpenAI users hacked? Here's how to stay safe | PCWorld

2FA/MFA

Astaroth Phishing Kit Bypasses 2FA Using Reverse Proxy Techniques - Infosecurity Magazine

Inside The Söze Syndicate: MFA Flaws, And The Battle For SMB Security

4 Ways to Keep MFA From Becoming too Much of a Good Thing

Malware

North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe | TechRadar

DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects

Millions of Mac owners urged to be on alert for info-stealing malware | Tom's Guide

Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks

US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop

Microsoft IIS servers targeted for malware deployment | SC Media

Hackers are targeting your password manager app | Mashable

Microsoft warns hackers have a new and devious way of distributing malware | TechRadar

Linux running in a PDF? This hack is as bizarre as it is brilliant | ZDNET

Bots/Botnets

Botnet Spotlight | Networks Hosting Botnet C&Cs: Same Players, Same Problems | Blog

Denial of Service/DoS/DDoS

DDoS Attack Volume and Magnitude Continues to Soar - Infosecurity Magazine

Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks

Internet of Things – IoT

Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records - Infosecurity Magazine

Data Breaches/Leaks

Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire

Exclusive: Massive IoT Data Breach Exposes 2.7 Billion Records - Infosecurity Magazine

Silent breaches are happening right now, most companies have no clue - Help Net Security

Over 3 million Fortune 500 employee accounts compromised since 2022 - Help Net Security

14 State AGs to Sue DOGE Over Payment System Access | MSSP Alert

Judge: DOGE made US Treasury ‘more vulnerable to hacking’ • The Register

Research Reveals Data Breaches On The Rise at UK Law Firms | Tripwire

20 million OpenAI users hacked? Here's how to stay safe | PCWorld

HPE notifies employees of data breach after Russian Office 365 hack

Over 882K Impacted By Hospital Sisters Health System Breach | MSSP Alert

Georgia Hospital Alerts 120,000 Individuals of Data Breach - Infosecurity Magazine

OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials - SecurityWeek

Lexipol Data Leak: Hackers Drop Police Training Manuals

Cisco dispels Kraken data breach claims, insists stolen data came from old attack | ITPro

Additional Details on PowerSchool Breach Impact Emerge | MSSP Alert

120K Compromised in Memorial Hospital Ransomware Attack

Organised Crime & Criminal Actors

Cyber crime is helping fund rogue nations across the world - and it's only going to get worse, Google warns | TechRadar

Nation-state hackers want in on the ransomware action • The Register

Google says policymakers must stem upward cyber crime trend • The Register

US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop

Warning: Cyber Crime Services Underpin National Security Risk

Russian cyber criminal Alexander Vinnik is being released from US custody in exchange for Marc Fogel

Russia taps cyber criminals to keep military pressure on Ukraine – POLITICO

Botnet Spotlight | Networks Hosting Botnet C&Cs: Same Players, Same Problems | Blog

Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Triplestrength hits with ransomware, cloud crypto mining • The Register

US: Man Gets 20 Years for $37m Crypto Heist - Infosecurity Magazine

Insider Risk and Insider Threats

Human Risk Management Will Be the Hot Topic of 2025 | Mimecast

Behavioural Analytics in Cyber Security: Who Benefits Most?

Insurance

Tips for Maximizing Your Cyber Insurance Program | Goodwin - JDSupra

Supply Chain and Third Parties

Nearly half of organisations suffer third-party security incidents

58% of UK financial firms targeted in supply chain cyber attacks, survey reveals

Third-Party Risk Management Failures Expose UK Finance Sector - Infosecurity Magazine

The hidden cyber threat lurking in your supply chain - Accountancy Age

Inconsistent security strategies fuel third-party threats - Help Net Security

Should the UK Take Note of EU Digital Resilience Rules as Supply Chain Attacks Continue asks Orange | The Fintech Times

Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

It's time to secure the extended digital supply chain - Help Net Security

Why CFOs and CISOs Should Care About B2B Cyber Audits

IT reliance leaves insurers open to attack

Cloud/SaaS

Triplestrength hits with ransomware, cloud crypto mining • The Register

Cyber criminals Are Moving into the Cloud and Making Your Active Directory Their New Home | Ankura - JDSupra

Labour's Demand to Spy on Apple Users Undermines the Security and Privacy of Us All – The Daily Sceptic

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance - Help Net Security

Outages

PlayStation Network Outage: A Wake-Up Call For Cyber Security?

Cloudflare outage caused by botched blocking of phishing URL

Encryption

UK's secret Apple iCloud backdoor order is a global emergency, say critics | TechCrunch

Apple’s ‘Dangerous’ iPhone Update Is Much Worse Than You Think

Experts Dismayed at UK’s Apple Encryption Demands - Infosecurity Magazine

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance - Help Net Security

The UK’s war on encryption affects all of us | The Verge

Europol Warns Financial Sector of “Imminent” Quantum Threat - Infosecurity Magazine

Passwords, Credential Stuffing & Brute Force Attacks

Over 3 million Fortune 500 employee accounts compromised since 2022 - Help Net Security

Security attacks on password managers have soared | TechRadar

Massive brute force attack uses 2.8 million IPs to target VPN devices

Huge cyber attack under way - 2.8 million IPs being used to target VPN devices | TechRadar

Social Media

North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe | TechRadar

Windows, Mac And Linux Users Given New LinkedIn Security Warning

What to do if your social media accounts are hacked | The Independent

Google fixes flaw that could unmask YouTube users' email addresses

A new Facebook phishing campaign looks to trick you with emails sent from Salesforce | TechRadar

Malvertising

Magecart Attackers Abuse Google Ad Tool to Steal Data

Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores

Chinese-Speaking Group Manipulates SEO with BadIIS | Trend Micro (US)

Regulations, Fines and Legislation

The UK’s war on encryption affects all of us | The Verge

CIOs to the DORA test: how to speed up the process for compliance | CSO Online

Apple ordered to open encrypted user accounts globally to UK spying | The Verge

NIS2: the GDPR of cyber security | TechRadar

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance - Help Net Security

Most UK GDPR Enforcement Actions Targeted Public Sector in 2024 - Infosecurity Magazine

Treasury Curtails Musk-led DOGE’s Government Access | MSSP Alert

Musk’s DOGE teen was fired by cyber security firm for leaking company secrets

Judge: DOGE made US Treasury ‘more vulnerable to hacking’ • The Register

Should the UK Take Note of EU Digital Resilience Rules as Supply Chain Attacks Continue asks Orange | The Fintech Times

Elon Musk's DOGE Is a Cyber Security Nightmare

The Government’s Computing Experts Say They Are Terrified - The Atlantic

A review of the UK Government AI security guidance

Cyber security group sues DOGE over data access | Mashable

Trump White House Dismantles Key Data Security Safeguards

In Paris, US signals shift from AI safety to deregulation | CyberScoop

Coast Guard falls short on maritime cyber security, GAO says • The Register

Trump Order Grants DOGE Hiring Powers, Raising Cyber Fears

Models, Frameworks and Standards

CIOs to the DORA test: how to speed up the process for compliance | CSO Online

NIS2: the GDPR of cyber security | TechRadar

Should the UK Take Note of EU Digital Resilience Rules as Supply Chain Attacks Continue asks Orange | The Fintech Times

Data Protection

Most UK GDPR Enforcement Actions Targeted Public Sector in 2024 - Infosecurity Magazine

Careers, Working in Cyber and Information Security

Data reveals sharpest tech skills shortages in software engineering, data science and cyber security | theHRD

Tackling the UK's cyber security skills shortage | TechRadar

Cyber Security Challenge Announces Plans for Closure | SC Media UK

UK Military Fast-Tracks Cyber Security Recruitment - Infosecurity Magazine

Law Enforcement Action and Take Downs

US: Man Gets 20 Years for $37m Crypto Heist - Infosecurity Magazine

US indicts 8Base ransomware operators for Phobos encryption attacks

District of Maryland | Phobos Ransomware Affiliates Arrested in Coordinated International Disruption | United States Department of Justice

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster

US woman faces years in federal prison for running laptop farm for N Korean IT workers

Alabama Man Pleads Guilty to Hacking SEC's X Account - SecurityWeek

Misinformation, Disinformation and Propaganda

AI chatbots distort the news, BBC finds - see what they get wrong | ZDNET

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets

Nation State Actors

Nation-state hackers want in on the ransomware action • The Register

Cyber crime is helping fund rogue nations across the world - and it's only going to get worse, Google warns | TechRadar

Google says policymakers must stem upward cyber crime trend • The Register

US adversaries increasingly turning to cyber criminals and their malware for help | CyberScoop

Warning: Cyber Crime Services Underpin National Security Risk

China

Chinese Cyber Spy Possibly Launching Ransomware Attacks as Side Job - SecurityWeek

Chinese espionage tools deployed in RA World ransomware attack

Salt Typhoon strikes again - more US ISPs, universities and telecoms networks hit by Chinese hackers | TechRadar

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

New Chinese Hacking Campaign Targets Manufacturing Firms to Steal IP - Infosecurity Magazine

China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers | WIRED

DeepSeek-R1: A Smorgasbord Of Security Risks

We’re In for a Rude Awakening on Cyber Security

Security Researchers Warn of New Risks in DeepSeek AI App

Chinese-Speaking Group Manipulates SEO with BadIIS | Trend Micro (US)

Russia

Russian Seashell Blizzard Hackers Gain, Maintain Access to High-Value Targets: Microsoft - SecurityWeek

A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks | WIRED

Russian state threat group shifts focus to US, UK targets | CyberScoop

Russia's intelligence recruits Ukrainians for terror attacks via messaging apps

Salt Typhoon's Impact on the US and Beyond

Russia taps cyber criminals to keep military pressure on Ukraine – POLITICO

23 Companies, 120 Servers Down: Ukraine’s Cyber Strike Shakes Russia’s Energy Sector | Defense Express

Russian military hackers deploy malicious Windows activators in Ukraine

US, UK and Australia Hit Bulletproof Hoster Zservers with Sanctions - Infosecurity Magazine

The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Microsoft Security Blog

HPE notifies employees of data breach after Russian Office 365 hack

Russian cyber criminal Alexander Vinnik is being released from US custody in exchange for Marc Fogel

Russia Says Baltic Sea Cable Damaged by ‘External Impact' - The Moscow Times

TeamViewer's CISO on Thriving After Russian Cyber-Attack - Infosecurity Magazine

North Korea

DPRK hackers dupe targets into typing PowerShell commands as admin

North Korean hackers are targeting LinkedIn jobseekers with new malware - here's how to stay safe | TechRadar

Researchers Unveiled Tactics, Techniques, and Procedures Used by North Korean Hackers

I'm a security expert and I almost fell for this IT job scam • The Register

US woman faces years in federal prison for running laptop farm for N Korean IT workers

Tools and Controls

Massive brute force attack uses 2.8 million IPs to target VPN devices

Security attacks on password managers have soared | TechRadar

Cyber resilience: A C-suite game plan for balancing innovation, compliance and risk | SC Media

From Reactive to Predictive: Building Cyber Resilience for 2025 - Security Boulevard

74% of Security Directors in Regulated Industries Say Detection Security Technologies Fall Short | Business Wire

Analyst Burnout Is an Advanced Persistent Threat

Huge cyber attack under way - 2.8 million IPs being used to target VPN devices | TechRadar

Google's DMARC Push Pays Off, but Challenges Remain

7 tips for improving cyber security ROI | CSO Online

New Cyber Attack Severity Classification Scale Unveiled By UK Org | MSSP Alert

4 Ways to Keep MFA From Becoming too Much of a Good Thing

Behavioural Analytics in Cyber Security: Who Benefits Most?

Transforming Cyber Security With Continuous Threat Exposure Management

How Deepseek’s security failures shape the future of cyber defence on AI | Cybernews

Other News

Why Attackers Heart SMBs— and How to Fight Back | Symantec Enterprise Blogs

What is Physical Security and How Does it Work? | Definition from TechTarget

London council hit by 20,000 cyber attacks every day | The Standard

Elon Musk's DOGE Is a Cyber Security Nightmare

Cyber attacks targeting medical organisations up 32% in 2024 | SC Media

Cyber security requires new approaches, where all stakeholders contribute | Healthcare IT News

IT reliance leaves insurers open to attack

Canada to spend almost $38 million on huge cyber security overhaul

Vehicle cyber security under scrutiny as major hacking attempts triple in 2024

Japan Goes on Offense With New 'Active Cyber Defense' Bill

Cyber security group sues DOGE over data access | Mashable

Coast Guard falls short on maritime cyber security, GAO says • The Register

Linux running in a PDF? This hack is as bizarre as it is brilliant | ZDNET

Vulnerability Management

XE Group shifts from credit card skimming to exploiting zero-days

How fake security reports are swamping open-source projects, thanks to AI | ZDNET

Vulnerabilities

Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws

Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks - SecurityWeek

SonicWall firewall exploit lets hackers hijack VPN sessions, patch now

Fortinet 0-Day in FortiOS & FortiProxy Let Attackers Hijack Firewall to Gain Super Admin Access

SAP Releases 21 Security Patches - SecurityWeek

PAN-OS 0-day Vulnerability Let Attackers Bypass Web Interface Authentication

High-Severity OpenSSL Vulnerability Found by Apple Allows MitM Attacks - SecurityWeek

Apple’s security patch highlights the growing security threat – Computerworld

Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now

Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities - SecurityWeek

Additional Details on PowerSchool Breach Impact Emerge | MSSP Alert

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

Apple fixes iPhone and iPad bug actively exploited in ‘extremely sophisticated attacks’

Progress Software fixed multiple high-severity LoadMaster flaws

Intel Patched 374 Vulnerabilities in 2024 - SecurityWeek

Security Researchers Warn of New Risks in DeepSeek AI App

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

Surge in attacks exploiting old ThinkPHP and ownCloud flaws

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 12/02/2025 Black Arrow Admin 12/02/2025

Black Arrow Cyber Advisory 12 February 2025 – Comprehensive Security Updates from Microsoft, Adobe, Apple, and More

Black Arrow Cyber Advisory 12 February 2025 – Microsoft, Adobe, Fortinet, Apple, Ivanti, OpenSSL, SAP, Zyxel, Intel, AMD & Nvidia Security Updates

Executive Summary

Microsoft’s Patch Tuesday for February 2025 included 63 security updates for its product line, including 2 actively exploited zero-day vulnerabilities. Several other major software and hardware vendors released critical security updates this month to address vulnerabilities that could be exploited by attackers.

Ivanti patched several critical flaws within its Connect Secure and Policy Secure products. Apple issued patches for its iOS and iPadOS devices to address a USB vulnerability that could allow for data exfiltration. Adobe provided updates addressing 45 vulnerabilities for several products, including InDesign, Commerce, Magento, Substance, Photoshop Elements, and Illustrator.

Fortinet published nine security advisories with updates addressing high, medium, and low severity security issues. They also updated a previous advisory from January with additional information and reference to CVE-2025-24472, which Arctic Wolf had previously highlighted in their breakdown of the attack pattern against Fortinet Fortigate Firewalls since November 2024.

OpenSSL released patches to address a vulnerability related to raw public keys, introduced with OpenSSL 3.2. Patches were released within versions 3.4.1, 3.3.2, and 3.2.4 to address the issue. As OpenSSL is utilised by many vendors, it may take some time for the updates to propagate to affected products.

SAP released 19 new security notes, including high, medium, and low vulnerabilities addressed by security patches. Zyxel recently released a security advisory on three reported vulnerabilities, informing customers to replace affected devices as they have reached end of life and are no longer supported.

Additionally, Intel, AMD, and Nvidia published new security advisories addressing high-severity vulnerabilities in their products. Intel released 34 security advisories across their product line, including a critical issue in their Server Board BMC Firmware. AMD released 11 security bulletins which included firmware patches for several high-severity vulnerabilities affecting their embedded processors. Nvidia issued four advisories for vulnerabilities within their Container, Triton, Jetson, and JPEG2000 products.

What’s the risk to me or my business?

What can I do?

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Feb

Ivanti, Apple, Adobe, Fortinet, OpenSSL, SAP, Zyxel, Intel, AMD & Nvidia

Further details of the vulnerabilities in affected Ivanti, Apple, Adobe, Fortinet, OpenSSL, SAP, Zyxel, Intel, AMD and Nvidia products can be found here:

https://www.ivanti.com/blog/february-security-update

https://support.apple.com/en-us/100100

https://helpx.adobe.com/security/security-bulletin.html

https://fortiguard.fortinet.com/psirt

https://openssl-library.org/news/secadv/20250211.txt

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2025.html

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025

https://www.intel.com/content/www/us/en/security-center/default.html

https://www.amd.com/en/resources/product-security.html

https://www.nvidia.com/en-us/security/

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 09/02/2025 Black Arrow Admin 09/02/2025

Black Arrow Cyber Threat Intelligence Briefing 7 February 2025

Black Arrow Cyber Threat Intelligence Briefing 07 February 2025:

-Destructive Attacks on Financial Institutions Surge

-AI, Cyber Crime Perceived as Top Insurance Risks

-Ransomware Victims Increased by 26% in 2024

-Over 60 Percent of Enterprise Cyber Security Incidents Relate to Known Risks

-CISOs Drive the Intersection between Cyber Maturity and Business Continuity

-Cyber Criminals Entice Traitorous Insiders via Ransom Notes

-Phishing Up Almost 50% Since 2021 with AI Attacks on the Rise

-The Cyber-Driven Domino Effect: How Financial and Security Crises Bankrupt Businesses

-Board Directors Are Taking the Lead on Cyber Security Oversight

-Credential-Stealing Malware Surges in 2024

-How Agentic AI will be Weaponised for Social Engineering Attacks

-LinkedIn Has Become a Prime Hunting Ground for Cyber Criminals

Executive Summary

Black Arrow Cyber's review of threat intelligence identified further evidence of an alarming increase in cyber threats targeting financial institutions, insurers, and enterprises, and the consequences that can include financial ruin.

Destructive cyber attacks have risen by over 12%, often erasing evidence rather than merely disrupting operations. Ransomware attacks surged by 26% in 2024, while phishing attacks have grown by nearly 50% since 2021, with AI-driven threats becoming more sophisticated. Insider threats are also on the rise, with ransomware gangs recruiting employees to facilitate breaches. Business leaders need to be aware that over 60% of enterprise cyber incidents stem from previously identified but unresolved risks, highlighting the need for proactive risk management. These trends underscore the evolving threat landscape and the critical need for a cohesive security strategy that includes continuous monitoring, the timely remediation of vulnerabilities, and employee awareness programmes.

The financial sector faces dual challenges from AI and cyber crime, with insurers ranking cyber attacks as an immediate risk. The weaponisation of AI in cyber attacks is accelerating, enabling adaptive, multi-stage social engineering campaigns. Meanwhile, credential-stealing malware now accounts for 25% of all malware activity, making identity protection a top priority. Cyber security governance is evolving to address this, with CISOs increasingly influencing business strategy and board directors taking a more proactive role in oversight.

As cyber risks intensify, Black Arrow Cyber advises businesses to prioritise cyber resilience, integrate security into corporate strategy, and enhance threat detection to safeguard operations, reputation, and financial stability.

Governance, Risk and Compliance

AI, Cyber Ccrime Perceived as Top Insurance Risks: Kennedys

CISO stature gains traction as global cyber risk escalates | CIO Dive

CISOs drive the intersection between cyber maturity and business continuity

21% of CISOs Have Been Pressured Not to Report a Compliance Issue

Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks - Infosecurity Magazine

It pays to know how your cyber security stacks up | CSO Online

Infosec pros struggle under growing compliance - Help Net Security

The Cyber-Driven Domino Effect: How Financial and Security Crises Bankrupt Businesses | MSSP Alert

Boardroom cyber expertise comes under scrutiny

Board Directors Are Taking the Lead on Cyber Security Oversight

Critical Questions For Boards: Are You Prepared For Ransomware?

Study warns on "head-in-the-sand" approach to cyber security

Why cyber hygiene should be a priority for every business in 2025 - Digital Journal

Why Cyber Security Is Everyone’s Responsibility

What Is Acceptable Risk?

EMEA CISOs Plan 2025 Cloud Security Investment

Under Pressure: Why Companies Must Mitigate the Churn of Cyber Security Leaders - Security Boulevard

The CISO’s role in advancing innovation in cyber security | CSO Online

Over 60 percent of enterprise cyber security incidents relate to known risks

Security Teams Pay the Price: The Unfair Reality of Cyber Incidents - SecurityWeek

Overconfident execs are making their companies vulnerable to fraud - Help Net Security

Why Cyber Security Needs Probability — Not Predictions

Budgets and Awareness Up, Impersonation Attacks Still Prominent | SC Media UK

2024: The Year Data Security Took A Beating

Different Position, Different Challenge: AuditBoard Reveals Why Firms Struggle With Compliance | The Fintech Times

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware victims increased by 26 percent in 2024

2024 Breaks Records with Highest Ever Ransomware Attacks, as Cyber Criminals Target Critical Infrastructure

Ransomware Groups Weathered Raids, Profited in 2024

Ransomware and the Impact on Human Lives

Less than half of ransomware incidents end in payment - but you should still be on your guard | TechRadar

Critical Questions For Boards: Are You Prepared For Ransomware?

Cyber Criminals Court Traitorous Insiders via Ransom Notes

How to combat exfiltration-based extortion attacks | TechRadar

Top 3 Ransomware Threats Active in 2025

New AI "agents" could hold people for ransom in 2025 | Malwarebytes

Destructive Attacks on Financial Institutions Surge 13% - Infosecurity Magazine

Cyber Security Risks for Financial Services Firms: Proactive Strategies to Stay Ahead | BCLP - JDSupra

More destructive cyber attacks target financial institutions - Help Net Security

Ransomware recovery payments fell in 2024 • The Register

Ransomware Victims

Tata Technologies reports ransomware attack to Indian stock exchange | The Record from Recorded Future News

Indian tech giant Tata Technologies hit by ransomware attack

Tata Technologies confirms ransomware attack, says investigation still ongoing | TechRadar

Wirral NHS cyberattack leads to missed cancer care targets • The Register

Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden | WIRED

Data breach disclosed by Mizuno after BianLian claims | SC Media

Engineering group IMI latest UK firm to be hit by cyber attack

Phishing & Email Based Attacks

How Agentic AI will be Weaponized for Social Engineering Attacks - SecurityWeek

Phishing up almost 50 percent since 2021 with AI attacks on the rise

Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA - Infosecurity Magazine

High-profile X Accounts Targeted in Phishing Campaign - Infosecurity Magazine

1-Click Phishing Campaign Targets High-Profile X Accounts

Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe | TechRadar

Cyberhaven: A Wake-Up Call for Consent Phishing Risks | Grip - Security Boulevard

Sophisticated Phishing Campaign Targets Ukraine’s Largest Bank - Infosecurity Magazine

Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks - Security Boulevard

Business Email Compromise (BEC)/Email Account Compromise (EAC)

US and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

Wembley Multi-Academy Trust Scammed Out of £385,000

Other Social Engineering

How Agentic AI will be Weaponized for Social Engineering Attacks - SecurityWeek

Top 5 AI-Powered Social Engineering Attacks

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe | TechRadar

LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to look out for | ITPro

How to Protect Yourself from the Growing Threat of Spam Calls and Robocalls

Artificial Intelligence

How Agentic AI will be Weaponized for Social Engineering Attacks - SecurityWeek

Top 5 AI-Powered Social Engineering Attacks

AI, Cyber Crime Perceived as Top Insurance Risks: Kennedys

Why employees smuggle AI into work - BBC News

AI jailbreaking techniques prove highly effective against DeepSeek | Computer Weekly

DeepSeek’s Flagship AI Model Under Fire for Security Vulnerabilities - Infosecurity Magazine

Texas Governor Orders Ban on DeepSeek, RedNote for Government Devices - SecurityWeek

UK Announces “World-First” AI Security Standard - Infosecurity Magazine

DeepSeek R1 has taken the world by storm, but security experts claim it has 'critical safety flaws' that you need to know about | ITPro

Protect your data as cyber criminals use AI to target Mac in 2025

Risk Matters: Cyber Risk and AI – The Changing Landscape

Researchers Link DeepSeek’s Blockbuster Chatbot to Chinese Telecom Banned From Doing Business in US - SecurityWeek

Video Cyber Security expert discovers DeepSeek using ‘digital fingerprinting technology’ - ABC News

Qualys Report Raises Red Flags In DeepSeek-RI Security

New AI "agents" could hold people for ransom in 2025 | Malwarebytes

How Are Threat Actors Using Adversarial GenAI?

Invisible Threats: The Rise of AI-Powered Steganography Attacks - Security Boulevard

AI Rise: Can We Still Trust What We See? - InfoRiskToday

You Could Get 5 Years In Prison For Possessing These AI Tools

Cyber Threat Defence Code of Practice Announced by UK Government | SC Media UK

Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?

Scotland at risk of major AI hack, expert warns

Charges mount in former ex-Googler's AI theft case • The Register

2FA/MFA

Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA - Infosecurity Magazine

Malware

Credential-stealing Malware Surges In 2024

Macs targeted by almost two dozen newly emergent payloads last year | SC Media

Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware

Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions

Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

DaggerFly-Linked Linux Malware Targets Network Appliances - Infosecurity Magazine

Threefold Increase in Malware Targeting Credential Stores - Infosecurity Magazine

Mac Users Warned As “Fully Undetectable” Security Backdoor Confirmed

Surge in Infostealer Attacks Threatens EMEA Organisations - Infosecurity Magazine

AI Malware Dressed Up as DeepSeek Lurks in PyPi

Protect your data as cyber criminals use AI to target Mac in 2025

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

22 New Mac Malware Families Seen in 2024 - SecurityWeek

New Microsoft script updates Windows media with bootkit malware fixes

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

Microsoft says attackers use exposed ASP.NET keys to deploy malware

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

The RAT Pack Returns: ValleyRAT's Devious Delivery Methods

Chinese cyber spies use new SSH backdoor in network device hacks

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

Russian cyber research companies post alerts about infostealer, industrial threats | The Record from Recorded Future News

Bots/Botnets

Akamai warns of active attacks from new Mirai variant | SC Media

Mobile

Screenshot-reading malware cracks iPhone security for the first time | Digital Trends

Malware With Screen Reading Code Found in iOS Apps for the First Time - MacRumors

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe | TechRadar

Security and Privacy on Your Android Phone: Features You Should Know About - CNET

Why rebooting your phone daily is your best defence against zero-click hackers | ZDNET

Gravy Analytics soaks up another sueball over data breach • The Register

Wiping your iPhone? Here's the easiest way to erase all personal data | ZDNET

Denial of Service/DoS/DDoS

Akamai warns of active attacks from new Mirai variant | SC Media

Internet of Things – IoT

Akamai warns of active attacks from new Mirai variant | SC Media

Backdoor uncovered in China-made patient monitors — Contec CMS8000 raises questions about healthcare device security | Tom's Hardware

Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?

Data Breaches/Leaks

Credential Theft Becomes Cyber Criminals' Favourite Target

Gravy Analytics soaks up another sueball over data breach • The Register

OpenAI Data Breach: Threat Actor Allegedly Claims 20 Million Logins for Sale

International Civil Aviation Organisation (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists

Mizuno USA says hackers stayed in its network for two months

NorthBay Health Data Breach Impacts 569,000 Individuals - SecurityWeek

Globe Life data breach may impact an additional 850,000 clients

US healthcare provider data breach impacts 1 million patients

Cover-up Follow-up: Westend Dental starts notifying patients of October 2020 ransomware attack – DataBreaches.Net

1 Million Impacted by Data Breach at Connecticut Healthcare Provider - SecurityWeek

Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden | WIRED

Data breach disclosed by Mizuno after BianLian claims | SC Media

Data Purportedly Stolen From Trump Hotels In Cyberattack | MSSP Alert

Taliban deny cyber security breach, claim leaked documents were not confidential | Amu TV

Organised Crime & Criminal Actors

US and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

DOJ: Over 17M Americans Impacted By Seized Cyber Crime Forums | MSSP Alert

From credit card fraud to zero-day exploits: Xe Group expanding cyber criminal efforts | CyberScoop

Crazy Evil gang runs over 10 highly specialized social media scams

Police dismantles HeartSender cyber crime marketplace network

2 Arrested in Takedown of Nulled, Cracked Hacking Forums - SecurityWeek

Two of the world's largest cyber crime forums knocked offline | ITPro

FBI, Europol shut down hacking sites selling personal info, tools for cyber criminals | News Brief | Compliance Week

California man steals $50 million using fake investment sites, gets 7 years

US accuses Canadian math prodigy of $65M crypto scheme • The Register

LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to look out for | ITPro

Dangerous hacker responsible for more than 40 cyberattacks on strategic organisations arrested – DataBreaches.Net

Man Sentenced to 7 Years in Prison for Role in $50M Internet Scam | Tripwire

Charges mount in former ex-Googler's AI theft case • The Register

Fraud factories, cyber criminals and corruption: The Economist's new podcast, "Scam Inc", uncovers a new, global, underground economy worth more than illicit drug trade

Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs

Nigeria Touts Cyber Success as African Cyber Crime Rises

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

Even the US government can fall victim to cryptojacking | FedScoop

Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

US accuses Canadian math prodigy of $65M crypto scheme • The Register

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

Insider Risk and Insider Threats

Why employees smuggle AI into work - BBC News

Cyber Criminals Court Traitorous Insiders via Ransom Notes

Charges mount in former ex-Googler's AI theft case • The Register

What you can do to prevent workforce fraud - Help Net Security

How to Root Out Malicious Employees - Security Boulevard

Human error an overlooked cyber risk for SMEs

Insurance

AI, Cyber Crime Perceived as Top Insurance Risks: Kennedys

Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks - Infosecurity Magazine

UK’s Cyber Monitoring Centre begins incident classification work | Computer Weekly

Supply Chain and Third Parties

Over a dozen firms compromised in BeyondTrust breach | SC Media

Tata Technologies confirms ransomware attack, says investigation still ongoing | TechRadar

Cyberhaven: A Wake-Up Call for Consent Phishing Risks | Grip - Security Boulevard

How to create a third-party risk management policy | TechTarget

Cloud/SaaS

EMEA CISOs Plan 2025 Cloud Security Investment

Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform

Watch Out For These 8 Cloud Security Shifts in 2025

Here’s all the ways an abandoned cloud instance can cause security issues | CyberScoop

Only 3% of organisations have a dedicated budget for SaaS security - Help Net Security

Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Abandoned AWS Cloud Storage: A Major Cyberattack Vector

Outages

Familiar failings as Barclays outage delays transactions | Today's Conveyancer

Encryption

Cyber Insights 2025: Quantum and the Threat to Encryption - SecurityWeek

If you're not working on quantum-safe encryption now, it's already too late | ZDNET

Linux and Open Source

Linux Foundation Europe and OpenSSF launch initiative for EU Cyber Resilience Act compliance - Tech.eu

DaggerFly-Linked Linux Malware Targets Network Appliances - Infosecurity Magazine

Linux Security: Scan Your Servers for Rootkits With Ease - The New Stack

Passwords, Credential Stuffing & Brute Force Attacks

Credential Theft Becomes Cyber Criminals' Favorite Target

Millions Of Password Manager Users On Red Alert—Act Now To Stay Safe

Threefold Increase in Malware Targeting Credential Stores - Infosecurity Magazine

Cyber Criminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts

Stop saving your email login info in your password manager | PCWorld

Social Media

These Are the Accounts Most Targeted By Hackers: Here's How to Secure Them

High-profile X Accounts Targeted in Phishing Campaign - Infosecurity Magazine

1-Click Phishing Campaign Targets High-Profile X Accounts

LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to look out for | ITPro

Malvertising

Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

Fraudulent Google ads seek to breach Microsoft advertisers’ credentials | SC Media

Regulations, Fines and Legislation

“Vámonos!” Declares DORA, But 43% Of UK Financial Services Say “No”

Infosec pros struggle under growing compliance - Help Net Security

UK Announces “World-First” AI Security Standard - Infosecurity Magazine

It's Time to Consolidate Cyber Security Regulations

Critical Questions For Boards: Are You Prepared For Ransomware?

Is DOGE a cyber security threat? A security expert explains the dangers of violating protocols and regulations that protect government computer systems

Musk' DOGE leashed by court after digging up Treasury data • The Register

Protecting the US from hackers apparently isn't in Trump's budget

Ireland responds to EU infringement notice on cyber security directive | Business Post

21% of CISOs Have Been Pressured Not to Report a Compliance Issue

Resolutions for Healthcare Providers: Part 1 of 2 – Cyber Security, Privacy and HIPAA Compliance | Bodman - JDSupra

Recent US Executive Order Calls for Encrypting DNS - ISC

Different Position, Different Challenge: AuditBoard Reveals Why Firms Struggle With Compliance | The Fintech Times

Trump’s anti-DEI efforts damage national security, former officials say - Nextgov/FCW

DORA Compliance Must be a Top Priority for US Financial Institutions - Security Boulevard

House Democrats demand answers over DOGE OPM server • The Register

Musk, DOGE Move into Treasury Systems Raises Security, Privacy Concerns | MSSP Alert

The biggest breach of US government data is under way | TechCrunch

Cyber Threat Defence Code of Practice Announced by UK Government | SC Media UK

Talks begin to move National Cyber Security Centre to Department of Justice

Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?

DeepSeek users could face million-dollar fine and prison time under new law | The Independent

USCG Final Rule on Cyber Security in Marine Transportation

Models, Frameworks and Standards

“Vámonos!” Declares DORA, But 43% Of UK Financial Services Say “No”

Linux Foundation Europe and OpenSSF launch initiative for EU Cyber Resilience Act compliance - Tech.eu

Ireland responds to EU infringement notice on cyber security directive | Business Post

DORA Compliance Must be a Top Priority for US Financial Institutions - Security Boulevard

Using the NIST Phish Scale Framework to Detect and Fight Phishing Attacks - Security Boulevard

Resolutions for Healthcare Providers: Part 1 of 2 – Cyber Security, Privacy and HIPAA Compliance | Bodman - JDSupra

Careers, Working in Cyber and Information Security

The cyber security skills gap reality: We need to face the challenge of emerging tech | CSO Online

Shaping The Next Generation Of Cyber Security Professionals

The Cyber Security Crisis: Companies Can’t Fill Roles, Workers Shut Out

Under Pressure: Why Companies Must Mitigate the Churn of Cyber Security Leaders - Security Boulevard

Government must address cyber security staffing shortage, NAO warns

Why Diversity Should not be Removed from Cyber in 2025 | SC Media UK

Public sector pay gap threatens UK cyber resilience

The hidden dangers of a toxic cyber security workplace - Help Net Security

Law Enforcement Action and Take Downs

Ransomware Groups Weathered Raids, Profited in 2024

US and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

DOJ: Over 17M Americans Impacted By Seized Cyber Crime Forums | MSSP Alert

Police dismantles HeartSender cyber crime marketplace network

2 Arrested in Takedown of Nulled, Cracked Hacking Forums - SecurityWeek

FBI, Europol shut down hacking sites selling personal info, tools for cyber criminals | News Brief | Compliance Week

California man steals $50 million using fake investment sites, gets 7 years

Identity thief whose deception led to his victim’s incarceration gets a 12-year prison term | AP News

US accuses Canadian math prodigy of $65M crypto scheme • The Register

Dangerous hacker responsible for more than 40 cyberattacks on strategic organisations arrested – DataBreaches.Net

Man Sentenced to 7 Years in Prison for Role in $50M Internet Scam | Tripwire

Charges mount in former ex-Googler's AI theft case • The Register

Europol Cracks Down on Global Child Abuse Network “The Com” - Infosecurity Magazine

Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs

Nigeria Touts Cyber Success as African Cyber Crime Rises

Misinformation, Disinformation and Propaganda

Mis/Disinformation: The Skew of Information and Its Impacts on You | AFCEA International

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Britain to boost cyber warfare capabilities

Exploring The Cyber Security Battlefield Of 2025

The Weaponization of Operational Technology

International Civil Aviation Organisation (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists

Nation State Actors

China

Is DeepSeek a national security threat? New research highlights ties with Chinese telecom raising data security concerns | Mint

Researchers Link DeepSeek’s Blockbuster Chatbot to Chinese Telecom Banned From Doing Business in US - SecurityWeek

Video Cyber Security expert discovers DeepSeek using ‘digital fingerprinting technology’ - ABC News

Qualys Report Raises Red Flags In DeepSeek-RI Security

Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Chinese cyber spies use new SSH backdoor in network device hacks

Backdoor uncovered in China-made patient monitors — Contec CMS8000 raises questions about healthcare device security | Tom's Hardware

DeepSeek Jailbreak Reveals Its Entire System Prompt

AI jailbreaking techniques prove highly effective against DeepSeek | Computer Weekly

DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot | WIRED

Texas Governor Orders Ban on DeepSeek, RedNote for Government Devices - SecurityWeek

DeepSeek R1 has taken the world by storm, but security experts claim it has 'critical safety flaws' that you need to know about | ITPro

Australia bans DeepSeek over security... - Mobile World Live

Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks

Russia

Sophisticated Phishing Campaign Targets Ukraine’s Largest Bank - Infosecurity Magazine

CVE-2025-0411: Ukrainian Organisations Targeted in Zero-Day Campaign and Homoglyph Attacks | Trend Micro (US)

British PM scrapped ‘dangerously obvious’ email after Russian hacking | Cybernews

7-Zip MotW bypass exploited in zero-day attacks against Ukraine

British PM Keir Starmer’s Personal Email Allegedly Hacked by Russian Operatives

Russian cyber research companies post alerts about infostealer, industrial threats | The Record from Recorded Future News

North Korea

North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

WhatsApp claims that 100 journalists and activists were the targets of Israeli-made spyware

Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

WhatsApp: Global spyware campaign conducted by Israeli firm | SC Media

Tools and Controls

Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware

Risk Matters: Cyber Risk and AI – The Changing Landscape

Enterprises invest heavily in AI-powered solutions - Help Net Security

What Is Acceptable Risk?

EMEA CISOs Plan 2025 Cloud Security Investment

Watch Out For These 8 Cloud Security Shifts in 2025

Here’s all the ways an abandoned cloud instance can cause security issues | CyberScoop

Future of Cyber Security: Will XDR Absorb SIEM & SOAR? | Trend Micro (US)

How AI-driven SOC co-pilots will change security center operations

Only 3% of organisations have a dedicated budget for SaaS security - Help Net Security

The API security crisis and why businesses are at risk - Help Net Security

Beware cyber security tech that’s past its prime — 5 areas to check or retire | CSO Online

Recent US Executive Order Calls for Encrypting DNS - ISC

Financial services to increase AI spending with cyber security a top priority, finds Nvidia report - FStech

How to build an effective purple team playbook | TechTarget

Security Teams Pay the Price: The Unfair Reality of Cyber Incidents - SecurityWeek

One breach to rule them all: The security perils of digital consolidation | SC Media

Budgets and Awareness Up, Impersonation Attacks Still Prominent | SC Media UK

Why streamlining cyber security is essential for success - Verdict

How to create a third-party risk management policy | TechTarget

Is Your Antivirus Spying on You? Yes, and Some Are Worse Than Others

What does it mean to build in security from the ground up? • The Register

Why honeypots deserve a spot in your cyber security arsenal | CSO Online

Other News

Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks - Infosecurity Magazine

The Weaponisation of Operational Technology

Financial sector faces increased cyber security threats

Destructive Attacks on Financial Institutions Surge 13% - Infosecurity Magazine

Cyber security Risks for Financial Services Firms: Proactive Strategies to Stay Ahead | BCLP - JDSupra

DNSFilter's Annual Security Report Reveals Worrisome Spike in Malicious DNS Requests

How safe is coffee shop WiFi? | BCS

Build a vulnerability management program with internet exposure in mind | SC Media

One breach to rule them all: The security perils of digital consolidation | SC Media

Threat Actors Target Public-Facing Apps for Initial Access - Infosecurity Magazine

More destructive cyber attacks target financial institutions - Help Net Security

NCSC Issues Guidance to Protect UK Research and Innovation - Infosecurity Magazine

2024: The Year Data Security Took A Beating

NAO warns of severe cyber threat to the UK

Cyber security, government experts are aghast at security failures in DOGE takeover | CyberScoop

Introduce cyber security in schools, experts warn

Financial advisers neglecting cyber security at their own risk

Government must address cyber security staffing shortage, NAO warns

Booking.com’s CISO on Strengthening Security in Travel Sector - Infosecurity Magazine

Elon Musk Access to Key Data Systems Sparks Cyber Alarms

USCG Final Rule on Cyber Security in Marine Transportation

Vulnerability Management

Navigating the Future: Key IT Vulnerability Management Trends

Transforming Vulnerability Management with Threat Intelligence: A Vision for MSSPs | MSSP Alert

768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023

Over 60 percent of enterprise cyber security incidents relate to known risks

Managing Software Risk in a World of Vulnerabilities

Infosec pros: We need CVSS, warts and all | CyberScoop

From credit card fraud to zero-day exploits: Xe Group expanding cyber criminal efforts | CyberScoop

Vulnerabilities

New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

A worrying security flaw could have left Microsoft SharePoint users open to attack | TechRadar

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities - SecurityWeek

Google warns Android users of a kernel flaw under attack • The Register

Critical RCE bug in Microsoft Outlook now exploited in attacks

Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware

Zyxel won’t patch newly exploited flaws in end-of-life routers

Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers | TechCrunch

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

Hackers Exploiting A Six-Year-Old IIS Vulnerability To Gain Remote Access

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

AMD patches high severity security flaw affecting Zen chips | TechRadar

Microsoft Patches Critical Azure AI Face Security Bug | MSSP Alert

New Microsoft script updates Windows media with bootkit malware fixes

CISA orders agencies to patch Linux kernel bug exploited in attacks

Cisco Patches Critical Vulnerabilities in Enterprise Security Product - SecurityWeek

BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key

7-Zip MotW bypass exploited in zero-day attacks against Ukraine

Netgear warns users to patch critical WiFi router vulnerabilities

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 02/02/2025 Black Arrow Admin 02/02/2025

Black Arrow Cyber Threat Intelligence Briefing 31 January 2025

Black Arrow Cyber Threat Intelligence Briefing 31 January 2025:

-More Than Half of UK Workplaces Faced Cyber Attacks Last Year

-Cyber Security Responsibilities Across the C-Suite: A Breakdown for Every Executive

-Hackers Use Generative AI to Attack More Frequently and Effectively

-74% of Organisations are Increasing Crisis Simulation Budgets

-Only 13% of Organisations Fully Recover Data After a Ransomware Attack

-Cyber Security Threats Hit Mid-Market Firms Where It Hurts: The Bottom Line

-GhostGPT Can Write Malicious Code, Create Malware, and Create Convincing Phishing Emails for Just $50/Week

-New Phishing Campaign Targets Mobile Devices with Malicious PDFs

-The Clock is Ticking: Hackers Can Take You Down in 48 Minutes

-Security Threats Top Concerns for UK SMEs

-SaaS (Cloud) Breaches Skyrocket 300% as Traditional Defences Fall Short

-Rise of AI is Causing Many Firms to Worry About Their Cyber Security

Executive Summary

Looking at open source reporting this week, and indeed from our own work, it is clear that UK businesses are facing an alarming rise in cyber attacks, with over half experiencing an incident in 2024. Despite this, only a minority have structured risk assessments or incident response plans in place. AI-driven phishing attacks have surged by over 4,000%, yet just 17% of organisations invest in cyber security training. Meanwhile, the rapid adoption of generative AI is both strengthening defences and empowering attackers. Tools like GhostGPT, available for as little as $50 per week, are automating malware development and phishing campaigns, reducing the technical barrier for cyber criminals. The time from initial breach to full compromise has shrunk to just 48 minutes, highlighting the need for faster response times and automated defences.

Cyber security is no longer just a technical challenge but a critical business issue requiring C-suite engagement. CEOs must integrate security into corporate strategy, particularly for mid-market firms where breaches threaten growth and innovation. The escalating ransomware crisis has led to 58% of victims shutting down operations, yet only 13% fully recover their data, exposing gaps in resilience. The surge in SaaS breaches, up 300% in the past year, further underscores the importance of identity protection and continuous monitoring to mitigate risk.

As cyber threats intensify, Black Arrow Cyber advises organisations to prioritise crisis simulations, proactive investment, and cross-functional collaboration. With 74% of CISOs increasing crisis simulation budgets and AI reshaping the threat landscape, businesses must act now to build resilience. Strengthening mobile security, enforcing least privilege access, and rapidly addressing vulnerabilities are crucial to preventing financial and reputational harm. The cyber security clock is ticking, and businesses must move swiftly to stay ahead of evolving threats.

Governance, Risk and Compliance

CISOs boost board presence by 77% over two years | Computer Weekly

Cyber Security Responsibilities Across the C-Suite: A Breakdown for Every Executive - Security Boulevard

CISOs are gaining more influence in the boardroom, and it’s about time | ITPro

74% of CISOs are increasing crisis simulation budgets - Help Net Security

Rise of AI is causing many firms to worry about their cyber security | TechRadar

Hackers Are Getting Faster—48 Minutes And You’re Cooked

Cyber security crisis in numbers - Help Net Security

Cyber security Threats Hit Mid-Market Firms in the Bottom Line

CISOs Are Gaining C-Suite Swagger

88% of High-Uncertainty Firms Report Cyber Security Risks

UK Organisations Boosting Cyber Security Budgets - Infosecurity Magazine

UK's small businesses underestimating risk of cyber attacks

Security threats top concerns for UK SMEs – PCR

It’s time to catch up with cyber attackers | TechRadar

More than half of UK workplaces faced cyber attacks last year | theHRD

How to improve cyber resilience across your workforce | theHRD

Cyber Resilience: Sorry Vendors, It’s About Leadership, Not Tech

Crisis Simulation: The New Frontier for CISOs in 2025

How CISOs can forge the best relationships for cyber security investment | CSO Online

Old Ways of Vendor Risk Management Are No Longer Enough

We're losing the battle against complexity, and AI may or may not help | ZDNET

Revealed – top emerging threats for banks and insurers | Insurance Business America

Acronis Data Privacy Survey Reveals 64% of Global Consumers

Cyber trends set to influence business strategies - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

TRIPLESTRENGTH Operation Targets Major Cloud Platforms | MSSP Alert

Don't count on ransomware insurance to save you - Tech Monitor

Survey Surfaces Extent of Financial Damage Caused by Ransomware Scourge - Security Boulevard

58% of Ransomware Victims Forced to Shut Down Operations - Infosecurity Magazine

Illumio Research Reveals 58% of Companies Hit With

Only 13% of organisations fully recover data after a ransomware attack - Help Net Security

Another banner year for ransomware gangs • The Register

Ransomware Gangs Linked by Shared Code and Ransom Notes - Infosecurity Magazine

The rising tide of ransomware and what it means for small and medium-sized businesses [Q&A]

Lynx Ransomware Infrastructure To Attack Windows, Linux, ESXi & Affiliate Panel Uncovered

Baguettes bandits strike again with ransomware, humiliation • The Register

New Hellcat Ransomware Gang Employs Humiliation Tactics - Infosecurity Magazine

Revealed – top emerging threats for banks and insurers | Insurance Business America

New report warns of sophisticated techniques being used by ransomware group Arcus Media - SiliconANGLE

How Interlock Ransomware Infects Healthcare Organisations

What we know about the AI-powered ransomware group, FunkSec - Raconteur

UK: Consultation on Ransomware payments | DLA Piper - JDSupra

Lynx ransomware infiltration reveals affiliate panel details | SC Media

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access

Ransomware Victims

MGM to pay $45m to data breach and ransomware victims

Let’s Secure Insurance failed to secure their own data storage. Now they have a breach. – DataBreaches.Net

152,000 Impacted by Data Breach at Berman & Rabin - SecurityWeek

'A poignant reminder of the devastating impact': The steps to take to safeguard your business against ransomware attack - Business MK

Healthcare Sector Charts 2 More Ransomware Attacks

Ransomware Attack Disrupts Blood Donation Services in US - Infosecurity Magazine

Smiths Group Scrambling to Restore Systems Following Cyber Attack - SecurityWeek

Phishing & Email Based Attacks

New Phishing Campaign Targets Mobile Devices with Malicious PDFs - Infosecurity Magazine

Google forced to step up phishing defences following ‘most sophisticated attack’ it has ever seen | TechRadar

The top 10 brands exploited in phishing attacks - and how to protect yourself | ZDNET

Hidden Text Salting Disrupts Brand Name Detection Systems - Infosecurity Magazine

Hidden in Plain Sight: PDF Mishing Attack - Security Boulevard

Threat Actors Exploit Government Websites for Phishing - Infosecurity Magazine

Phishing Campaign Baits Hook With Malicious Amazon PDFs

Nine out of ten emails are spam - Help Net Security

Other Social Engineering

New Phishing Campaign Targets Mobile Devices with Malicious PDFs - Infosecurity Magazine

Scammers Are Creating Fake News Videos to Blackmail Victims | WIRED

DoJ Busts Up Another Multinational DPRK IT Worker Scam

Don't Fall For These Reddit Scam Pages Waiting to Install Malware On Your Computer

Reddit, WeTransfer pages spoofed in Lumma Stealer campaign | SC Media

British Vishing-as-a-Service Trio Sentenced - Infosecurity Magazine

Artificial Intelligence

Prompt Injection Tricks AI Into Downloading And Executing Malware | Hackaday

Hackers use GenAI to attack more frequently and effectively | TechRadar

Hackers are using a new AI chatbot to wage attacks: GhostGPT lets users write malicious code, create malware, and curate phishing emails – and it costs just $50 to use | ITPro

Rise of AI is causing many firms to worry about their cyber security | TechRadar

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

89% of IT Leaders Worry GenAI Flaws Could Negatively Impact Their Organisation’s Cyber Security Strategies, Sophos Survey Finds

AI-powered Chrome extensions are watching you…

AI security posture management will be needed before agentic AI takes hold - Help Net Security

DeepSeek Blames Disruption on Cyber Attack as Vulnerabilities Emerge - SecurityWeek

The Wiretap: DeepSeek Turned Into Evil Malware Maker, Researchers Find

Nation-State Hackers Abuse Gemini AI Tool - Infosecurity Magazine

What we know about the AI-powered ransomware group, FunkSec - Raconteur

The 10 worst software disasters of 2024: cyber attacks, malicious AI, and silent threats | TechRadar

DeepSeek database left open, exposing sensitive info • The Register

Hackers Are Using Google's AI Chatbot to Make Attacks More Efficient - Business Insider

Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics

Risk Matters: Cyber Risk and AI – The Changing Landscape | Newswise

Preparing financial institutions for the next generation of cyber threats - Help Net Security

Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

Former OpenAI safety researcher brands pace of AI development ‘terrifying’ | Artificial intelligence (AI) | The Guardian

2FA/MFA

How hackers bypass MFA – and what to do about it | ITPro

Malware

Over a billion credentials stolen were stolen in malware attacks in 2024 | TechRadar

Prompt Injection Tricks AI Into Downloading And Executing Malware | Hackaday

Hacker infects 18,000 "script kiddies" with fake malware builder

Russian Scammers Target Crypto Influencers with Infostealers - Infosecurity Magazine

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

Phishing Campaign Baits Hook With Malicious Amazon PDFs

Don't Fall For These Reddit Scam Pages Waiting to Install Malware On Your Computer

Reddit, WeTransfer pages spoofed in Lumma Stealer campaign | SC Media

18,459 Devices Compromised Worldwide Via XWorm RAT Builder | MSSP Alert

Cyber Insights 2025: Malware Directions - SecurityWeek

Secondary payloads delivered via MintsLoader attacks | SC Media

The Wiretap: DeepSeek Turned Into Evil Malware Maker, Researchers Find

Over 10,000 WordPress sites found showing fake Google browser update pages to spread malware | TechRadar

PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyber Attacks

Phishing campaign in Poland and Germany deploys TorNet backdoor | SC Media

What Happens When Students Bring Malware to Campus? | EdTech Magazine

Bots/Botnets

Aquabot Botnet Targeting Vulnerable Mitel Phones - SecurityWeek

Mobile

New Phishing Campaign Targets Mobile Devices with Malicious PDFs - Infosecurity Magazine

Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More

Google Play security teams used AI in 92% of app reviews in 2024 - Android Authority

Google blocked 2.36 million risky Android apps from Play Store in 2024

Denial of Service/DoS/DDoS

The Undercurrent Behind the Rise of DeepSeek: DDoS Attacks in the Global AI Technology Game - Security Boulevard

Internet of Things – IoT

Cyber Security Threats To Modern Cars: How Hackers Are Taking Control

Data Breaches/Leaks

MGM to pay $45m to data breach and ransomware victims

TalkTalk confirms data breach involving a third-party platform

UK telco TalkTalk launches probe into alleged data grab • The Register

1 in 2 Americans affected by UnitedHealth cyber attack, new disclosure shows | Rock Hill Herald

UnitedHealth estimates 190M people impacted by Change Healthcare cyber attack – DataBreaches.Net

Mega Data Breaches Push US Victim Count to 1.7 Billion - Infosecurity Magazine

Millions of airline customers possibly affected by OAuth security flaw | TechRadar

DeepSeek database left open, exposing sensitive info • The Register

312% Surge in Breach Notices That Could Have Been Prevented

PowerSchool starts notifying victims of massive data breach

Reporting a Breach? Make Sure Your Lawyer's on Call

152,000 Impacted by Data Breach at Berman & Rabin - SecurityWeek

Cyber security Event at Benefits Management Group Results in Data Breach | Console and Associates, P.C. - JDSupra

Organised Crime & Criminal Actors

Cyber security crisis in numbers - Help Net Security

Hackers Are Getting Faster—48 Minutes And You’re Cooked

Man arrested after climate activists cut UK insurance firms’ fibre optic cables | UK news | The Guardian

FBI nominee Kash Patel gets questions on cyber crime investigations, Silk Road founder, surveillance powers | CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

TRIPLESTRENGTH Operation Targets Major Cloud Platforms | MSSP Alert

At least $69 million stolen from crypto platform Phemex in suspected cyber attack | The Record from Recorded Future News

Russian Scammers Target Crypto Influencers with Infostealers - Infosecurity Magazine

What's Yours is Mine: Is Your Business Ready for Cryptojacking Attacks?

Insider Risk and Insider Threats

How to improve cyber resilience across your workforce | theHRD

British Museum says ex-contractor 'shut down' IT systems • The Register

HR Magazine - Former employee shuts down British Museum IT systems

CrowdStrike Highlights Magnitude of Insider Risk

Insurance

Don't count on ransomware insurance to save you - Tech Monitor

Cyber Insights 2025: Cyberinsurance – The Debate Continues - SecurityWeek

Supply Chain and Third Parties

TalkTalk confirms data breach involving a third-party platform

Revealed – top emerging threats for banks and insurers | Insurance Business America

How Lazarus Group built a cyber espionage empire - Help Net Security

Third-Party Vendors Are the Supply Chain’s Ignored Vulnerability | HackerNoon

Building Resilience Against Zero-Day Threats In Third-Party Risk Management

Old Ways of Vendor Risk Management Are No Longer Enough

Companies told to enhance third party cyber security efforts

GoDaddy’s Cyber Security Called Into Question

Cloud/SaaS

TRIPLESTRENGTH Operation Targets Major Cloud Platforms | MSSP Alert

SaaS Breaches Skyrocket 300% as Traditional Defences Fall Short - Infosecurity Magazine

MITRE's Latest ATT&CK Simulations Tackles Cloud Defences

Microsoft investigates Microsoft 365 outage affecting users, admins

Outages

Man arrested after climate activists cut UK insurance firms’ fibre optic cables | UK news | The Guardian

Microsoft investigates Microsoft 365 outage affecting users, admins

Identity and Access Management

Hackers use Windows RID hijacking to create hidden admin account

Staying Ahead with Enhanced IAM Protocols - Security Boulevard

Microsoft Details Key Strategies for Proactive Identity Management

Encryption

"Anonymity is not a fundamental right": experts disagree with Europol chief's request for encryption back door | TechRadar

Linux and Open Source

Lynx Ransomware Infrastructure To Attack Windows, Linux, ESXi & Affiliate Panel Uncovered

Lazarus Group's latest heist hits hundreds globally • The Register

Facebook flags Linux topics as 'cyber security threats' — posts and users being blocked | Tom's Hardware

Passwords, Credential Stuffing & Brute Force Attacks

Over a billion credentials stolen were stolen in malware attacks in 2024 | TechRadar

Multiple Git flaws led to credentials compromise

Social Media

Is TikTok a national security threat – or is the ban a smokescreen for superpower rivalry? | TikTok | The Guardian

Microsoft Eyes TikTok’s US Operations Amid National Security Concerns - gHacks Tech News

facebook flags Linux topics as threats

Facebook flags Linux topics as 'cyber security threats' — posts and users being blocked | Tom's Hardware

Trump’s bigger China cyber threat isn’t TikTok - The Japan Times

Malvertising

Security Bite: How hackers are still using Google Ads to spread malware - 9to5Mac

Training, Education and Awareness

How to improve cyber resilience across your workforce | theHRD

Regulations, Fines and Legislation

National security risks in routers, modems targeted in bipartisan Senate bill | CyberScoop

SEC and FCA fines: Issues jump - Help Net Security

312% Surge in Breach Notices That Could Have Been Prevented

UK: Consultation on Ransomware payments | DLA Piper - JDSupra

Strengthening National Security in the AI Era

FBI nominee Kash Patel gets questions on cyber crime investigations, Silk Road founder, surveillance powers | CyberScoop

Trump Administration Faces Security Balancing Act in Borderless Cyber Landscape - SecurityWeek

Gutting US cyber advisory boards 'foolish' • The Register

Models, Frameworks and Standards

MITRE's Latest ATT&CK Simulations Tackles Cloud Defences

Careers, Working in Cyber and Information Security

Hackers allegedly stole $69M from cryptocurrency platform Phemex

Nine human-centric strategies that strengthen security teams | SC Media

How to make sure you’ve got the cyber security people you need

Law Enforcement Action and Take Downs

Another banner year for ransomware gangs • The Register

British Vishing-as-a-Service Trio Sentenced - Infosecurity Magazine

Brit fraudsters sentenced over account takeover operation • The Register

Authorities Seize Domains of Popular Hacking Forums in Major Cyber Crime Crackdown

Nulled, Other Cyber Crime Websites Seized by Law Enforcement - SecurityWeek

FBI seizes Cracked.io, Nulled.to hacking forums in Operation Talent

Law enforcement continues efforts to disrupt cyber crime forums and services – DataBreaches.Net

Misinformation, Disinformation and Propaganda

AI, disinformation and cyber security - POST

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

The Private Sector on the Front Line | Foreign Affairs

Nation State Actors

China

MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables | Computer Weekly

As Russian Spy Ship Yantar Enters British Waters, the Deep-Sea Battle Over Undersea Cables Heats Up - WSJ

Vessel seized on suspicion of cutting Baltic internet cable

Latvia: Undersea cable likely damaged by external influence – DW – 01/27/2025

One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years | TechRadar

Inside China's 'hacking capital' that has ignited global cyber security alarms | ITV News

Is TikTok a national security threat – or is the ban a smokescreen for superpower rivalry? | TikTok | The Guardian

Are We Serious About Chinese Spying? - SMERCONISH

DeepSeek Blames Disruption on Cyber Attack as Vulnerabilities Emerge - SecurityWeek

National security risks in routers, modems targeted in bipartisan Senate bill | CyberScoop

The Wiretap: DeepSeek Turned Into Evil Malware Maker, Researchers Find

Hackers Are Using Google's AI Chatbot to Make Attacks More Efficient - Business Insider

Baltic undersea pipes and cables keep getting damaged. What’s going on? | CNN Business

Trump’s bigger China cyber threat isn’t TikTok - The Japan Times

UK launches inquiry into threats to subsea cable systems

Sweden seizes vessel after another undersea cable damaged • The Register

Gutting US cyber advisory boards 'foolish' • The Register

Microsoft Eyes TikTok’s US Operations Amid National Security Concerns - gHacks Tech News

Russia

MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables | Computer Weekly

As Russian Spy Ship Yantar Enters British Waters, the Deep-Sea Battle Over Undersea Cables Heats Up - WSJ

Vessel seized on suspicion of cutting Baltic internet cable

Latvia: Undersea cable likely damaged by external influence – DW – 01/27/2025

Cross-Party Inquiry Examines Threats to Undersea UK Internet Cables - ISPreview UK

Nation-State Hackers Abuse Gemini AI Tool - Infosecurity Magazine

Baltic undersea pipes and cables keep getting damaged. What’s going on? | CNN Business

UK launches inquiry into threats to subsea cable systems

Sweden seizes vessel after another undersea cable damaged • The Register

Exclusive: Baltic Sea shipping tax could pay for undersea cable protection, says Estonian minister | Reuters

Russian Scammers Target Crypto Influencers with Infostealers - Infosecurity Magazine

European Union Sanctions Russian Nationals for Hacking Estonia - SecurityWeek

GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

Iran

Google details nefarious Gemini use by Iranian spies • The Register

North Korea

How Lazarus Group built a cyber espionage empire - Help Net Security

DoJ Busts Up Another Multinational DPRK IT Worker Scam

Lazarus Group's latest heist hits hundreds globally • The Register

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

Tools and Controls

74% of CISOs are increasing crisis simulation budgets - Help Net Security

Crisis Simulations: A Top 2025 Concern for CISOs

CISOs Boost Crisis Simulation Budgets Amid High-Profile Cyber-Attacks - Infosecurity Magazine

Crisis Simulation: The New Frontier for CISOs in 2025

How to improve cyber resilience across your workforce | theHRD

Attackers exploit SimpleHelp RMM Software flaws for initial access

Building Resilience Against Zero-Day Threats In Third-Party Risk Management

Hackers exploiting flaws in SimpleHelp RMM to breach networks

Risk Matters: Cyber Risk and AI – The Changing Landscape | Newswise

UK Organisations Boosting Cyber Security Budgets - Infosecurity Magazine

PrintNightmare Aftermath: Windows Print Spooler is Better. What's Next?

Old Ways of Vendor Risk Management Are No Longer Enough

Cyber Resilience: Sorry Vendors, It’s About Leadership, Not Tech

How CISOs can forge the best relationships for cyber security investment | CSO Online

Prepare to be breached: the radical cyber-security strategy that might save your business | The Independent

Microsoft Teams phishing attack alerts coming to everyone next month

Man arrested after climate activists cut UK insurance firms’ fibre optic cables | UK news | The Guardian

How to Choose the Right Cyber Security Software: A Comprehensive Guide - Security Boulevard

Remote Monitoring and Management (RMM) Abuse | Intel 471

Staying Ahead with Enhanced IAM Protocols - Security Boulevard

We're losing the battle against complexity, and AI may or may not help | ZDNET

WFH with privacy? 85% of Brit bosses are snooping on staff • The Register

Fragmented cyber security is costing businesses billions, and putting them at risk | TechRadar

Nine out of ten emails are spam - Help Net Security

Other News

World Economic Forum 2025: Navigating Cyber Security in an Era of Complexity

Vulnerabilities in Telecom Networks Let Hackers Gain Access to 3,000 Companies

Cross-Party Inquiry Examines Threats to Undersea UK Internet Cables - ISPreview UK

Cyber security crisis in numbers - Help Net Security

The 10 worst software disasters of 2024: cyber attacks, malicious AI, and silent threats | TechRadar

UK government is facing a “severe” cyber threat, report

NAO blasts UK gov over litany of cyber resilience failures • The Register

It’s time to catch up with cyber attackers | TechRadar

UK launches inquiry into threats to subsea cable systems

Sweden seizes vessel after another undersea cable damaged • The Register

SMEs to ramp up tech investments in 2025 | Mortgage Professional Australia

Remote Monitoring and Management (RMM) Abuse | Intel 471

GoDaddy’s Cyber Security Called Into Question

Strengthening cyber security for fintech SMEs: A call for compliance, investment, collaboration - SME News | The Financial Express

Vulnerability Management

Building Resilience Against Zero-Day Threats In Third-Party Risk Management

NCSC Calls on Vendors to Eradicate “Unforgivable” Vulnerabilities - Infosecurity Magazine

Microsoft to deprecate WSUS driver synchronization in 90 days

The 10 worst software disasters of 2024: cyber attacks, malicious AI, and silent threats | TechRadar

UK’s NCSC Proposes New Vulnerability Classification System | MSSP Alert

Vulnerabilities

Fortinet Zero-Day Gives Attackers Super-Admin Privileges

TeamViewer Patches High-Severity Vulnerability in Windows Applications - SecurityWeek

RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations

Palo Alto Networks firewalls have UEFI flaws, Secure Boot bypasses | CSO Online

One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years | TechRadar

LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity - SecurityWeek

Vulnerabilities in Telecom Networks Let Hackers Gain Access to 3,000 Companies

Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More

SonicWall says hackers are exploiting a new zero-day bug to breach customer networks | TechCrunch

Aquabot Botnet Targeting Vulnerable Mitel Phones - SecurityWeek

Multiple Git flaws led to credentials compromise

Apple Silicon flaws could make your private data vulnerable

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

Apple's in-house chips have security flaws that could expose your Gmail inbox to attackers

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

VMware plugs credential-leaking bugs in Cloud Foundation • The Register

TeamViewer fixed a bug in Windows client and host applications

Hackers exploiting flaws in SimpleHelp RMM to breach networks

Millions of airline customers possibly affected by OAuth security flaw | TechRadar

Critical remote code execution bug found in Cacti framework

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 31/01/2025 Black Arrow Admin 31/01/2025

Black Arrow’s Key Cyber Predictions for 2025

Black Arrow’s Key Cyber Predictions for 2025

At Black Arrow, we see significant cyber risks escalating in 2025 as attackers’ technology and tactics develop, and geopolitical tensions increase. Our cyber threat intelligence, including our weekly briefing for our newsletter subscribers, shows a sharp rise in attacks during 2024, which continues into 2025. This includes increasingly sinister phishing and other AI-enabled attacks as part of ransomware and extortion, which in some cases lead to the collapse of the victim organisation.

Phishing in 2025, Powered by AI

In 2025, we see phishing continuing its alarming rise. Attackers are using AI to amplify the dangers of phishing, not just in emails but also in Teams and other messaging platforms. AI-generated messages adapt to bypass existing controls, with greater success in landing in employees' inboxes. Gone are the days of spotting phishing through bad spelling and grammar; AI will generate perfect communications tailored to specific sectors and will flex to penetrate victims' security.

Deepfake: A Growing Threat in 2025

Deepfake audio and video calls form part of a modern attack scenario, no longer limited to sophisticated attackers. The deepfake video attack on Arup last year, which resulted in USD 25 million in fraudulent bank payments, was a trailblazing example. With the rapid development of AI, we predict that deepfake attacks will affect small and medium-sized businesses as much as large organisations. The technology and kits for such attacks are set to become cheaper and more accessible in 2025.

Supply Chain Risks: No Company is an Island

Organisations heavily rely on other companies to manage key activities or systems, including outsourced payroll, IT, accounting, legal services, and marketing. This trend will continue to grow in 2025, along with substantial cyber security risks. Attackers will increasingly focus on supply chains as an easy way to access data for ransom or payment fraud. An example of the most popular attack we see would be where an attacker gains access to your third party’s email account (known as business email compromise, or BEC), and then interacts with you from that trusted email account to make changes to bank account details for upcoming payments. BEC and other attacks often start with phishing emails which we see will be enhanced by AI and deepfake in 2025.

Quantum Computing: On the Horizon

With many organisations developing quantum computing, we expect advances in 2025 and beyond that will present opportunities for both organisations and attackers. Quantum computers have the potential to solve highly complex problems at high speed, but this capability could also be used by attackers to break encryption. We see 2025 as the year when many organisations start to reexamine their security approaches to withstand the malicious use of quantum computing.

Constant Innovation: The Need for Threat Intelligence

The sudden appearance of DeepSeek AI in late January 2025, which sent shockwaves through the global technology sector, reminds us that all businesses need to stay abreast of technological developments and understand their cyber security implications. We encourage you to subscribe to our free weekly threat intelligence briefing, sent by email every Monday, to help keep up to date.

Visit our website at www.blackarrowcyber.com/subscribe for more information.

Black Arrow Admin 26/01/2025 Black Arrow Admin 26/01/2025

Black Arrow Cyber Threat Intelligence Briefing 24 January 2025

Black Arrow Cyber Threat Intelligence Briefing 24 January 2025:

-Russian Ransomware Groups Deploy Email Bombing and Teams Vishing

-Cyber Security Breaches Are Increasing Business Insolvency Risks

-Companies Seek Specialised Expertise to Combat Artificial Intelligence (AI) Cyber Threats

-When Risk Becomes Habit: Employee Behaviour and Organisational Security

-New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing

-Global Cyber Attacks Jumped 44% Last Year

-Phishing Campaigns Became a Lot More Sinister in 2024

-CISOs Dramatically Increase Boardroom Influence but Many Still Lack Soft Skills

-Bad News - Businesses Who Pay Ransomware Attackers Aren’t Very Likely to Get Their Data Back

-Deepfakes Force a New Era in Fraud Detection, Identity Verification

-Misinformation Is No. 1 Global Risk, Cyber Espionage in Top 5

-Educate, Prepare, and Mitigate: The Keys to Unlocking Cyber Resilience

-What is ‘Security Theatre’ and How Can Firms Move Beyond It?

-SMEs Face Rising Cyber Threats Amid AI and Training Concerns

Executive Summary

This week, our cyber threat intelligence reports on new and evolving tactics of attackers and the devastating impact of attacks, as well as how organisations should act to improve their security including rehearsing how they will react when they experience an incident.

Recent reports highlight a surge in attacks whereby the attacker overwhelms their victim with emails and then contacts them on Teams posing as IT support to gain access to the victim’s systems. These attacks underscore the need for organisations to restrict external communications, limit remote access, and enhance employee awareness to prevent breaches. Furthermore, the growing use of artificial intelligence (AI) by cyber criminals has necessitated a focus on specialised expertise, with companies investing in both internal training and external cyber security support to counter AI-driven threats.

Behind the stories of attacks and data breaches, there are the real lives of individuals and organisations who suffer the heart-breaking catastrophic impact, including organisations that have closed or filled for insolvency. Studies indicate that the average cost of a breach is now nearly $5 million, while paying ransom demands often fails to recover data, leading to further losses. The increasing sophistication of phishing campaigns and deepfake technology is further complicating fraud detection and identity verification processes. To mitigate these risks, firms must adopt a proactive approach that includes robust incident response plans, enhanced employee training, and the adoption of zero-trust security frameworks.

Organisations must move beyond 'security theatre' by focusing on practical, risk-based strategies that address core vulnerabilities rather than relying on superficial measures. The rise in nation-state cyber espionage, misinformation, and AI-enabled threats highlights the importance of collaboration between public and private sectors to enhance resilience. As cyber security gains greater prominence at the boardroom level, business leaders must ensure they are equipped with the necessary knowledge and strategic vision to navigate this rapidly changing threat landscape effectively.

Governance, Risk and Compliance

Many firms see cyber attacks as their top business concern this year | TechRadar

Experts fire security warning as EU’s DORA comes into play

DORA Takes Effect: Financial Firms Navigating Compliance Headwinds - Infosecurity Magazine

Cyber disruptions remain top business risk concern in US, globally | CIO Dive

The WEF forecasts a rocky year ahead in cyber security - Verdict

When risk becomes habit Employee behaviour and organisational security | Mimecast

Why CISOs Must Think Clearly Amid Regulatory Chaos

The CFO may be the CISO’s most important business ally | CSO Online

Global cyber attacks jumped 44% last year | ITPro

Security chiefs whose companies operate in the EU should be exploring DORA now | CSO Online

Cyber security Breaches Are Increasing Business Insolvency Risks

Educate, Prepare, & Mitigate: The Keys To Unlocking Cyber Resilience

What is ‘security theatre’ and how can we move beyond it? | CyberScoop

Security Need to Start Saying 'No' Again

CISOs Dramatically Increase Boardroom Influence but Still Lack Soft Sk - Infosecurity Magazine

CISOs are juggling security, responsibility, and burnout - Help Net Security

Splunk Report: CISOs Gain Influence in the C-Suite and Boardrooms Worldwide

Nearly half of CISOs now report to CEOs, showing their rising influence - Help Net Security

Businesses prepare to update their cyber security playbooks for Trump era amid increasing threats | Fortune

SMEs face rising cyber threats amid AI and training concerns - The Recycler - 20/01/2025

JPMorgan’s CISO on Overcoming Surging Threats and Regulatory Hurdles - Infosecurity Magazine

Cyber security is tough: 4 steps leaders can take now to reduce team burnout | CSO Online

The UK's cyber security landscape: Key trends and challenges for 2025

CISO Top 10 Priorities for Q1 2025: Key Findings and Evolving Focus | SC Media

Top Priorities for Cyber Security Leaders in 2025: Info-Tech Research Group Publishes Annual Report

Threats

Ransomware, Extortion and Destructive Attacks

Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine

Ransomware gangs pose as IT support in Microsoft Teams phishing attacks

Ransomware Attacks Surge to Record High in December 2024 - Infosecurity Magazine

Microsoft services exploited in separate ransomware campaigns | SC Media

Bad news - businesses who pay ransomware attackers aren’t very likely to get their data back | TechRadar

Record Number of Ransomware Attacks in December 2024 - SecurityWeek

Suspected AI-Powered Python Backdoor Tapped for RansomHub Deployment | MSSP Alert

HP Wolf Security Threat Intelligence: AI-Fueled Cyber Attackers - The Futurum Group

FBI: North Korean IT workers steal source code to extort employers

Russian couple on trial for large-scale ransomware attacks

35 years on: The history and evolution of ransomware | TechRadar

The impact of the cyber insurance industry in resilience against ransomware | TechRadar

Medusa Ransomware: What You Need To Know | Tripwire

A floppy disk launched world's first ransomware attack 35 years ago | TechSpot

New Ransomware Attacking VMware ESXi Hosts Via SSH Tunneling to Evade Detection

Next Steps for the International Counter Ransomware Initiative

Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

Ransomware Victims

Ransomware costs at NHS provider Synnovis far outstrip profits

59 organisations reportedly victim to breaches caused by Cleo software bug | TechRadar

PowerSchool hackers have your kid's info. These 3 steps protect them | PCWorld

Ransomware attack forces Brit high school to shut doors • The Register

Phishing & Email Based Attacks

Ransomware Groups Abuse Microsoft Services for Initial Access - SecurityWeek

Microsoft Teams abused in Russian email bombing ransomware campaign | TechRadar

Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine

New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

Ransomware gangs pose as IT support in Microsoft Teams phishing attacks

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing - Infosecurity Magazine

Phishing Campaigns Became a Lot More Sinister in 2024 | HackerNoon

Phishing Risks Rise as Zendesk Subdomains Facilitate Attacks - Infosecurity Magazine

When risk becomes habit Employee behaviour and organisational security | Mimecast

Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures - Infosecurity Magazine

Phishing Attacks Are Top Security Issue for Consumers

Account Compromise and Phishing Top Healthcare Security Incidents - Infosecurity Magazine

Other Social Engineering

Microsoft Teams abused in Russian email bombing ransomware campaign | TechRadar

Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine

FBI: North Korean IT workers steal source code to extort employers

Scam Yourself attacks: How social engineering is evolving - Help Net Security

Hundreds of fake Reddit sites push Lumma Stealer malware

Artificial Intelligence

Why the 'Bring Your Own AI' trend could mean big trouble for business leaders | ZDNET

Employees Enter Sensitive Data Into GenAI Prompts Too Often

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing - Infosecurity Magazine

HP Wolf Security Threat Intelligence: AI-Fueled Cyber Attackers - The Futurum Group

Companies seek specialised expertise to combat Artificial Intelligence (AI) cyber threats

Suspected AI-Powered Python Backdoor Tapped for RansomHub Deployment | MSSP Alert

Invisible Prompt Injection: A Threat to AI Security | Trend Micro (US)

The Security Risk of Rampant Shadow AI

Deepfakes force a new era in fraud detection, identity verification - Help Net Security

CISA releases AI cyber security playbook

World Economic Forum Provides Guidance on AI Use | SC Media UK

One in ten GenAI prompts puts sensitive data at risk - Help Net Security

SMEs face rising cyber threats amid AI and training concerns - The Recycler - 20/01/2025

Trump Overturns Biden Rules on AI Development, Security

Misinformation Is No. 1 Global Risk, Cyberespionage in Top 5

UK Ministry of Defence enlists sci-fi writers to prepare for dystopian futures | Ministry of Defence | The Guardian

Sage Copilot grounded briefly to fix AI misbehaviour • The Register

2FA/MFA

New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

Sneaky 2FA Kit Exposes Vulnerabilities In 2FA Security

Microsoft to Mandate MFA for Accessing Microsoft 365 Admin Center

Malware

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing - Infosecurity Magazine

Suspected AI-Powered Python Backdoor Tapped for RansomHub Deployment | MSSP Alert

Fake Homebrew Google ads target Mac users with malware

Enterprise Juniper Routers Tagged with 'Magic' Backdoor

Pumakit - A Sophisticated Linux Rootkit Attack Critical Infrastructure

Hundreds of fake Reddit sites push Lumma Stealer malware

Telegram captcha tricks you into running malicious PowerShell scripts

Chinese Hackers Hijack VPN's Website to Spread Malware

Bots/Botnets

Botnet Unleashes Record-Breaking 5.6Tbps DDoS Attack

Mirai Botnet Spinoffs Unleash Global DDoS Attack Wave

Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers

Mobile

Mobile Cyber Security Trends for 2025: Key Predictions and Preparations - Security Boulevard

New Porn Ban Threat—Millions Of iPhone, iPad, Android Users Now At Risk

Novel Android Malware Leveraged By DoNot Team | MSSP Alert

Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations

WhatsApp Security Alert—Broken Link Hackers Strike

Phishing Attacks Are Top Security Issue for Consumers

Denial of Service/DoS/DDoS

Botnet Unleashes Record-Breaking 5.6Tbps DDoS Attack

Cloudflare blocks 21.3 million DDoS attacks in 2024, reports record 53% surge

Standing strong against hyper-volumetric DDoS attacks | TechRadar

Critical Vulnerability In ChatGPT API Enables Reflective DDoS Attacks

Several Swiss municipalities and banks hit by cyber attack - SWI swissinfo.ch

Spooks of the internet came alive this Halloween | CSO Online

Who is DDoSing you? Competitors, most likely • The Register

How to Stop Layer 7 DDoS Attacks in 2025 - Security Boulevard

The Internet is (once again) awash with IoT botnets delivering record DDoSes

Internet of Things – IoT

Mirai Botnet Spinoffs Unleash Global DDoS Attack Wave

Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers

Home exercise companies like Peloton, NordicTrack harvest your sensitive data, watchdog finds - WTOP News

The Internet is (once again) awash with IoT botnets delivering record DDoSes

FTC orders GM to stop collecting and selling driver’s data

Experts found multiple flaws in Mercedes-Benz infotainment system

Subaru’s poor security left troves of vehicle data easily accessible

Data Breaches/Leaks

Otelier data breach exposes info, hotel reservations of millions

Hackers Likely Stole FBI Call Logs From AT&T That Could Compromise Informants | WIRED

Major Cyber Security Vendors’ Credentials Found on Dark Web - Infosecurity Magazine

Fortinet: FortiGate config leaks are genuine but misleading • The Register

Wolf Haldenstein Data Breach Impacts 3.4 Million People - SecurityWeek

HPE’s sensitive data exposed in alleged IntelBroker hack | CSO Online

PowerSchool hacker claims they stole data of 62 million students

Organised Crime & Criminal Actors

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing - Infosecurity Magazine

US President Donald Trump granted a "full and unconditional pardon" to Ross Ulbricht

Telegram boss Pavel Durov admits 'seriousness' of French allegations

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

"Crazy Evil" Cryptoscam Gang: Unmasking a Global Threat in 2024

Insider Risk and Insider Threats

When risk becomes habit Employee behaviour and organisational security | Mimecast

Former CIA Analyst Pleads Guilty to Sharing Top Secret Files - Infosecurity Magazine

When risky cyber security behaviour becomes a habit among employees - Help Net Security

Insurance

The impact of the cyber insurance industry in resilience against ransomware | TechRadar

Report highlights urgent need for cyber insurance | Insurance Business America

Supply Chain and Third Parties

Supply chain attack strikes array of Chrome Extensions • The Register

The critical need for watertight security across the IT supply chain | TechRadar

Biden order gives CISA software supply chain 'teeth' | TechTarget

Cloud/SaaS

Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine

New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

Ransomware gangs pose as IT support in Microsoft Teams phishing attacks

Why some companies are backing away from the public cloud | ZDNET

Fortinet's 2025 State Of Cloud Security: Insights On Multi-Cloud Adoption, Security Challenges, And Future Trends

Cloud challenges | Professional Security Magazine

Staying Ahead: Key Cloud-Native Security Practices - Security Boulevard

Outages

Bitbucket services “hard down” due to major worldwide outage

Identity and Access Management

How Secure Is Your PAM Strategy? - Security Boulevard

Will 2025 See a Rise of NHI Attacks?

Linux and Open Source

Pumakit - A Sophisticated Linux Rootkit Attack Critical Infrastructure

Passwords, Credential Stuffing & Brute Force Attacks

Major Cyber Security Vendors’ Credentials Found on Dark Web - Infosecurity Magazine

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

Social Media

Has the TikTok Ban Already Backfired on US Cyber Security?

TikTok among six tech firms under fire for sending Europeans' personal data to China | TechRadar

Hundreds of fake Reddit sites push Lumma Stealer malware

Trump dismisses concerns over TikTok's potential security risks

TikTok Restores Service for US Users Based on Trump's Promised Executive Order - SecurityWeek

Meta confirms it will keep fact-checkers outside the US 'for now' | TechCrunch

TikTok users posting cat videos do not threaten UK national security, minister says | TikTok | The Guardian

Meta's pay-or-consent model criticized by EU consumer groups • The Register

Donald Trump’s bigger China cyber threat isn’t TikTok

Malvertising

Fake Homebrew Google ads target Mac users with malware

Understanding and avoiding malvertizing attacks | TechRadar

Training, Education and Awareness

Companies seek specialised expertise to combat Artificial Intelligence (AI) cyber threats

Outside Expertise or In House Training? Kaspersky Reveals How Firms Prepare for Growing AI Threat | The Fintech Times

Educate, Prepare, & Mitigate: The Keys To Unlocking Cyber Resilience

SMEs face rising cyber threats amid AI and training concerns - The Recycler - 20/01/2025

Regulations, Fines and Legislation

Experts fire security warning as EU’s DORA comes into play

DORA Takes Effect: Financial Firms Navigating Compliance Headwinds - Infosecurity Magazine

Security chiefs whose companies operate in the EU should be exploring DORA now | CSO Online

GDPR Fines Total €1.2bn in 2024 - Infosecurity Magazine

Why CISOs Must Think Clearly Amid Regulatory Chaos

EU’s DORA could further strain cyber security skills gap | CSO Online

Executive Order 14144 on Cyber Security: Building on 2021's Foundation with Advanced NHI Security - Security Boulevard

Trump axes TSA chief who led pipeline, airline, rail cyber security rules | SC Media

Government battles against tech could leave consumers less secure | CyberScoop

Biden's Cyber Security EO Leaves Trump a Comprehensive Blueprint for Defence

CISA should abandon disinformation fight, Trump’s DHS pick says - Defense One

TikTok among six tech firms under fire for sending Europeans' personal data to China | TechRadar

TikTok Restores Service for US Users Based on Trump's Promised Executive Order - SecurityWeek

Trump Overturns Biden Rules on AI Development, Security

Trump’s disbanding of Cyber Safety Review Board draws ire | SC Media

Under Trump, US Cyber Defence Loses Its Head | WIRED

Trump Has Had a Light Touch on Cyber Security – So Far - Security Boulevard

Trump has fired a major cyber security investigations body. It’s a risky move

PayPal fined by New York for cyber security failures | Reuters

Trump’s Digital Footprint: Unveiling Malicious Campaigns Amid Political Milestones - Security Boulevard

Donald Trump’s bigger China cyber threat isn’t TikTok

Models, Frameworks and Standards

Experts fire security warning as EU’s DORA comes into play

DORA Takes Effect: Financial Firms Navigating Compliance Headwinds - Infosecurity Magazine

Security chiefs whose companies operate in the EU should be exploring DORA now | CSO Online

EU’s DORA could further strain cyber security skills gap | CSO Online

MITRE Launches D3FEND 1.0 to Standardize Cyber Security Techniques

GDPR Fines Total €1.2bn in 2024 - Infosecurity Magazine

EU Strengthens Cyber Security with Enhanced NIS2 Directive | MSSP Alert

76% of Irish businesses will struggle to meet NIS2 requirements

OWASP Top 10 2025 - Most Critical Weaknesses Exploited/Discovered in Smart Contract

Cyber Essentials NHS and Healthcare Organisations - Security Boulevard

Irish companies 'a mixed bag' on new cyber attack laws

Backup and Recovery

Acronis CISO on why backup strategies fail and how to make them resilient - Help Net Security

Data Protection

GDPR Fines Total €1.2bn in 2024 - Infosecurity Magazine

Privacy professionals feel more stressed than ever - Help Net Security

Careers, Working in Cyber and Information Security

EU’s DORA could further strain cyber security skills gap | CSO Online

Law Enforcement Action and Take Downs

Former CIA Analyst Pleads Guilty to Sharing Top Secret Files - Infosecurity Magazine

Telegram boss Pavel Durov admits 'seriousness' of French allegations

Washington Man Admits to Role in Multiple Cyber Crime, Fraud Schemes - SecurityWeek

Russian couple on trial for large-scale ransomware attacks

Misinformation, Disinformation and Propaganda

Misinformation Is No. 1 Global Risk, Cyberespionage in Top 5

Meta confirms it will keep fact-checkers outside the US 'for now' | TechCrunch

CISA should abandon disinformation fight, Trump’s DHS pick says - Defense One

Trump’s Digital Footprint: Unveiling Malicious Campaigns Amid Political Milestones - Security Boulevard

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Misinformation Is No. 1 Global Risk, Cyberespionage in Top 5

Understanding Cyber Effects in Modern Warfare - War on the Rocks

Taking the fight to the enemy: Cyber persistence strategy gains momentum

Let’s get creative to protect undersea cables from sabotage – POLITICO

Nation State Actors

Businesses prepare to update their cyber security playbooks for Trump era amid increasing threats | Fortune

Are attackers already embedded in US critical infrastructure networks?

China

Nato flotilla assembles off Estonia to protect undersea cables in Baltic Sea | Nato | The Guardian

ProxyLogon, one of Salt Typhoon's favorites, still wide open • The Register

FCC says US telcos by law must secure networks from spies • The Register

US Names One of the Hackers Allegedly Behind Massive Salt Typhoon Breaches | WIRED

Treasury Breach by Chinese Sponsored Hackers Focused on Sanctions, Report Says - Bloomberg

Trump Fires DHS Board Probing Salt Typhoon Hacks

Trump dismisses concerns over TikTok's potential security risks

Trump ‘waved a white flag to Chinese hackers,’ senator says • The Register

Chinese Hackers Hijack VPN's Website to Spread Malware

How Taiwan Balances Cyber Security With Human Rights in Resisting China – The Diplomat

TikTok among six tech firms under fire for sending Europeans' personal data to China | TechRadar

TikTok Restores Service for US Users Based on Trump's Promised Executive Order - SecurityWeek

New Chinese cyberespionage campaign targeted South Korean VPN service | SC Media

US Supreme Court Gives Green Light to TikTok Ban - Infosecurity Magazine

TikTok Says It Will 'Go Dark' Unless It Gets Clarity From Biden Following Supreme Court Ruling - SecurityWeek

Has the TikTok Ban Already Backfired on US Cyber Security?

Trump Faces Unique Challenges Due to Chinese Hackers | Newsmax.com

TikTok users posting cat videos do not threaten UK national security, minister says | TikTok | The Guardian

Trump has fired a major cyber security investigations body. It’s a risky move

Donald Trump’s bigger China cyber threat isn’t TikTok

Hackers game out infowar against China with the US Navy • The Register

Russia

Russian Ransomware Groups Deploy Email Bombing and Teams Vishing - Infosecurity Magazine

Microsoft Teams abused in Russian email bombing ransomware campaign | TechRadar

Nato flotilla assembles off Estonia to protect undersea cables in Baltic Sea | Nato | The Guardian

Shutting down the net: The growing threat of Russian internet censorship · Global Voices

Russian Hackers Target WhatsApp Accounts, Microsoft | Silicon UK

Several Swiss municipalities and banks hit by cyber attack - SWI swissinfo.ch

Increased cyber security cooperation forged by Russia, Iran | SC Media

CERT-UA warns against "security audit" requests via AnyDesk - Help Net Security

Ukraine's State Registers Restored Following Cyber Attack - Infosecurity Magazine

Massive Russian hack on government database shows cracks in Ukraine's digitalization drive

Russian APT Phishes Kazakh Gov't for Strategic Intel

Russian telecom giant Rostelecom investigates suspected cyber attack on contractor | The Record from Recorded Future News

Iran

Increased cyber security cooperation forged by Russia, Iran | SC Media

North Korea

FBI: North Korean IT workers steal source code to extort employers

The hacker state: How North Korea weaponised internet - India Today

Tools and Controls

An estimated 46,000 VPN servers are vulnerable to being hijacked | Tom's Guide

Educate, Prepare, & Mitigate: The Keys To Unlocking Cyber Resilience

Companies seek specialised expertise to combat Artificial Intelligence (AI) cyber threats

Unsecured Tunnelling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

Outside Expertise or In House Training? Kaspersky Reveals How Firms Prepare for Growing AI Threat | The Fintech Times

Deepfakes force a new era in fraud detection, identity verification - Help Net Security

How Secure Is Your PAM Strategy? - Security Boulevard

Chinese Hackers Hijack VPN's Website to Spread Malware

How Can Generative AI be Used in Cyber Security - Security Boulevard

SDLC Gap Analysis: Requirement For Organisation - Security Boulevard

Fortinet's 2025 State Of Cloud Security: Insights On Multi-Cloud Adoption, Security Challenges, And Future Trends

Using your own laptop or phone for work? Why it’s a security hazard for businesses

Cyber Insights 2025: Attack Surface Management - SecurityWeek

Cyber Insights 2025: APIs – The Threat Continues - SecurityWeek

Acronis CISO on why backup strategies fail and how to make them resilient - Help Net Security

CISA releases AI cyber security playbook

SMEs face rising cyber threats amid AI and training concerns - The Recycler - 20/01/2025

Will 2025 See a Rise of NHI Attacks?

Staying Ahead: Key Cloud-Native Security Practices - Security Boulevard

2025 Prediction 1: The Rise In Physical Threats To Corporate Executives Will Continue In 2025 - Security Boulevard

Microsoft to Mandate MFA for Accessing Microsoft 365 Admin Center

Think like an attacker: Increase attack surface visibility with integrated exposure management | SC Media

AI-driven insights transform security preparedness and recovery - Help Net Security

Other News

Travel Warning: Cyber Security Emerges As A Top Security Threat In 2025

The WEF forecasts a rocky year ahead in cyber security - Verdict

73% of UK Education Sector Hit by Cyber-Attacks in Past Five Years - Infosecurity Magazine

Healthcare Cyber Security: The Chronic Condition We Can’t Ignore - Security Boulevard

Security Need to Start Saying 'No' Again

Check Point Software’s 2025 Security Report Finds Alarming

The UK's cyber security landscape: Key trends and challenges for 2025

Researchers say new attack could take down the European power grid - Ars Technica

65% of energy professionals rank cyber security as industry's greatest risk

84% of Healthcare Organisations Spotted a Cyber Attack within the Last 12 Months, and 69% of Them Faced Financial Damage as a Result

Hit by wave of online attacks, Japan shifts to ‘active cyber defence’ | The Straits Times

Top Spy Agencies in the World: Secrets & Operations

Cyber security threat predictions for 2025: Insights from the dark web - Digital Journal

Lessons from PowerSchool: A Wake-Up Call for the Education Sector | SC Media

From qualitative to quantifiable: Transforming cyber risk management for critical infrastructure | CyberScoop

Sector getting better at combatting cyber threats - TFN

Ex-spies say suburban D.C. casino would put nation’s secrets at risk - The Washington Post

Vulnerability Management

Exploits on the rise: How defenders can combat sophisticated threat actors | TechRadar

Microsoft: Exchange 2016 and 2019 reach end of support in October

How to Perform a Website Security Scan: A Vulnerabilities Guide

Vulnerabilities

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

Microsoft Outlook has a new ‘critical’ flaw that spreads malware easily | Digital Trends

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

Unsecured Tunnelling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

Critical Vulnerability In ChatGPT API Enables Reflective DDoS Attacks

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

7-Zip bug could allow a bypass of a Windows security feature. Update now | Malwarebytes

Cisco addresses a critical privilege escalation bug in Meeting Management

FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know - SecurityWeek

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw - Help Net Security

Six vulnerabilities in rsync announced and fixed in a day • The Register

50K Fortinet firewalls still vulnerable to latest zero-day • The Register

Yubico Issues Security Advisory As 2FA Bypass Vulnerability Confirmed

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app

Asus lets chip fix slip out early, AMD says patch is inbound • The Register

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 19/01/2025 Black Arrow Admin 19/01/2025

Black Arrow Cyber Threat Intelligence Briefing 17 January 2025

Black Arrow Cyber Threat Intelligence Briefing 17 January 2025:

-New EU Cyber Rules for Financial Institutions Came into Force on Friday 17 January

-Cyber Attacks Considered Top Business Concern for 2025: Allianz

-How CISOs Can Elevate Cyber Security in Boardroom Discussions

-Cyber Security is Stepping into a New Era of Complexity

-Ransomware Victim Numbers Hit an All-Time High

-The Current State of Ransomware: Weaponising Disclosure Rules and More

-The Top SME Security Worries for 2025

-What They Don’t Tell You About Cyber Attacks – the Emotional Impact on Staff

-The Hybrid Workforce Crisis: How it has Weakened Enterprise Security, and What to Do About It

-New Ransomware Group Uses AI to Develop Nefarious Tools

-'Arson, Sabotage, Cyber Attacks': UK Enters New Era of Threats from Hostile States

-NATO Launches New Mission to Protect Crucial Undersea Cables

Executive Summary

This week, the EU’s Digital Operational Resilience Act (DORA) has come into effect, imposing stringent cyber security requirements on over 22,000 financial institutions. This regulation strengthens incident reporting, risk management, and IT third-party oversight, aiming to create a unified approach to mitigating ICT-related risks. As cyber security incidents are identified as the top business concern for 2025, organisations are urged to adopt holistic strategies that address interconnected risks like supply chain vulnerabilities, geopolitical tensions, and the increasing role of AI in threat landscapes.

Our selection of threat intelligence news this week shows how emerging threats highlight the need for enhanced resilience. Ransomware attacks reached record highs in 2024, with attackers weaponising disclosure rules and leveraging AI tools for sophisticated phishing and extortion tactics. SMEs face rising concerns over AI-driven risks, while hybrid working has expanded the corporate attack surface, necessitating adaptive security solutions. Meanwhile, geopolitical risks are complicating the global cyber landscape, driving NATO’s efforts to protect critical infrastructure, such as undersea cables essential for internet traffic and financial transactions.

To navigate this era of escalating complexity, organisations must prioritise proactive measures. These include integrating cyber resilience into business strategies, fostering a culture of security awareness, and addressing the often-overlooked emotional impact of cyber attacks on staff. Effective collaboration, innovation, and investment are critical to safeguarding operations and enabling sustained growth.

Governance, Risk and Compliance

Cyber attacks considered top business concern for 2025: Allianz - Reinsurance News

What they don’t tell you about cyber attacks – the emotional impact on staff | Computer Weekly

Cyber attacks, tech disruption ranked as top threats to business growth | CIO Dive

The top SME security worries for 2025

Geopolitics making cyber security challenges more complex: World Economic Forum - World - DAWN.COM

WEF Warns of Growing Cyber Inequity Amid Escalating Complexities - Infosecurity Magazine

Cyber security is stepping into a new era of complexity - Help Net Security

CISOs take on extra responsibilities

The Evolving Role Of The CISO

How CISOs can elevate cyber security in boardroom discussions - Help Net Security

A cyber-resilient culture: Key to adapting to evolving cyber threats - SiliconANGLE

Breaking the Cycle of Isolated Risk Management | MSSP Alert

Vigilance, Resilience, Flexibility as Keys to Countering Evolving Cyber Threats | Newswise

EU AI Act and NIS2 Directive 2025 Compliance Challenges

The Year Of Proactive Defence: Staying Ahead Of Threat Actors

Cyber Risk Quantification: Use Cases and Best Practices | MSSP Alert

73% of office workers say staff get blamed for cyber security incidents - survey

Threats

Ransomware, Extortion and Destructive Attacks

New Ransomware Group Uses AI to Develop Nefarious Tools - Infosecurity Magazine

The current state of ransomware: Weaponizing disclosure rules and more

85 Victims and Counting: What To Know About FunkSec Ransomware

Ministers consider ban on all UK public bodies making ransomware payments | Cybercrime | The Guardian

‘Millions’ in taxpayer money paid to cyber criminals in recent years – minister | The Standard

Ransomware Victims and Threat Groups Have Reached An All-Time High, GuidePoint Security Finds | Business Wire

US charges operators of cryptomixers linked to ransomware gangs

Ako Ransomware Abusing Windows API Calls To Detect Infected System Locations

New Ransomware Encrypts Amazon S3 Buckets Using SSE-C Encryption

New Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment

Ransomware on ESXi: The Mechanization of Virtualized Attacks

Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime

Ongoing Play Ransomware Attack—What You Need To Know

Inside a 90-Minute Attack: Breaking Ground with All-New AI Defeating Black Basta Tactics - Security Boulevard

Ransomware Victims

£33m cost of cyber-attack revealed | News | Health Service Journal

Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches | TechCrunch

Personal data compromised in Gateshead Council cyber attack | ITPro

UnitedHealth hid its Change Healthcare data breach notice for months | TechCrunch

OneBlood confirms personal data stolen in July ransomware attack

Phishing & Email Based Attacks

Phishing click rates tripled in 2024 despite user training | CSO Online

Beware of These Microsoft Teams Phishing Scams

This Phishing Attack Disables Your iPhone Security: Here's How to Protect Yourself

Google Search ads are being hacked to steal account info | TechRadar

Accelerated BlackBasta-like email attack examined | SC Media

Fancy Bear spotted using real Kazak government documents in spearpishing campaign | CyberScoop

Browser-Based Cyber-Threats Surge as Email Malware Declines - Infosecurity Magazine

Other Social Engineering

Scammers have a new phishing trick for iPhone users – here’s how to avoid falling victim | TechRadar

Cyber Criminals Use Fake CrowdStrike Job Offers to Distribute Malware - Infosecurity Magazine

Artificial Intelligence

New Ransomware Group Uses AI to Develop Nefarious Tools - Infosecurity Magazine

How AI will transform cyber security in 2025 - and supercharge cyber crime | ZDNET

85 Victims and Counting: What To Know About FunkSec Ransomware

Microsoft takes legal action against bad actors using AI for sophisticated exploitation - Neowin

Tech giants told UK online safety laws ‘not up for negotiation’ | Artificial intelligence (AI) | The Guardian

Addressing the Security Risks of AI in the Cloud

Ensuring U.S. Security and Economic Strength in the Age of Artificial Intelligence | The White House

CyberCube predicts AI will amplify cyber attacks in 2025 - Reinsurance News

What Enterprises Need to Know About Agentic AI Risks

Microsoft AI Red Team says security work will never be done • The Register

AI hallucinations can pose a risk to your cyber security

In-House Lawyers Are Focused on Employment and Cyber Security Disputes, But Looking Out for Conflict Over AI

CISA's AI Playbook Pushes For More Information Sharing

Second Biden cyber executive order directs agency action on fed security, AI, space | CyberScoop

EU AI Act and NIS2 Directive 2025 Compliance Challenges

Law Firm Leads 15,000 to Sue Google and Microsoft over AI Data - Infosecurity Magazine

Trump, Musk Discuss AI, Cyber Security With Microsoft CEO

2FA/MFA

Microsoft MFA outage blocking access to Microsoft 365 apps

MFA Failures - The Worst is Yet to Come

Malware

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

MikroTik botnet relies on DNS misconfiguration to spread malware

Browser-Based Cyber Threats Surge as Email Malware Declines - Infosecurity Magazine

WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

Fake LDAPNightmware exploit on GitHub spreads infostealer malware

New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe | Tom's Guide

Cyber Criminals Use Fake CrowdStrike Job Offers to Distribute Malware - Infosecurity Magazine

Microsoft: macOS bug lets hackers install malicious kernel drivers

Rootkit Malware Exploiting Zero-day Vunlerabilities to Control Linux Systems Remotely

Cyber Attackers Hide Infostealers in YouTube Comments

FBI wipes Chinese PlugX malware from over 4,000 US computers

Apple devices at risk after security researcher hacks ACE3 USB-C controller - SiliconANGLE

Bots/Botnets

MikroTik botnet uses misconfigured SPF DNS records to spread malware

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 | Trend Micro (US)

Mobile

Millions of people's 'intimate' location data stolen in major hack | Science, Climate & Tech News | Sky News

Mobile apps exploited to harvest location data on massive scale, hacked files reveal | TechSpot

This Phishing Attack Disables Your iPhone Security: Here's How to Protect Yourself

Researchers disclosed details of a now-patched Samsung zero-click flaw

Denial of Service/DoS/DDoS

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 | Trend Micro (US)

Internet of Things – IoT

Homeowners are clueless about how smart devices collect their data - Help Net Security

GM settles charges it shared driver location data • The Register

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024 | Trend Micro (US)

Allstate car insurer sued for tracking drivers without permission

Data Breaches/Leaks

2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records - SecurityWeek

Cyber Security Breaches Degrade Consumer Trust, but Apathy Rises - Security Boulevard

Telefonica Breach Hits 20,000 Employees and Exposes Jira Details - Infosecurity Magazine

EU law enforcement training agency data breach: Data of 97,000 individuals compromised - Help Net Security

Personal data stolen in cyber-attack on Gateshead Council - BBC News

60 Million Students and Teachers Targeted in PowerSchool Data Breach

GoDaddy Accused of Serious Security Failings by FTC - Infosecurity Magazine

Largest US addiction treatment provider notifies patients of data breach

OneBlood confirms personal data stolen in July ransomware attack

Prominent US law firm Wolf Haldenstein disclosed a data breach

183M Patient Records Exposed: Fortified Health Security Releases 2025 Healthcare Cyber Security Report

Organised Crime & Criminal Actors

How AI will transform cyber security in 2025 - and supercharge cyber crime | ZDNET

The ‘Largest Illicit Online Marketplace’ Ever Is Growing at an Alarming Rate, Report Says | WIRED

The Wiretap: At $24 Billion In Sales, The Biggest Illicit Marketplace Ever Is On Telegram

How to protect yourself from the social media cyber crime boom - Digital Journal

The Insider Threat Digital Recruitment Marketplace - Security Boulevard

Online Gambling Unleashed Transnational Crime in Philippines (2)

Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime

Pastor who saw crypto project in his "dream" indicted for fraud

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists - SecurityWeek

US govt says North Korea stole over $659 million in crypto last year

New Web3 attack exploits transaction simulations to steal crypto

US charges operators of cryptomixers linked to ransomware gangs

Cyber Criminals Use Fake CrowdStrike Job Offers to Distribute Malware - Infosecurity Magazine

Transaction simulation spoofing attack targets cryptocurrency wallets | SC Media

Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime

Pastor who saw crypto project in his "dream" indicted for fraud

Insider Risk and Insider Threats

Phishing click rates tripled in 2024 despite user training | CSO Online

Former Disney Employee Admits to Hacking Menu System to Change Allergy Information – DataBreaches.Net

The Insider Threat Digital Recruitment Marketplace - Security Boulevard

Human Factors in Cyber Security in 2025 | UpGuard

Concern over staff blame for cyber breaches - survey

73% of office workers say staff get blamed for cyber security incidents - survey

Insurance

Cyber attacks considered top business concern for 2025: Allianz - Reinsurance News

89% of executives plan to expand cyber insurance for technological vulnerabilities: Chubb - Reinsurance News

Supply Chain and Third Parties

£33m cost of cyber-attack revealed | News | Health Service Journal

Cloud/SaaS

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

Google OAuth flaw lets attackers gain access to abandoned accounts

Beware of These Microsoft Teams Phishing Scams

Addressing the Security Risks of AI in the Cloud

Are Your Cloud Security Strategies Effective in 2025? | HackerNoon

New Ransomware Encrypts Amazon S3 Buckets Using SSE-C Encryption

New Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

Azure and M365 MFA outage leaves logins lost • The Register

How snack giant Mondelez is trying to keep pace in the fast-changing realm of AI, cyber security, and cloud | Fortune

Outages

Azure and M365 MFA outage leaves logins lost • The Register

What the 2024 CrowdStrike Glitch Can Teach Us About Cyber Risk

GitHub Git downtime caused by bad configuration update • DEVCLASS

Identity and Access Management

2025: The year of evolution in identity security

First Ever OWASP "Top 10 Non-Human Identities (NHI)" Released

Linux and Open Source

The Shifting Landscape of Open Source Security

Rootkit Malware Exploiting Zero-day Vunlerabilities to Control Linux Systems Remotely

Passwords, Credential Stuffing & Brute Force Attacks

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

Google OAuth flaw lets attackers gain access to abandoned accounts

A Deep Dive into ISO 27001 Password Requirements - Security Boulevard

Social Media

How to protect yourself from the social media cyber crime boom - Digital Journal

TikTok warns of broad consequences if Supreme Court allows ban | Reuters

Tech giants told UK online safety laws ‘not up for negotiation’ | Artificial intelligence (AI) | The Guardian

'How to quit Facebook?' searches spike after Meta's fact-checking ban | ZDNET

Meta's fact-checking end raises concerns about disinformation

Cyber Attackers Hide Infostealers in YouTube Comments

The Looming Crisis: Meta, Misinformation, And Public Trust

TikTok, five other Chinese firms hit by EU privacy complaints | Reuters

Trump’s Truth Social Users Targeted by Rampant Scams Online - Infosecurity Magazine

European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China

Experts Unpack The Truth Behind TikTok’s Data Collection | HuffPost Life

'Free Our Feeds' campaign aims to billionaire-proof Bluesky’s tech | TechCrunch

Malvertising

Google Search ads are being hacked to steal account info | TechRadar

Training, Education and Awareness

Phishing click rates tripled in 2024 despite user training | CSO Online

Regulations, Fines and Legislation

New EU cyber rules for financial institutions from today

DORA Comes Into Force: Experts Weigh In On Its Impact And Opportunities

UK Considers Banning Ransomware Payment by Public Sector and CNI - SecurityWeek

The UK's Online Safety Act applies to Small Tech too • The Register

DORA Compliance Costs Soar Past €1m for Many UK and EU Businesses - Infosecurity Magazine

Tech giants told UK online safety laws ‘not up for negotiation’ | Artificial intelligence (AI) | The Guardian

The EU Cyber Resilience Act - What You Need to Know | A&O Shearman - JDSupra

Biden signs executive order inspired by lessons from recent cyber attacks - Nextgov/FCW

EU AI Act and NIS2 Directive 2025 Compliance Challenges

A Deeper Dive into the Proposed Modifications to the HIPAA Security Rule | Stoel Rives - Global Privacy & Security Blog® - JDSupra

Last-Minute Biden EO Reportedly Prompted By Chinese Cyber Attacks | MSSP Alert

Governments call for spyware regulations in UN Security Council meeting | TechCrunch

TikTok warns of broad consequences if Supreme Court allows ban | Reuters

Trump and others want to ramp up cyber offense, but there’s plenty of doubt about the idea | CyberScoop

New ‘cyber security’ law in Turkey could criminalize reporting on data leaks - Turkish Minute

Models, Frameworks and Standards

European finance readying itself for DORA implementation

DORA Compliance Costs Soar Past €1m for Many UK and EU Businesses - Infosecurity Magazine

New EU cyber rules for financial institutions from today

First Ever OWASP "Top 10 Non-Human Identities (NHI)" Released

The EU Cyber Resilience Act - What You Need to Know | A&O Shearman - JDSupra

A Deep Dive into ISO 27001 Password Requirements - Security Boulevard

A Deeper Dive into the Proposed Modifications to the HIPAA Security Rule | Stoel Rives - Global Privacy & Security Blog® - JDSupra

Backup and Recovery

Backup technology explained: The fundamentals of enterprise backup | Computer Weekly

Careers, Working in Cyber and Information Security

Career Opportunities in Cyber Security: A Guide for Aspiring Professionals | BCS

Microsoft is Laying Off Employees Across its Sales, Security, and Gaming Divisions

ISC2 Cyber Security Workforce Study: Shortage of AI skilled workers

Law Enforcement Action and Take Downs

Former Disney Employee Admits to Hacking Menu System to Change Allergy Information – DataBreaches.Net

US charges operators of cryptomixers linked to ransomware gangs

FBI wipes Chinese PlugX malware from over 4,000 US computers

Russian Nationals Indicted for Operating Cryptocurrency Mixers Linked to Cyber Crime

Pastor who saw crypto project in his "dream" indicted for fraud

Misinformation, Disinformation and Propaganda

Meta's fact-checking end raises concerns about disinformation

The Looming Crisis: Meta, Misinformation, And Public Trust

Mark Zuckerberg’s end to Meta factchecking is a desperate play for engagement | Mark Zuckerberg | The Guardian

'Free Our Feeds' campaign aims to billionaire-proof Bluesky’s tech | TechCrunch

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

'Arson, sabotage, cyber attacks': UK enters new era of threats from hostile states

‘Hybrid threats’, ‘grey zones’, ‘competition’, and ‘proxies’: When is it actually war?

Nation State Actors

China

US Telecom, Zero-Day Attacks Highlight Cyber Hygiene Need

China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again

Salt Typhoon spies spotted on US govt networks before telcos • The Register

US has responded to Chinese-linked cyber attacks on telecoms firms, Sullivan says | Reuters

ISMG Editors: The Coming Battle Over Chinese Cyberthreats

Last-Minute Biden EO Reportedly Prompted By Chinese Cyber Attacks | MSSP Alert

Strengthening America’s Resilience Against the PRC Cyber Threats | CISA

Nato launches 'Baltic Sentry' mission to protect undersea cables - BBC News

China Targeted Foreign Investment, Sanctions Offices in Treasury Hack: Reports - SecurityWeek

As Tensions Mount With China, Taiwan Sees Surge in Attacks

FBI wipes Chinese PlugX malware from over 4,000 US computers

TikTok, five other Chinese firms hit by EU privacy complaints | Reuters

Experts Unpack The Truth Behind TikTok’s Data Collection | HuffPost Life

Chinese hackers accessed Yellen's computer in US Treasury breach, Bloomberg News reports | Reuters

TikTok warns of broad consequences if Supreme Court allows ban | Reuters

Chinese cyber-spies target CFIUS investigations • The Register

Russia

Russian espionage and financial theft campaigns have ramped up, Ukraine cyber agency says | The Record from Recorded Future News

Russia Carves Out Commercial Surveillance Success

Nato launches 'Baltic Sentry' mission to protect undersea cables - BBC News

Russia-linked APT Star Blizzard targets WhatsApp accounts

Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups - SecurityWeek

Ukraine’s PM discusses defence, cyber security, sanctions with Estonia’s Foreign Minister

Fancy Bear spotted using real Kazak government documents in spearpishing campaign | CyberScoop

Russia Targets Kazakhstan in Espionage Campaign

Suspected Ukrainian hackers impersonating Russian ministries to spy on industry | The Record from Recorded Future News

North Korea

US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists - SecurityWeek

North Korean Hackers Targeting Freelance Software Developers - SecurityWeek

Treasury sanctions North Korea over remote IT worker schemes | CyberScoop

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Governments call for spyware regulations in UN Security Council meeting | TechCrunch

How Barcelona became an unlikely hub for spyware startups | TechCrunch

Tools and Controls

Phishing click rates tripled in 2024 despite user training | CSO Online

What they don’t tell you about cyber attacks – the emotional impact on staff | Computer Weekly

How AI will transform cyber security in 2025 - and supercharge cyber crime | ZDNET

2025 Informed: Cyber Security and AI

How “right-sizing” cyber security initiatives can prevent data Loss | theHRD

The hybrid workforce crisis: How it has weakened enterprise security, and what to do about it | SC Media

Home Office rolls out cyber crime protections for data centres

How CTEM is providing better cyber security resilience for organisations

Backup technology explained: The fundamentals of enterprise backup | Computer Weekly

Millions of VPN Servers and Routers Exposed to New Tunnelling Protocol Vulnerabilities - ISPreview UK

A cyber-resilient culture: Key to adapting to evolving cyber threats - SiliconANGLE

Breaking the Cycle of Isolated Risk Management | MSSP Alert

How CISOs Can Build a Disaster Recovery Skillset

Are Your Cloud Security Strategies Effective in 2025? | HackerNoon

Ransomware on ESXi: The Mechanization of Virtualized Attacks

What Security Leaders Get Wrong About Zero-Trust Architecture

First Ever OWASP "Top 10 Non-Human Identities (NHI)" Released

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

The AI Conundrum In Security: Why The Future Belongs To The Bold

How AI and ML are transforming digital banking security - Help Net Security

North Korean Hackers Targeting Freelance Software Developers - SecurityWeek

Hackers leak configs and VPN credentials for 15,000 FortiGate devices

What the 2024 CrowdStrike Glitch Can Teach Us About Cyber Risk

Cyber Risk Quantification: Use Cases and Best Practices | MSSP Alert

Risk, Reputational Scoring Services Enjoy Mixed Success

AI hallucinations can pose a risk to your cyber security

A Deep Dive into ISO 27001 Password Requirements - Security Boulevard

Balancing usability and security in the fight against identity-based attacks - Help Net Security

Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges - Infosecurity Magazine

Enabling confident cyber resilience and recovery with CyberSense - SiliconANGLE

Cyber security on a shoestring: maximizing your ROI | TechRadar

Reports Published in the Last Week

Global Cyber Security Outlook 2025 – Navigating Through Rising Cyber Complexities > Press releases | World Economic Forum

Other News

The top SME security worries for 2025

US Telecom, Zero-Day Attacks Highlight Cyber Hygiene Need

Chrome Web Store is a mess | Almost Secure

UK Registry Nominet Breached Via Ivanti Zero-Day - Infosecurity Magazine

What do financial institutions in CEE, DACH, Nordic, and US markets need to know about Cyber Security in 2025? Finding appropriate responses to evolving threats in various markets - FinTech Futures: Fintech news

CNI Attacks: What to Expect in 2025 | SC Media UK

Nominet probes possible Ivanti zero-day exploit • The Register

EU To Launch Support Centre by 2026 to Boost Healthcare Cyber Security - Infosecurity Magazine

What's happening in the cyber security market? | Insurance Business America

The Year Of Proactive Defence: Staying Ahead Of Threat Actors

Trump and others want to ramp up cyber offense, but there’s plenty of doubt about the idea | CyberScoop

The rise of cyber attacks | Law Gazette

WEF Report Reveals Growing Cyber Resilience Divide Between Public and Private Sectors - SecurityWeek

The Cyber Security Risks Threatening The Automotive Industry, And How To Combat Them

Cyber attack forces Dutch university to cancel lectures | The Record from Recorded Future News

Aerospace Tech Week to put the spotlight on AI, autonomous aviation and cyber security

A humble proposal: The InfoSec CIA triad should be expanded - Help Net Security

Vulnerability Management

Vulnerability Remediation vs Mitigation: Which Strategy Wins in Cyber Security? - Security Boulevard

What 2024 taught us about security vulnerabilities - Help Net Security

89% of executives plan to expand cyber insurance for technological vulnerabilities: Chubb - Reinsurance News

Critical vulnerabilities remain unresolved due to prioritization gaps - Help Net Security

Vulnerabilities

Microsoft Patches Trio of Exploited Windows Hyper-V Zero-Days - SecurityWeek

Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws

China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again

New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

Google Chrome 132 update fixes 16 unique security issues - gHacks Tech News

Fortinet warns a critical vulnerability in its systems could let attackers breach company networks | TechRadar

Fortinet Releases Security Updates for Multiple Products | CISA

Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities - SecurityWeek

Ivanti Patches Critical Vulnerabilities in Endpoint Manager - SecurityWeek

Zero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit Reader

Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS - SecurityWeek

UK Registry Nominet Breached Via Ivanti Zero-Day - Infosecurity Magazine

Nominet probes possible Ivanti zero-day exploit • The Register

SAP Patches Critical Vulnerabilities in NetWeaver - SecurityWeek

Apple Patches Flaw That Allows Kernel Security Bypassing

Adobe Releases Security Updates for Multiple Products | CISA

Microsoft: macOS bug lets hackers install malicious kernel drivers

Windows BitLocker bug triggers warnings on devices with TPMs

New UEFI Secure Boot flaw exposes systems to bootkits, patch now

Debian 12.9 “Bookworm” Arrives with 72 Bug Fixes and 38 Security Updates - 9to5Linux

Google OAuth flaw lets attackers gain access to abandoned accounts

CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks

Researchers disclosed details of a now-patched Samsung zero-click flaw

Microsoft 365 apps crash on Windows Server after Office update

Rootkit Malware Exploiting Zero-day Vunlerabilities to Control Linux Systems Remotely

Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities - SecurityWeek

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 15/01/2025 Black Arrow Admin 15/01/2025

Black Arrow Cyber Advisory 15 January 2025 – Microsoft, Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall, Zyxel, Google Chrome and Zoom Security Updates - updated

Black Arrow Cyber Advisory 15 January 2025 – Microsoft, Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall and Zyxel Security Updates

Updated

Since writing further updates have been released for another Ivanti vulnerability, this time affecting Endpoint Manager, as well as updates for Google Chrome, to address 132 fixes and 16 unique security issues, and Zoom to address a number of security issues across Windows, Mac and Linux clients.

See more details on each of those in the relevant sections below

Executive Summary

Microsoft’s Patch Tuesday for January 2025 started the year with security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. This Patch Tuesday also included fixes for twelve critical vulnerabilities, including information disclosure, privileges elevation, and remote code execution flaws.

Several other major software and hardware vendors released critical security updates this month to address vulnerabilities that could be exploited by attackers. Adobe issued updates for popular products such as Photoshop, Illustrator for iPad, and Animate, while Cisco addressed issues across multiple tools, including ThousandEyes and Crosswork Network Controller. Ivanti and Fortinet tackled zero-day vulnerabilities actively exploited in attacks, with Ivanti focusing on Connect Secure and Fortinet on its FortiOS and FortiProxy platforms.

What’s the risk to me or my business?

What can I do?

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan

Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall & Zyxel - updated to include Google Chrome and Zoom

Further details of the vulnerabilities in affected Adobe, Cisco, Ivanti, Fortinet, GitHub, SAP, SonicWall and Zyxel products can be found here:

https://helpx.adobe.com/security/security-bulletin.html

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

https://www.ivanti.com/blog/january-security-update

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Upgrade-to-FortiOS-7-0-17-to-resolve-vulnerability/ta-p/370334

https://github.blog/open-source/git/git-security-vulnerabilities-announced-5/

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2025.html

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-aps-and-security-router-devices-01-14-2025

https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html

https://www.zoom.com/en/trust/security-bulletin/?cms_guid=false&lang=en-US

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 12/01/2025 Black Arrow Admin 12/01/2025

Black Arrow Cyber Threat Intelligence Briefing 10 January 2025

Black Arrow Cyber Threat Intelligence Briefing 10 January 2025:

-Phishing Click Rates Triple in 2024

-What Boards Need to Know on Digital and Cyber Security Governance In 2025

-Only 26% of Europe’s Top Companies Earn a High Rating for Cyber Security

-Breach Readiness: Elevating Your Security Posture in a Constantly Evolving Threat Landscape

-Ransomware Shock: $133 Million Paid, 195 Million Records Compromised

-Operational Incident Reporting: UK Financial Regulators Propose New Rules

-Insider Threat: Tackling the Complex Challenges of the Enemy Within

-The Big Question: Are Businesses Now in the Front Line for Cyber Warfare?

-How Cyber Security Jargon Creates Barriers and Wastes Resources

-Scammers Exploit Microsoft 365 to Target PayPal Users

-Five Ways to Make Cyber Security Resilience More Than Just a Buzzword

-Meet the Chinese ‘Typhoon’ Hackers Preparing for War

-The Cyber Security Priorities For 2025: What Leaders Should Focus On

Exec Summary

Cyber security remains a critical priority for organisations in 2025, with evolving threats demanding stronger leadership, governance, and proactive resilience measures. Phishing click rates surged by 190% in 2024, with cloud applications as primary targets and a shift in attack vectors from email to search engines and malicious ads. Meanwhile, ransomware inflicted $133.5 million in payouts, and insider threats posed complex risks, exacerbated by generative AI-enabled scams. Addressing these challenges requires a combination of advanced defences like zero trust architectures, improved governance frameworks, and clarity in communication to bridge knowledge gaps at the board level.

Governance is under heightened scrutiny as systemic risks grow. Only 26% of Europe’s top companies earned high ratings for cyber security resilience, while regulatory pressures, such as the EU’s DORA, underline the urgency for improved third-party risk management and operational resilience. Boards must prioritise expertise, particularly in AI, as gaps persist despite incremental progress. Leaders should integrate risk management across infrastructures to address geopolitical cyber warfare threats, emphasising supply chain security and AI-driven defences.

To sustain resilience, organisations must embed adaptability, automate responses, and foster cross-departmental collaboration. Strategic investments in skilled talent, incident readiness, and emerging technologies will help to ensure businesses not only survive but thrive amidst escalating cyber threats.

Governance, Risk and Compliance

Report: AI and security governance remain top priorities for 2025 - SD Times

Rethinking Incident Response: How Organizations Can Avoid Budget Overruns and Delays - Security Boulevard

Breach Readiness: Elevating Your Security Posture in a Constantly Evolving Threat Landscape - Security Boulevard

What Boards Need To Know On Digital And Cyber Security Governance In 2025

The true cost of a security breach | TechRadar

So, you don’t have a chief information security officer? 9 signs your company needs one | CSO Online

Poor Cyber Hygiene can Cost Organizations up to an Average of $677 Million - Security Boulevard

Operational Incident Reporting: UK Financial Regulators Propose New Rules | A&O Shearman - JDSupra

Personal liability sours 70% of CISOs on their role | CSO Online

The Cyber Security Priorities For 2025: What Leaders Should Focus On

How CISOs can forge the best relationships for cybersecurity investment | CSO Online

The Cybersecurity Wake-Up Call for MSMEs in 2025 | Entrepreneur

Top 9 Cyber Loss Scenarios: A Year In Review, 2024 | Kovrr - Security Boulevard

How cyber security jargon creates barriers and wastes resources | TechRadar

Executive Leadership Under Siege: Cyber Security Predictions for 2025

Five ways to make cybersecurity resilience more than just a buzzword | SC Media

Brace yourself for cyber attacks | Professional Security Magazine

Top Cyber Threats To Watch Out For In 2025

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Shock—$133 Million Paid, 195 Million Records Compromised

Ransomware attacks against critical infrastructure exceed 2K in a decade | SC Media

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

Important Preventative Strategies For Avoiding And Recovering From Ransomware Threats

Space Bears Ransomware: What You Need To Know | Tripwire

Ransomware attacks on education declined in 2024, report shows | StateScoop

How to Protect Against Ransomware: Everything You Need to Know

Ransomware Victims

New York Hospital Says Ransomware Attack Data Breach Impacts 670,000 - SecurityWeek

Atos confirms third-party breach but rejects direct Space Bears compromise | SC Media

PowerSchool Reportedly Pays Ransom to Prevent Student Data Leak - Infosecurity Magazine

IT Giant Atos Responds to Ransomware Group's Data Theft Claims - SecurityWeek

Hackers release files stolen in cyberattack on Rhode Island benefits system | StateScoop

Dental Practice Pays State in Alleged Data Breach 'Cover Up'

American Addiction Centers Hit with PHI Breach Class Action | Robinson+Cole Data Privacy + Security Insider - JDSupra

Almost 8500 People Affected By Casio Data Leak

Ransomware Targeting Infrastructure Hits Telecom Namibia

Phishing & Email Based Attacks

Phishing Click Rates Triple in 2024 - Infosecurity Magazine

The top target for phishing campaigns - Help Net Security

iPhones more affected than Android smartphones by a certain kind of cyber attack - NotebookCheck.net News

Meet PhishWP – The New WordPress Plugin That’s Turning Legit Sites into Phishing Traps - Security Boulevard

Russian hackers turn trusted online stores into phishing pages | CSO Online

Fortinet warns of sophisticated phishing campaign exploiting Microsoft 365 domains - SiliconANGLE

Scammers Exploit Microsoft 365 to Target PayPal Users - Infosecurity Magazine

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

How to protect yourself from phishing attacks in Chrome and Firefox | ZDNET

Other Social Engineering

Fake Government Officials Use Remote Access Tools for Card Fraud - Infosecurity Magazine

Artificial Intelligence

Report: AI and security governance remain top priorities for 2025 - SD Times

Google Chrome AI extensions deliver info-stealing malware in broad attack | Malwarebytes

Cloud, AI, and cybersecurity converge on fintech landscape | SC Media

A NATO-backed startup says agentic malware could be here as soon as 2027

New AI Challenges Will Test CISOs & Their Teams in 2025

UK Government to Ban Creation of Explicit Deepfakes - Infosecurity Magazine

Deepfake advancements pose growing cyber security risks

How will the evolution of AI change its security? | TechRadar

Trolley Problem, Safety Versus Security of Generative AI - SecurityWeek

Why an “all gas, no brakes” approach for AI use won't work - Help Net Security

Innovation, Automation, And The Cyber Security Challenges Ahead

Malware

Google Chrome AI extensions deliver info-stealing malware in broad attack | Malwarebytes

A NATO-backed startup says agentic malware could be here as soon as 2027

Over 4,000 backdoors hijacked by registering expired domains

New Banshee Malware Targeting MacOS Users Remained Undetected For Months

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps

A Windows filetype update may have complicated cyber threat detection efforts | TechRadar

New Infostealer Campaign Uses Discord Videogame Lure - Infosecurity Magazine

Wallet Drainer Malware Used to Steal $500 Million in Cryptocurrency in 2024 - SecurityWeek

When Is A RAT, Not A RAT?

Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques

Google warns of legit VPN apps being used to infect devices with malware | TechRadar

Top 5 Malware Threats to Prepare Against in 2025

Fake Government Officials Use Remote Access Tools for Card Fraud - Infosecurity Magazine

Advanced evasion techniques leveraged by novel NonEuclid RAT | SC Media

Bots/Botnets

US Sanctions Chinese Cybersecurity Firm for Global Botnet Attacks - Infosecurity Magazine

New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices - Infosecurity Magazine

Gayfemboy Botnet targets Four-Faith router vulnerability

Mobile

FireScam Malware Campaign Highlights Rising Threat To Mobile Users

iPhones more affected than Android smartphones by a certain kind of cyberattack - NotebookCheck.net News

Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location

Millions of Vinted, Spotify and Tinder users' data could be compromised in global hack

Porn Ban—New Threat For iPhone, iPad, Android Users

Data Privacy: Your Carrier Knows a Lot About You. Here's How to Take Back Control - CNET

Android patches several vulnerabilities in first security update of 2025 | CyberScoop

This iOS 18 feature shares your photos with Apple for analysis. Should you be worried? | ZDNET

Android Under Attack—Users Warned As FireScam Threat Evades Detection

Apple rolls out mystery update with 'important bug fixes' for iPhones and iPads | ZDNET

First Android Update of 2025 Patches Critical Code Execution Vulnerabilities - SecurityWeek

Denial of Service/DoS/DDoS

Japanese Businesses Hit By a Surge In DDoS Attacks

Internet of Things – IoT

IoT's Regulatory Reckoning Is Overdue

Buying a smart home device? Look for this new cybersecurity seal - here's why | ZDNET

White House launches cybersecurity label program for consumers | CyberScoop

New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices - Infosecurity Magazine

Gayfemboy Botnet targets Four-Faith router vulnerability

How vulnerable Ecovacs robot vacuums are being hacked | Kaspersky official blog

Tesla data helped police in Las Vegas. It highlights privacy concerns | AP News

Data Breaches/Leaks

Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location

Millions of Vinted, Spotify and Tinder users' data could be compromised in global hack

Atos confirms third-party breach but rejects direct Space Bears compromise | SC Media

PowerSchool Reportedly Pays Ransom to Prevent Student Data Leak - Infosecurity Magazine

The real cost of data breaches for businesses - Help Net Security

CISA says Treasury was the only US agency breached via BeyondTrust - Help Net Security

UN's aviation agency confirms attack on recruitment database • The Register

Largest US addiction treatment provider notifies patients of data breach

How to empower employees to prevent data leaks | Professional Security Magazine

Washington Attorney General Sues T-Mobile Over 2021 Data Breach - SecurityWeek

Dental group lied through teeth about data breach, fined $350,000 | Malwarebytes

UN aviation agency 'actively investigating' cyber criminal’s claimed data breach | The Record from Recorded Future News

Hackers Claim Massive Breach of Location Data Giant, Threaten to Leak Data

American Addiction Centers Hit with PHI Breach Class Action | Robinson+Cole Data Privacy + Security Insider - JDSupra

Medical billing firm Medusind discloses breach affecting 360,000 people

Excelsior Orthopaedics Data Breach Impacts 357,000 People - SecurityWeek

Mortgage Cos. Fined $20M Over Cybersecurity Breach - Law360

Almost 8500 People Affected By Casio Data Leak

Organised Crime & Criminal Actors

Malicious hackers have their own shadow IT problem | CyberScoop

Web3 Attacks Result in $2.3Bn in Cryptocurrency Losses - Infosecurity Magazine

Torturing hackers in prison: surviving as an act of protest | Cybernews

CISOs’ Top Cyber Security Threats 2025: Scattered Spider, Deepfakes, and More - Security Boulevard

Cyber Criminals Don't Care About National Cyber Policy

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

Hacker Sentenced After Stealing Unreleased Coldplay Tracks

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Cryptocurrency wallet drainers stole $494 million in 2024

Wallet Drainer Malware Used to Steal $500 Million in Cryptocurrency in 2024 - SecurityWeek

Insider Risk and Insider Threats

Insider Threat: Tackling the Complex Challenges of the Enemy Within - SecurityWeek

83% of organizations reported insider attacks in 2024

Internal threats in the cloud | Professional Security Magazine

How to empower employees to prevent data leaks | Professional Security Magazine

How can organizations mitigate the security risks caused by human error?

Supply Chain and Third Parties

Widespread cyberattack targets Google Chrome extensions, compromises 2.6 million devices | TechSpot

Chrome Compromises Highlight Software Supply Challenges

OpenAI Blames Cloud Provider For ChatGPT Outage

Atos confirms third-party breach but rejects direct Space Bears compromise | SC Media

CISA says Treasury was the only US agency breached via BeyondTrust - Help Net Security

Cloud/SaaS

Cloud, AI, and cyber security converge on fintech landscape | SC Media

Internal threats in the cloud | Professional Security Magazine

OpenAI Blames Cloud Provider For ChatGPT Outage

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

Fortinet warns of sophisticated phishing campaign exploiting Microsoft 365 domains - SiliconANGLE

Scammers Exploit Microsoft 365 to Target PayPal Users - Infosecurity Magazine

MSSPs Have a Role in Stopping Cloud Attacks Using Stolen Credentials | MSSP Alert

Unconventional Cyber Attacks Aim for PayPal Account Takeover

Hacker Sentenced After Stealing Unreleased Coldplay Tracks

Outages

OpenAI Blames Cloud Provider For ChatGPT Outage

Proton Mail still down as Proton recovers from worldwide outage

CrowdStrike bounces back after triggering largest IT outage in history

Identity and Access Management

Identity Security to Become a Focus in 2025, Experts Say | MSSP Alert

The Benefits of Implementing Least Privilege Access - Security Boulevard

Encryption

Around 3.3M POP3 and IMAP mail servers lack TLS encryption

Millions of email users at risk — passwords could be exposed to hackers, experts warn | Tom's Guide

Making the most of cryptography, now and in the future - Help Net Security

How to password protect a USB stick in less than 5 minutes - Which? News

Encryption backdoor debate 'done and dusted' • The Register

Mixed Messages: The Salt Typhoon Encryption Debacle | Benesch - JDSupra

How to encrypt any email - in Outlook, Gmail, and other popular services | ZDNET

Linux and Open Source

Open source worldwide: Critical maintenance gaps exposed - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

Router reality check: 86% of default passwords have never been changed

MSSPs Have a Role in Stopping Cloud Attacks Using Stolen Credentials | MSSP Alert

Almost half Gen Z and Millennials have had their social media passwords hacked

Critical ‘Rising Risk’ Attack Alert—Change Your Router Password Now

Social Media

Meta ditches fact checking for community notes - just like on X | ZDNET

TikTok Ban Thrusts Apple (AAPL), Google Into US-China Geopolitical Fray - Bloomberg

E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws

Almost half Gen Z and Millennials have had their social media passwords hacked

New Infostealer Campaign Uses Discord Videogame Lure - Infosecurity Magazine

Mark Zuckerberg Says Meta Fact-Checkers Were the Problem. Fact-Checkers Rule That False. - The New York Times

UK universities join retreat from Elon Musk's X, citing misinformation on platform | Reuters

EU Commission urged to act over Elon Musk’s ‘interference’ in elections | European Union | The Guardian

Meta exempted top advertisers from standard content moderation process

Meta Now Lets Users Say Gay and Trans People Have ‘Mental Illness’ | WIRED

Training, Education and Awareness

How to empower employees to prevent data leaks | Professional Security Magazine

8 Tips for Fortifying Your Cyber Defenses With a Human Firewall

Regulations, Fines and Legislation

New HIPAA Security Rules Pull No Punches

Cyber security law updates in the UK and the EU | Technology Law Dispatch

Operational Incident Reporting: UK Financial Regulators Propose New Rules | A&O Shearman - JDSupra

IoT's Regulatory Reckoning Is Overdue

Proposed Updates to HIPAA Security Rule Would Require Entities to Adopt Enhanced Cybersecurity Measures | Fisher Phillips - JDSupra

White House launches cyber security label program for consumers | CyberScoop

UK Government to Ban Creation of Explicit Deepfakes - Infosecurity Magazine

A Year in Privacy and Security: Privacy Violations, Large-Scale Data Breaches, and Big Fines and Settlements | Robinson+Cole Data Privacy + Security Insider - JDSupra

Cyber criminals Don't Care About National Cyber Policy

Dental group lied through teeth about data breach, fined $350,000 | Malwarebytes

Dental Practice Pays State in Alleged Data Breach 'Cover Up'

Mortgage Cos. Fined $20M Over Cyber Security Breach - Law360

US has ‘a lot of work to do’ on network defences, departing cyber czar says - Defense One

Models, Frameworks and Standards

New HIPAA Security Rules Pull No Punches

Proposed Updates to HIPAA Security Rule Would Require Entities to Adopt Enhanced Cybersecurity Measures | Fisher Phillips - JDSupra

E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws

The ongoing evolution of the CIS Critical Security Controls - Help Net Security

The NIS2 Directive in Germany: Looking Ahead | Hogan Lovells - JDSupra

Data Protection

Huge Changes Predicted For The Data Privacy Landscape

Careers, Working in Cyber and Information Security

It’s Time Businesses Address The UK’s Cybersecurity Talent Shortage

Helping Veterans Transition to Civilian Life: How Employers Can Tap into the Cybersecurity Talent Pool - ClearanceJobs

Law Enforcement Action and Take Downs

Sharing of Telegram User Data Surged After CEO Arrest

Hacker Sentenced After Stealing Unreleased Coldplay Tracks

Misinformation, Disinformation and Propaganda

Meta ditches fact checking for community notes - just like on X | ZDNET

Mark Zuckerberg Says Meta Fact-Checkers Were the Problem. Fact-Checkers Rule That False. - The New York Times

UK universities join retreat from Elon Musk's X, citing misinformation on platform | Reuters

EU Commission urged to act over Elon Musk’s ‘interference’ in elections | European Union | The Guardian

Meta exempted top advertisers from standard content moderation process

Meta Now Lets Users Say Gay and Trans People Have ‘Mental Illness’ | WIRED

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Historical Warfare’s Parallels with Cyber Warfare - Australian Cyber Security Magazine

Preparing for Cybergeddon - defenceWeb

The Big Question: Are businesses now in the front line for cyberwarfare? - Emerging Risks Media Ltd

Shadows Of Power: Navigating The Complexities Of Global Security – Analysis – Eurasia Review

Nation State Actors

China

Meet the Chinese 'Typhoon' hackers preparing for war | TechCrunch

How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons - WSJ

China cyber threats: What businesses can do to protect themselves | ITPro

Chinese hackers ran amok in US telecom network for 18 months -- got info on over 1 million people: report

China Protests US Sanctions for Its Alleged Role in Hacking, Complains of Foreign Hacker Attacks - SecurityWeek

UK cyber experts on red alert after Salt Typhoon attacks on US telcos | ITPro

China’s escalating cyber attacks highlight Biden, Trump differences - Defense One

Hackers Terrify US Intelligence After Infiltrating Guam - Bloomberg

After China's Salt Typhoon, the reconstruction starts now • The Register

U.S. uncovers hacking campaign targeting Guam's critical infrastructure — suspected Chinese Volt Typhoon hacks could disrupt the defense of Taiwan | Tom's Hardware

FCC chief urges auction to fund 'Rip and Replace' program • The Register

Japanese police claim China ran five-year cyberattack • The Register

Mandiant links Ivanti zero-day exploitation to Chinese hackers | TechTarget

46 Japanese entities hit by cyberattacks since year-end - Japan Today

US-China: A Cyberwar With Internet Agents – OpEd – Eurasia Review

Taiwan claims China-linked ship damaged submarine cable • The Register

Taiwan raises alarm over increasing Chinese cyberattacks | Taiwan News | Jan. 5, 2025 15:31

TikTok Ban Thrusts Apple (AAPL), Google Into US-China Geopolitical Fray - Bloomberg

Mixed Messages: The Salt Typhoon Encryption Debacle | Benesch - JDSupra

China hits Lockheed Martin, Raytheon and Boeing with export ban after US arms sales to Taiwan | The Independent

The US just added Tencent — which backs US startups — to its list of 'Chinese military' companies | TechCrunch

Chinese APT Exploits Versa Networks Zero-Day Flaw | Decipher

Russia

WordPress phishing plugin drives online shopping fraud | SC Media

Russian hackers turn trusted online stores into phishing pages | CSO Online

Banshee: The Stealer That "Stole Code" From MacOS XProtect - Check Point Research

Cyber attacks on Ukraine in 2024: a 70% increase

Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers | The Record from Recorded Future News

'Russia's Google' Yandex ordered to hide maps of oil refineries after Ukrainian attacks

Hackers claim to have breached Russia’s real estate database, Moscow denies

Ukrainian hackers take credit for hacking Russian ISP that wiped out servers and caused internet outages | TechCrunch

Tools and Controls

Rethinking Incident Response: How Organizations Can Avoid Budget Overruns and Delays - Security Boulevard

Breach Readiness: Elevating Your Security Posture in a Constantly Evolving Threat Landscape - Security Boulevard

Why Small Business Can't Rely Solely on AI to Combat Threats

Around 3.3M POP3 and IMAP mail servers lack TLS encryption

Confidently Secure: Leveraging PAM for Enhanced Protections - Security Boulevard

How to empower employees to prevent data leaks | Professional Security Magazine

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

90 Percent of Business Leaders Lack Faith in AI-driven Cyber Security Solutions, Arelion Report Reveals

Identity Security to Become a Focus in 2025, Experts Say | MSSP Alert

From Silos to Synergy: Transforming Threat Intelligence Sharing in 2025 - SecurityWeek

Top 6 Ways To Back Your Business Up With Cyber Threat Intelligence

Innovation, Automation, And The Cyber Security Challenges Ahead

The Benefits of Implementing Least Privilege Access - Security Boulevard

Cybersecurity in 2025: Agentic AI to change enterprise security and business operations in year ahead | SC Media

Best of 2024: If You are Reachable, You Are Breachable, and Firewalls & VPNs are the Front Door - Security Boulevard

Google warns of legit VPN apps being used to infect devices with malware | TechRadar

Why Traditional Fraud Scores Are No Longer Enough for Modern Threats - Security Boulevard

8 Tips for Fortifying Your Cyber Defenses With a Human Firewall

How CISOs can make smarter risk decisions - Help Net Security

Other News

Only 26% of Europe's top companies earn a high rating for cybersecurity - Help Net Security

UK Internet Domain Registry Nominet Suffers Cyber Attack - ISPreview UK

‘You can no longer fully trust your onboard systems.’ Pilots say airline hacking attacks now a daily problem – The Irish Times

The Cyber Security Wake-Up Call for MSMEs in 2025 | Entrepreneur

UK Invests £1.9M in Cyber Resilience Projects to Boost Skills and Protect Economy | Public Sector News

Magecart Attacks Surge as E-Commerce Security Struggles to Keep Pace - Security Boulevard

Cyber security deserves a place in the political spotlight | SC Media

Cyber resiliency should be top priority for investors | News | IPE

7 Lessons From A Year Of Unprecedented Cyber Attacks

2024 was worst year on record for commercial cyber attacks | Total Telecom

Rethinking cyber security in government: Prioritizing recovery and resilience | FedScoop

So, you don’t have a chief information security officer? 9 signs your company needs one | CSO Online

Vulnerability Management

Millions of Windows 10 PCs face security disaster as Microsoft ends support

Key Cyber Initiatives from CISA: KEV Catalog, CPGs, and PRNI | CISA

Vulnerabilities

Security pros baited by fake Windows LDAP exploits • The Register

Thousands of Buggy BeyondTrust Systems Remain Exposed

Tenable Disables Nessus Agents Over Faulty Updates - SecurityWeek

Mandiant links Ivanti zero-day exploitation to Chinese hackers | TechTarget

Android patches several vulnerabilities in first security update of 2025 | CyberScoop

Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers - Help Net Security

Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities - SecurityWeek

Surprise Google Chrome 131 Update For Windows, Mac, Linux, Android

Hackers are exploiting a new Ivanti VPN security bug to hack into company networks | TechCrunch

Another top WordPress plugin found carrying critical security flaws | TechRadar

First Android Update of 2025 Patches Critical Code Execution Vulnerabilities - SecurityWeek

Dell, HPE, MediaTek Patch Vulnerabilities in Their Products - SecurityWeek

SonicWall urges admins to patch exploitable SSLVPN bug immediately

Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool - SecurityWeek

Apple rolls out mystery update with 'important bug fixes' for iPhones and iPads | ZDNET

UK Internet Domain Registry Nominet Suffers Cyber Attack - ISPreview UK

Gayfemboy Botnet targets Four-Faith router vulnerability

Chinese APT Exploits Versa Networks Zero-Day Flaw | Decipher

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 05/01/2025 Black Arrow Admin 05/01/2025

Black Arrow Cyber Threat Intelligence Briefing 03 January 2025

Black Arrow Cyber Threat Intelligence Briefing 03 January 2025:

-Corporate Executives are Being Increasingly Targeted by AI Phishing Scams

-Unconventional Russian Attack Could Cause 'Substantial' Casualties, Top NATO Official Warns

-35 Chrome Extensions Began Stealing People's Data After the Developers Got Phished

-China's Cyber Intrusions Took a Sinister Turn in 2024

-Third Party Risk Management is Critical as DORA and New FCA Rules Come into Effect

-Ransomware 2024: A Year of Tricks, Traps, Wins and Losses

-The Modern CISO is a Cornerstone of Organisational Success

-Ransomware Reality Check: Are You Ready to Face Organised Cyber Crime?

-How Cops Taking Down Ransomware Gangs Led to the Meteoric Rise of Another

-Experts Unsure of Risk Appetite as EU Beefs Up Cyber Rules for Critical Infrastructure

Summary

Cyber security threats in 2024 became more sophisticated, with AI-driven phishing, ransomware, and state-sponsored attacks presenting significant challenges. This week’s threat intelligence review shows that hyper-personalised phishing campaigns now account for 90% of successful cyber attacks, costing organisations an average of $4.9m per breach. Ransomware-as-a-service (RaaS) has lowered barriers for attackers, targeting critical sectors and driving recovery costs to $3m per incident.

Geopolitical tensions have intensified risks, with NATO highlighting hybrid attacks from Russia and China’s state-backed groups targeting critical infrastructure. These incidents underscore the vulnerabilities in sectors like energy and emergency services, necessitating urgent action to enhance resilience.

Supply chain security also remains a concern, with Chrome extension compromises demonstrating the risks of inadequate oversight. New regulations such as the EU’s NIS2 directive and UK Financial Conduct Authority (FCA) rules will push businesses to improve third-party risk management and compliance in 2025.

To combat these threats, organisations must adopt a cyber security strategy that considers zero trust architectures, multi-factor authentication, and robust incident response plans. Effective training and the strategic leadership of Chief Information Security Officers (CISOs) are critical in bridging security and business objectives, ensuring resilience against an evolving cyber threat landscape.

Governance, Risk and Compliance

TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025 | Premium | Compliance Week

Experts unsure of risk appetite as EU beefs up cyber rules for critical infrastructure | Premium | Compliance Week

The modern CISO is a cornerstone of organisational success - Help Net Security

Security leaders don't want to be held personally liable for attacks | TechRadar

How to Create an Enterprise-Wide Cyber Security Culture

What 2024’s Worst Cyber Attacks Show About Staying Safe in 2025

Cyber criminals tighten their grip on organisations - Help Net Security

Majority of UK SMEs Lack Cyber Security Policy - Infosecurity Magazine

CISO vs. CEO: Making a case for cyber security investments

The Most Dangerous People on the Internet in 2024 | WIRED

Cyber Security laws: Companies grapple with costs, complexity of overlapping cyber security laws - The Economic Times

2025 is when the internet could finally die and the consequences will be huge | The Independent

Crafting and Refining a Strategic 2025 Cyber Security Budget - Infosecurity Magazine

2025: A Critical Year for Cyber Security Compliance in the EU and UK - Infosecurity Magazine

The Ultimate 2025 New Year’s Resolutions For Tech Leaders

Top CISO Challenges 2024 - Infosecurity Magazine

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Reality Check: Are You Ready To Face Organised Cyber Crime? | SC Media UK

Record-breaking ransoms and breaches: A timeline of ransomware in 2024 | TechCrunch

How LockBit and ALPHV’s takedowns fuelled RansomHub’s rise • The Register

Clop ransomware lists Cleo cyber attack victims | TechRadar

Top 10 Most Active Ransomware Groups of 2024 - Infosecurity Magazine

What 2024’s Worst Cyber Attacks Show About Staying Safe in 2025

Ransomware 2024: A year of tricks, traps, wins and losses | SC Media

Ransomware downtime costs US healthcare organisations $1.9M daily | Healthcare IT News

US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security

Ransomware Victims

Clop ransomware lists Cleo cyber attack victims | TechRadar

Hackers Leak Rhode Island Citizens' Data on Dark Web - Infosecurity Magazine

Atos confirms not being compromised by the ransomware group

Thomas Cook Hit by Cyber Attack, IT Systems Impacted

Phishing & Email Based Attacks

Corporate executives are being increasingly targeted by AI phishing scams | TechRadar

Look out for hyper-personalized phishing attacks, powered by AI

New details reveal how hackers hijacked 35 Google Chrome extensions

These 35 Chrome extensions began stealing people's data after the developers got phished

Phishing Attack Allowed Malicious Chrome Extension to be Published | SC Media UK

Google Chrome extensions hack may have started much earlier than expected | TechRadar

Top 12 ways hackers broke into your systems in 2024 | CSO Online

Other Social Engineering

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign - SecurityWeek

OAuth Identity Attack — Are your Extensions Affected? - Security Boulevard

Cyber startup employee hacked to distribute malicious Chrome extension | The Record from Recorded Future News

Cyber security firm's Chrome extension hijacked to steal users' data

When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

Artificial Intelligence

Corporate executives are being increasingly targeted by AI phishing scams | TechRadar

Look out for hyper-personalized phishing attacks, powered by AI

AI agents may lead the next wave of cyber attacks - SiliconANGLE

LLMs could soon supercharge supply-chain attacks • The Register

'Bad Likert Judge' Jailbreaks OpenAI Defences

How will rules and regulations affect cyber security and AI in 2025? | SC Media

Deepfakes question our ability to discern reality - Help Net Security

Navigate the 2025 threat landscape with expert insights | TechTarget

2025: The Dawn of AI-Driven Cyber Crime

2FA/MFA

Google Chrome 2FA Bypass Attacks Confirmed—Millions Of Users At Risk

Malware

Experts warn of a surge in activity associated FICORA and Kaiten botnets

D-Link Botnet Attacks Surge in Global Spike - DataBreachToday

Over 600,000 Chrome users at risk after 16 browser extensions compromised by hackers — what you need to know | Tom's Guide

Malware botnets exploit outdated D-Link routers in recent attacks

Global Campaign Targets PlugX Malware with Innovative Portal - Infosecurity Magazine

Bots/Botnets

Experts warn of a surge in activity associated FICORA and Kaiten botnets

D-Link Botnet Attacks Surge in Global Spike - DataBreachToday

Malware botnets exploit outdated D-Link routers in recent attacks

Mobile

Wiping your Android phone? Here's the easiest way to erase all personal data | ZDNET

Critical Gmail Warning—Don’t Click Yes To These Google Security Alerts

Here's how to use the feature that protects your iPhone in case of a major cyber attack - PhoneArena

Denial of Service/DoS/DDoS

NTT Docomo hit by DDoS attack | Total Telecom

Internet of Things – IoT

Experts warn of a surge in activity associated FICORA and Kaiten botnets

D-Link Botnet Attacks Surge in Global Spike - DataBreachToday

Data Breaches/Leaks

Every minute, 4,080 records are compromised in data breaches - Help Net Security

Human error to blame in Ascension data breach that impacted 5.6 million patients | TechSpot

Massive VW Data Leak Exposed 800,000 EV Owners’ Movements, From Homes To Private Spaces | Carscoops

How Breach Readiness Will Shape Cyber Defence in 2025 - Security Boulevard

Machine gun, pistol and hundreds of devices lost by Ministry of Defence | UK News | Sky News

Cisco Confirms Authenticity of Data After Second Leak - SecurityWeek

Hackers Leak Rhode Island Citizens' Data on Dark Web - Infosecurity Magazine

ZAGG disclosed a data breach that exposed its customers' credit card data

Rhode Islanders’ Data Was Leaked From a Cyber Attack on State Health Benefits Website - SecurityWeek

Organised Crime & Criminal Actors

Cyber criminals tighten their grip on organisations - Help Net Security

Ransomware Reality Check: Are You Ready To Face Organised Cyber Crime? | SC Media UK

US Arrests Army Soldier Over AT&T, Verizon Hacking - SecurityWeek

2024: A jackpot year for North Korea's cyber criminals - Daily NK English

Insider Risk and Insider Threats

Human error to blame in Ascension data breach that impacted 5.6 million patients | TechSpot

Things not to store on your work laptop

Navigate the 2025 threat landscape with expert insights | TechTarget

US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security

Insurance

How to Get the Most Out of Cyber Insurance

Supply Chain and Third Parties

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign - SecurityWeek

OAuth Identity Attack — Are your Extensions Affected? - Security Boulevard

New details reveal how hackers hijacked 35 Google Chrome extensions

Google Chrome extensions hack may have started much earlier than expected | TechRadar

Over 600,000 Chrome users at risk after 16 browser extensions compromised by hackers — what you need to know | Tom's Guide

When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents

China-linked hackers target US Treasury through compromised software provider in cyber attack | Invezz

TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025 | Premium | Compliance Week

LLMs could soon supercharge supply-chain attacks • The Register

Cloud/SaaS

Managing Cloud Risks Gave Security Teams a Big Headache in 2024

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Azure compromise possible with Apache Airflow vulnerabilities | SC Media

Stay Ahead: Integrating IAM with Your Cloud Strategy - Security Boulevard

Identity and Access Management

Machine identities are the next big target for attackers - Help Net Security

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Encryption

Quantum Computing Advances in 2024 Put Security In Spotlight

Will quantum computing break encryption as we know it?

Over 3 million mail servers without encryption exposed to sniffing attacks

The CISO’s guide to accelerating quantum-safe readiness

Hacker demonstrates the supposedly-patched Windows 11 BitLocker is still vulnerable to hackers — default encryption can be overcome with network access | Tom's Hardware

Passwords, Credential Stuffing & Brute Force Attacks

Passkeys were supposed to be secure and simple; here's how they fail

Regulations, Fines and Legislation

Experts unsure of risk appetite as EU beefs up cyber rules for critical infrastructure | Premium | Compliance Week

City regulators to start oversight of tech firms that provide ‘critical’ services to UK | Financial sector | The Guardian

New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

Top 10 Data Protection Fines and Settlements of 2024 - Infosecurity Magazine

How will rules and regulations affect cyber security and AI in 2025? | SC Media

Cyber security laws: Companies grapple with costs, complexity of overlapping cyber security laws - The Economic Times

2025: A Critical Year for Cyber Security Compliance in the EU and UK - Infosecurity Magazine

TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025 | Premium | Compliance Week

UN cyber crime treaty adopted amid pushback | SC Media

US proposes cyber security rules to limit impact of health data leaks

HIPAA to be updated with cyber security regulations, White House says | The Record from Recorded Future News

Navigating the SEC’s Cyber Security Disclosure Rules: One Year On - Security Boulevard

US prohibits data sales to adversarial nations | SC Media

Apple to Pay $95 Million to Settle Lawsuit Accusing Siri of Snoopy Eavesdropping - SecurityWeek

Court strikes down US net neutrality rules - BBC News

Models, Frameworks and Standards

TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025 | Premium | Compliance Week

City regulators to start oversight of tech firms that provide ‘critical’ services to UK | Financial sector | The Guardian

The 5 most impactful cyber security guidelines (and 3 that fell flat)

New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

Data Protection

Top 10 Data Protection Fines and Settlements of 2024 - Infosecurity Magazine

US prohibits data sales to adversarial nations | SC Media

Careers, Working in Cyber and Information Security

The state of cyber security and IT talent shortages - Help Net Security

Law Enforcement Action and Take Downs

Three Russian-German Nationals Charged with Espionage for Russian Secret Service

US Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

US prohibits data sales to adversarial nations | SC Media

Nation State Actors

China

China's cyber intrusions turns sinister in 2024 • The Register

What to know about string of US hacks blamed on China - BBC News

Chinese Hackers Reportedly Targeted US Sanctions Office

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

Nato to boost Baltic Sea presence after suspected sabotage of underwater cable | Nato | The Guardian

Finland police seize ship after undersea power cable to Estonia is cut - The Washington Post

Ninth telecoms firm has been hit by a massive Chinese espionage campaign, the White House says - Washington Times

Finland finds drag marks on Baltic seabed after cable damage | Reuters

Palo Alto Firewalls Backdoored by Suspected Chinese Hackers

White House: Salt Typhoon hacks possible because telecoms lacked basic security measures | CyberScoop

US Treasury hacked: Are China and the US stepping up their cyberwar? | Cyber Crime News | Al Jazeera

AT&T and Verizon say networks secure after Salt Typhoon breach

The US plans a full tech embargo on China, Russia, and Iran, and NVIDIA may pay the price - Jason Deegan

China-linked hackers target US Treasury through compromised software provider in cyber attack | Invezz

Lumen reports that it has locked out the Salt Typhoon group from its network

Germany Says Latest Undersea Cable Cut a ‘Wake-up Call' - The Moscow Times

Estonia navy to protect undersea power link after main cable damaged - BBC News

Finland moves tanker suspected of undersea cable damage closer to port | Reuters

Russia

Russia could inflict 'substantial' casualties by unconventional attack against NATO, allied official says

Unconventional Russian attack could cause 'substantial' casualties, top NATO official warns | World News | Sky News

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

Nato to boost Baltic Sea presence after suspected sabotage of underwater cable | Nato | The Guardian

Finland police seize ship after undersea power cable to Estonia is cut - The Washington Post

Finland finds drag marks on Baltic seabed after cable damage | Reuters

Ukraine recovers key notarial registers affected by Russian cyber attack | Ukrainska Pravda

Ukraine Cyber Support Funding Tops €200 million | SC Media UK

US sanctions Russian, Iranian groups for election interference | CyberScoop

Germany Says Latest Undersea Cable Cut a ‘Wake-up Call' - The Moscow Times

Three Russian-German Nationals Charged with Espionage for Russian Secret Service

Luxury Western Goods Line Russian Stores, Three Years Into Sanctions

Pro-Russian hackers target Italian airport websites – DW – 12/28/2024

Cyber attack on Italy's Foreign Ministry, airports claimed by pro-Russian hacker group | Reuters

The US plans a full tech embargo on China, Russia, and Iran, and NVIDIA may pay the price - Jason Deegan

Russian media outlets Telegram channels blocked in European countries

Estonia navy to protect undersea power link after main cable damaged - BBC News

Finland moves tanker suspected of undersea cable damage closer to port | Reuters

Russian smugglers import luxury cars from Europe despite sanctions

Iran

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

US sanctions Russian, Iranian groups for election interference | CyberScoop

The US plans a full tech embargo on China, Russia, and Iran, and NVIDIA may pay the price - Jason Deegan

North Korea

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

2024: A jackpot year for North Korea's cyber criminals - Daily NK English

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

2024 Espionage Review: How China, Russia, North Korea, Iran, and Ethiopia Targeted U.S. Security - ClearanceJobs

Tools and Controls

CISO vs. CEO: Making a case for cyber security investments

Managing Cloud Risks Gave Security Teams a Big Headache in 2024

Rotating Penetration Testing Providers: A Key to Robust Cyber Security | Luxembourg Times

Wiping your Android phone? Here's the easiest way to erase all personal data | ZDNET

Machine identities are the next big target for attackers - Help Net Security

How Breach Readiness Will Shape Cyber Defence in 2025 - Security Boulevard

2025 to be a Year of Reckoning for AI in Cyber Security - Infosecurity Magazine

Over 3 million mail servers without encryption exposed to sniffing attacks

Majority of UK SMEs Lack Cyber Security Policy - Infosecurity Magazine

Crafting and Refining a Strategic 2025 Cyber Security Budget - Infosecurity Magazine

CISOs don't invest enough in code security - Help Net Security

Stay Ahead: Integrating IAM with Your Cloud Strategy - Security Boulevard

Top security solutions being piloted today — and how to do it right | CSO Online

Shift left security — Good intentions, poor execution, and ways to fix it - SD Times

Regulations, security, and remote work: Why network outsourcing is booming - Help Net Security

55% of Companies Have Implemented AI-Powered Cyber Security

Other News

The Most Dangerous People on the Internet in 2024 | WIRED

2025 is when the internet could finally die and the consequences will be huge | The Independent

Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them

Hackers can steal your accounts, and all it takes is a double-click — don’t fall for this new form of clickjacking | Tom's Guide

Machine gun, pistol and hundreds of devices lost by Ministry of Defence | UK News | Sky News

Satisfied with Your Cyber Security? Think Again - Security Boulevard

What Security Lessons Did We Learn in 2024?

The Top Cyber Security Predictions for 2025: AI, Open Source, and Tackling the Signal Noise - ClearanceJobs

Cyber Security Lags in Middle East Business Development

New Year’s cyber security resolutions that every startup should keep | TechCrunch

Tackling Cyber Security Challenges With Global Collaboration

Cyber attack on Japan Airlines: A wake-up call for aviation security - Travel Radar - Aviation News

Space Diplomacy: A New Frontier for Cyber Security Efforts - Modern Diplomacy

Addressing growing concerns about cyber security in manufacturing

Hackers Are Hot for Water Utilities

Cyber attacks are on the rise. Is the public sector prepared? - WHYY

Vulnerability Management

Top 12 ways hackers broke into your systems in 2024 | CSO Online

Vulnerabilities

Active Directory Flaw Can Crash Any Microsoft Server

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

Hackers exploit DoS flaw to disable Palo Alto Networks firewalls

Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks - SecurityWeek

Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API

An X user claimed a 7-Zip zero-day vulnerability, but 7-Zip's creator says is a fake

Azure compromise possible with Apache Airflow vulnerabilities | SC Media

Hacker demonstrates the supposedly-patched Windows 11 BitLocker is still vulnerable to hackers — default encryption can be overcome with network access | Tom's Hardware

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

New Windows 11 24H2 bug could block future security updates - see who's affected | ZDNET

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 29/12/2024 Black Arrow Admin 29/12/2024

Black Arrow Cyber Threat Intelligence Briefing 27 December 2024

Black Arrow Cyber Threat Intelligence Briefing 27 December 2024:

-Hackers are Using Russian Domains to Launch Complex Document-Based Phishing Attacks

-How Nation-State Cyber Criminals Are Targeting the Enterprise

-Phishing Report Findings Call for a Fundamental Shift in Organisational Approaches to Defence

-Organisations Need to Get Real About Threat of Cyber Attacks

-Dark Web Cyber Criminals are Buying Up IDs to Bypass KYC Methods

-Cl0p Ransomware Group to Name Over 60 Victims of Cleo Attack

-Service Disruptions Continue to Blindside Businesses

-Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%

-Ransomware Attackers Target Industries with Low Downtime Tolerance

-North Koreans Stole $1.34bn In Crypto This Year

-Beware Of Shadow AI: Shadow IT’s Less Well-Known Brother

-Working with Security Consultants Will Bolster Cyber Resilience as We Enter 2025

Governance, Risk and Compliance

Organisations Need To Get Real About Threat Of Cyber Attacks

Working with security consultants will bolster cyber resilience as we enter 2025

Small Business Cyber Security Statistics

Half of UK businesses hit by cyber breaches in 2024 - Digital Journal

The holiday crunch: Threats security teams face and how to mitigate them | ITPro

Managing Threats When Most of the Security Team Is Out of the Office

How Nation-State Cyber Criminals Are Targeting the Enterprise

Cyber security response: Not just an IT issue but an emergency preparedness priority - Nextgov/FCW

Why the industry can’t afford complacency in 2025 | SC Media

New Study Reveals Widening Gap Between Cyber Attack Causes and Public Perception

Top Cyber Security Compliance Issues Businesses Face Today - Security Boulevard

Navigating the Cyber Threat Landscape: Lessons Learned & What’s Ahead

Cyber Risks and Insurance 2025 Forecast | Wiley Rein LLP - JDSupra

Cyber security spending trends and their impact on businesses - Help Net Security

Cyber security: The changing threat and risk landscape | A&O Shearman - JDSupra

Businesses Need New AI Governance in Cyber Security and Privacy

How to Streamline Your Cyber Security Risk Management Process

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Attackers Target Industries with Low Downtime Tolerance - Infosecurity Magazine

Small Business Cyber Security Statistics

Half of UK businesses hit by cyber breaches in 2024 - Digital Journal

Clop ransomware is now extorting 66 Cleo data-theft victims

LockBit Admins Tease a New Ransomware Version - Infosecurity Magazine

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

New Warning As Self-Deleting Cyber Attack Targets Windows, Mac

Top 10 Cyber Law Enforcement Operations of 2024 - Infosecurity Magazine

Beware Feb. 3, 2025—Diabolic Ransomware Gang Issues New Attack Warning

Interlock ransomware attacks highlight need for greater security standards on critical infrastructure | TechRadar

Suspected LockBit dev faces extradition to the US • The Register

How companies can fight ransomware impersonations - Help Net Security

Nearly four decades on and, like Jesus, ransomware won't die • The Register

6 Crafty Tactics Cyber Criminals Use To Snag Money From Home Users Fast

Facing the Specter of Cyber Threats During the Holidays

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

Ransomware Victims

Clop ransomware is now extorting 66 Cleo data-theft victims

5.6M people exposed in Ascension Health ransomware incident earlier this year | Cybernews

Hackney Council: Cyber Attack Cost 'hundreds of thousands' - BBC News

Krispy Kreme breach, data theft claimed by Play ransomware gang

Ransomware Group Claims Theft of Personal, Financial Data From Krispy Kreme - SecurityWeek

Phishing & Email Based Attacks

Phishing Report Findings Call For A Fundamental Shift In Organisational Approaches To Defence

This devious two-step phishing campaign uses Microsoft tools to bypass email security | TechRadar

Hackers are using Russian domains to launch complex document-based phishing attacks | TechRadar

Fake DocuSign docs used to secure corporate credentials in mishing campaign | SC Media

Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

A new Microsoft 365 phishing service has emerged, so be on your guard | TechRadar

Urgent New Gmail Security Warning For Billions As Attacks Continue

Defence Giant General Dynamics Says Employees Targeted in Phishing Attack - SecurityWeek

Other Social Engineering

You Need to Create a Secret Password With Your Family | WIRED

Lazarus APT targeted employees at an unnamed nuclear-related organisation

North Korean “Laptop Farm” IT Worker Scam Targets Multiple High-Profile Companies | Ankura - JDSupra

Artificial Intelligence

AI-driven scams are about to get a lot more convincing - Help Net Security

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

Beware Of Shadow AI – Shadow IT's Less Well-Known Brother - SecurityWeek

AI impersonators will wreak havoc in 2025. Here’s what to look for | PCWorld

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatG - Infosecurity Magazine

You Need to Create a Secret Password With Your Family | WIRED

Urgent New Gmail Security Warning For Billions As Attacks Continue

Businesses Need New AI Governance in Cyber Security and Privacy

Will AI Drive Efficiency and Budget Growth? Risks, Rewards & Reality - Security Boulevard

Open source machine learning systems are highly vulnerable to security threats | TechRadar

The Intersection of AI and OSINT: Advanced Threats On The Horizon - SecurityWeek

2FA/MFA

Evilginx: Open-source man-in-the-middle attack framework - Help Net Security

Home for the holidays? Share this top cyber security advice with friends and family | TechCrunch

Malware

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400% - Infosecurity Magazine

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

New Warning As Self-Deleting Cyber Attack Targets Windows, Mac

Cryptomining Malware Found in Popular Open Source Packages - Infosecurity Magazine

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

New 'OtterCookie' malware used to backdoor devs in fake job offers

Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware

Bots/Botnets

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns - Infosecurity Magazine

BadBox rapidly grows, 190,000 Android devices infected - Security Affairs

New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration | TechRadar

How Not To Become A Botnet Victim: A Practical Guide For Everyone

New botnet exploits vulnerabilities in NVRs, TP-Link routers

How Androxgh0st, the hybrid botnet, rose from Mozi's ashes • The Register

Botnets leverage decade-old D-Link vulnerabilities in new attack campaigns - SiliconANGLE

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Mobile

Apple warns spyware targets via ‘threat notifications,’ offers these next steps - 9to5Mac

CISA: Use Signal or other secure communications app - Help Net Security

Fake DocuSign docs used to secure corporate credentials in mishing campaign | SC Media

ICO Warns of Festive Mobile Phone Privacy Snafu - Infosecurity Magazine

iOS devices more exposed to phishing than Android - Help Net Security

FBI Says Use Secret Word, NSA Says Reboot iPhone—Should You Listen?

Spyware Maker NSO Group Found Liable In US Court | Silicon UK

Denial of Service/DoS/DDoS

DNSSEC Denial-of-Service Attacks Show Technology's Fragility

Top 10 Cyber Law Enforcement Operations of 2024 - Infosecurity Magazine

DDoS Attacks Surge as Africa Expands Its Digital Footprint

Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately

7 Ways to Stop VoIP DDoS Attacks from Crashing Your Phones

Internet of Things – IoT

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns - Infosecurity Magazine

BadBox rapidly grows, 190,000 Android devices infected - Security Affairs

New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration | TechRadar

New botnet exploits vulnerabilities in NVRs, TP-Link routers

How Androxgh0st, the hyrbird botnet, rose from Mozi's ashes • The Register

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

6 Easy Ways To Make Your Smart Home More Secure

Data Breaches/Leaks

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400% - Infosecurity Magazine

Small Business Cyber Security Statistics

Half of UK businesses hit by cyber breaches in 2024 - Digital Journal

Clop ransomware threatens 66 Cleo attack victims with data leak

These were the badly handled data breaches of 2024 | TechCrunch

5.6M people exposed in Ascension Health ransomware incident earlier this year | Cybernews

Ascension: Health data of 5.6 million stolen in ransomware attack

FTC orders Marriott and Starwood to implement strict data security

Peugeot Data Breach: Hackers Threaten to Release Stolen Client Information

Nearly half a million people had data stolen after cyber attack on American Addiction Centers | The Record from Recorded Future News

What Should You Do When You Receive a Data Breach Notice? - CNET

Organised Crime & Criminal Actors

Major Biometric Data Farming Operation Uncovered - Infosecurity Magazine

New Study Reveals Widening Gap Between Cyber Attack Causes and Public Perception

Message service predominantly used by Pixel users intercepted by authorities - PhoneArena

Suspected LockBit dev faces extradition to the US • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

792 Syndicate Suspects Arrested in Massive Crypto and Romance Scam: The Rise of Cyber Crime as a Corporate Enterprise - IT Security Guru

North Korea hackers behind 60% of all crypto stolen in 2024

North Koreans Stole $1.34bn In Crypto This Year | Silicon UK Tech

NFT scammers charged for stealing $22 million through "rug pulls" - Help Net Security

US and Japan Blame North Korea for $308m Crypto Heist - Infosecurity Magazine

Cryptomining Malware Found in Popular Open Source Packages - Infosecurity Magazine

South Korea sanctions 15 North Koreans for crypto heists and cyber theft

Crypto scam suspect arrested in bed as cyber crime cops raid home - Manchester Evening News

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

Insurance

Cyber Risks and Insurance 2025 Forecast | Wiley Rein LLP - JDSupra

Cloud/SaaS

Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

A new Microsoft 365 phishing service has emerged, so be on your guard | TechRadar

Amazon Security Warning As 3 High-Rated Vulnerabilities Hit Cloud

Why Cloud Identity Attacks Outpace On-Premises Risks

Outages

Service disruptions continue to blindside businesses - Help Net Security

Identity and Access Management

Non-Human Identities Gain Momentum, Requires Both Management, Security

Why Cloud Identity Attacks Outpace On-Premises Risks

Encryption

Why cryptography is important and how it’s continually evolving - Security Boulevard

Linux and Open Source

What open source means for cyber security - Help Net Security

Cryptomining Malware Found in Popular Open Source Packages - Infosecurity Magazine

Strengthening open source: A roadmap to enhanced cyber security - Nextgov/FCW

The Linux log files you should know and how to use them | ZDNET

Open source machine learning systems are highly vulnerable to security threats | TechRadar

Passwords, Credential Stuffing & Brute Force Attacks

Home for the holidays? Share this top cyber security advice with friends and family | TechCrunch

Social Media

Drug Dealers Have Moved on to Social Media | WIRED

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

Regulations, Fines and Legislation

Meet the In-Laws: the UK’s Digital Legislative Agenda for 2025 | Ropes & Gray LLP - JDSupra

EU DORA: Are you in scope, and if so, how can you prepare? | King & Spalding - JDSupra

The Cyber Resilience Act: A Field Guide for CTOs and CISOs | HackerNoon

A Hit-and-Miss First Year for SEC’s Cyber Incident Reporting Rules | MSSP Alert

Trump 2.0 Portends Big Shift in Cyber Security Policies

Guardians Of Peace: The EU’s Role In Global Security – OpEd – Eurasia Review

Europe's move toward cyber security sovereignty [Q&A]

INTERPOL welcomes adoption of UN convention against cyber crime

FTC orders Marriott and Starwood to implement strict data security

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT - Infosecurity Magazine

Cyber experts applaud White House cyber security plan

FCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defence bill | The Record from Recorded Future News

Models, Frameworks and Standards

EU DORA: Are you in scope, and if so, how can you prepare? | King & Spalding - JDSupra

The Cyber Resilience Act: A Field Guide for CTOs and CISOs | HackerNoon

Data Protection

5 Questions to Ask to Ensure Data Resiliency

Law Enforcement Action and Take Downs

792 Syndicate Suspects Arrested in Massive Crypto and Romance Scam: The Rise of Cyber Crime as a Corporate Enterprise - IT Security Guru

BadBox rapidly grows, 190,000 Android devices infected - Security Affairs

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages

NFT scammers charged for stealing $22 million through "rug pulls" - Help Net Security

LockBit Taunts New Version as Original Developer Charged | SC Media UK

Interpol Identifies Over 140 Human Traffickers in New Initiative - Infosecurity Magazine

Top 10 Cyber Law Enforcement Operations of 2024 - Infosecurity Magazine

Massive live sports piracy ring with 812 million yearly visits taken offline

Message service predominantly used by Pixel users intercepted by authorities - PhoneArena

Crypto scam suspect arrested in bed as cyber crime cops raid home - Manchester Evening News

Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

The 2024 cyberwar playbook: Tricks used by nation-state actors | CSO Online

Middle East Cyberwar Rages On, With No End in Sight

Nation State Actors

How Nation-State Cyber Criminals Are Targeting the Enterprise

China

CISA: Use Signal or other secure communications app - Help Net Security

Underwater footage raises suspicions of undersea cable sabotage as European authorities board Chinese ship for investigation | Tom's Hardware

DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7

Hundreds of organisations were notified of potential Salt Typhoon compromise - Nextgov/FCW

Major cyber security attack from China exposes systematic flaws - TheStreet

Feds lay blame while Chinese telecom attack continues | CyberScoop

FCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defence bill | The Record from Recorded Future News

Russia

Russia fires its biggest cyber weapon against Ukraine | CSO Online

Ukraine blames Russia for mega cyber attack on ‘critically important’ infrastructure – POLITICO

Hackers are using Russian domains to launch complex document-based phishing attacks | TechRadar

Underwater footage raises suspicions of undersea cable sabotage as European authorities board Chinese ship for investigation | Tom's Hardware

Russians deleted one of Ukraine's most restricted registers in recent cyber attack, Ukrainian official says | Ukrainska Pravda

International Cyber Defence Coalition Reports Significant Progress in Protecting Ukrainian Digital Infrastructure | HaystackID - JDSupra

DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7

Russian cyber attack: Breach occurred at 'top-level account,' MP says

Iran

DHS Says China, Russia, Iran, and Israel Are Spying on People in US with SS7

OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organisations

Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware

North Korea

North Korea hackers behind 60% of all crypto stolen in 2024

North Koreans Stole $1.34bn In Crypto This Year | Silicon UK Tech

US and Japan Blame North Korea for $308m Crypto Heist - Infosecurity Magazine

Lazarus APT targeted employees at an unnamed nuclear-related organisation

North Korean “Laptop Farm” IT Worker Scam Targets Multiple High-Profile Companies | Ankura - JDSupra

New 'OtterCookie' malware used to backdoor devs in fake job offers

South Korea sanctions 15 North Koreans for crypto heists and cyber theft

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Middle East Cyberwar Rages On, With No End in Sight

Europe is the top target for hacktivists, Orange Cyberdefence report reveals | Total Telecom

Apple warns spyware targets via ‘threat notifications,’ offers these next steps - 9to5Mac

Pegasus spyware maker NSO Group is liable for attacks on 1,400 WhatsApp users - The Verge

'Expulsion to Spain': Israeli Hackers Flock to Barcelona in Big Spyware Shift - National Security & Cyber - Haaretz.com

Tools and Controls

ICO Warns of Festive Mobile Phone Privacy Snafu - Infosecurity Magazine

DNSSEC Denial-of-Service Attacks Show Technology's Fragility

What is security service edge (SSE)? | ITPro

Modern IAM: What it looks like, how to achieve it | SC Media

API security blind spots put businesses at risk - Help Net Security

The Linux log files you should know and how to use them | ZDNET

The Pen Test Trap: Why Most Businesses Get It Wrong | MSSP Alert

Cyber security response: Not just an IT issue but an emergency preparedness priority - Nextgov/FCW

Do Honeypots Still Matter? | HackerNoon

Cyber security spending trends and their impact on businesses - Help Net Security

Maximizing the impact of cyber crime intelligence on business resilience - Help Net Security

The Intersection of AI and OSINT: Advanced Threats On The Horizon - SecurityWeek

How Generative AI Is Powering A New Era Of Cyber Security

Too Much 'Trust,' Not Enough 'Verify'

5 Common DNS Vulnerabilities and How to Protect Your Network - Security Boulevard

New 'OtterCookie' malware used to backdoor devs in fake job offers

How to Streamline Your Cyber Security Risk Management Process

The Role of Enterprise Browsers in Securing Remote Work and Hybrid Teams - IT Security Guru

Law enforcement agencies see AI as a key tool for reducing crime - Help Net Security

Other News

The holiday crunch: Threats security teams face and how to mitigate them | ITPro

Managing Threats When Most of the Security Team Is Out of the Office

Japan Airlines Was Hit by a Cyber Attack, Delaying Flights During the Year-End Holiday Season - SecurityWeek

New Study Reveals Widening Gap Between Cyber Attack Causes and Public Perception

Deck the Halls with Cyber Walls: Navigating National Security in the Digital Age | Ropes & Gray LLP - JDSupra

The Worst Hacks of 2024 | WIRED

Healthcare in the Cross Hairs: Cyber Criminals Have Found Another High-Value Target - Security Boulevard

Decoding the end of the decade: What CISOs should watch out for | Computer Weekly

Cyber Security Resolutions: Skill Sets to Prioritize in 2025

From a 'lightbulb' moment to a 'sense of urgency': 5 cyber and network stories from 2024 - Breaking Defence

The complexities of cyber security in local government | UKAuthority

The Geopolitics of Water: Cyber Attacks' Impact on Water Stress in the U.S. and Beyond

Scottish rail network 'wholly unequipped' for digital world amid 'Nightsleeper' cyber attack fears

Estate agents warned against festive cyber attacks - Property Industry Eye

Vulnerability Management

Emerging Threats, Vulns to Prepare for in 2025

Impact of Unpatched Vulnerabilities in 2025 - Security Boulevard

Top 7 zero-day exploitation trends of 2024 | CSO Online

Vulnerabilities

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

How to Protect Your Environment from the NTLM Vulnerability

BeyondTrust says hackers hit its remote support products | TechRadar

Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now

Apache warns of critical flaws in MINA, HugeGraph, Traffic Control

Microsoft warns of Windows 11 24H2 installation issue that blocks all future security updates

Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately

Fortinet flags some worrying security bugs coming back from the dead | TechRadar

Amazon Security Warning As 3 High-Rated Vulnerabilities Hit Cloud

Adobe warns of critical ColdFusion bug with PoC exploit code

Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP - Infosecurity Magazine

OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organisations

Open source machine learning systems are highly vulnerable to security threats | TechRadar

Microsoft fixes bug behind random Office 365 deactivation errors

Botnets leverage decade-old D-Link vulnerabilities in new attack campaigns - SiliconANGLE

TrueNAS device vulnerabilities exposed during hacking competition | TechRadar

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 22/12/2024 Black Arrow Admin 22/12/2024

Black Arrow Cyber Threat Intelligence Briefing 20 December 2024

Black Arrow Cyber Threat Intelligence Briefing 20 December 2024:

-Mobile Spear Phishing Targets Executive Teams

-From Digital Risk to Physical Threat: Why Cyber Security Must Evolve for Executives

-Why HNWIs are Seeking Personal Cyber Security Consultants

-Ransomware in 2024: New Players, Bigger Payouts, and Smarter Tactics

-Credential Phishing Attacks Up Over 700 Percent

-All Major European Financial Firms Suffer Supplier Breaches

-Phishers Cast Wide Net with Spoofed Google Calendar Invites

-Security Leaders Say Machine Identities Are Next Big Target for Cyber Attack

-Ransomware Defences are Weakened by Backup Technology

-Cyber Security is Never Out-of-Office: Protecting Your Business Anytime, Anywhere

-Ransomware, Deepfakes, and Scams: The Digital Landscape in 2024

-UK Companies Face Increasing Cyber Security Risks Across a Range of Threats

Governance, Risk and Compliance

Why HNWIs are Seeking Personal Cyber Security Consultants - Security Boulevard

UK Companies Face Increasing Cyber Security Risks Across a Range of Threats, New Report Reveals | Pressat

From digital risk to physical threat: Why cyber security must evolve for executives | SC Media

Innovation, insight and influence: the CISO playbook for 2025 and beyond | Computer Weekly

77% of IT leaders cite cyber security as top challenge in global survey

ISC2 Survey Reveals Critical Gaps in Cyber Security Leadership Skills - Infosecurity Magazine

How to turn around a toxic cyber security culture | CSO Online

The evolution of incident response: building a successful strategy | TechRadar

The Importance of Empowering CFOs Against Cyber Threats

How the cyber security landscape affects the financial sector

Threat of personal liability has CISOs sweating | ITPro

70% of cyber security leaders influenced by personal liability concerns | Security Magazine

CISO accountability: Navigating a landscape of responsibility - Help Net Security

How weaponized AI drives CISO burnout – and what to do about it | SC Media

CISO Challenges for 2025: Overcoming Cyber Security Complexities - Security Boulevard

MSSP Market Update: Fortune 500 Firms Fail at Cyber Security | MSSP Alert

2025 is set to bring changes in technology adoption and the evolving attack surface

Cyber security In 2025 – A New Era Of Complexity

To Defeat Cyber Criminals, Understand How They Think

The evolution of incident response: building a successful strategy | TechRadar

Making smart cyber security spending decisions in 2025

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware threat shows no sign of slowing down | Microscope

Ransomware defences are being weakened by outdated backup technology, limited backup data encryption, and failed data backups | TechRadar

Clop is back to wreak havoc via vulnerable file-transfer software | CyberScoop

The year in ransomware: Security lessons to help you stay one step ahead - Security Boulevard

Ransomware in 2024: New players, bigger payouts, and smarter tactics - Help Net Security

‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful… | Intel 471

Cyber security is never out-of-office: Protecting your business anytime, anywhere

46% of financial institutions had a data breach in the past 24 months - Help Net Security

Akira and RansomHub Surge as Ransomware Claims Reach All-Time High - Infosecurity Magazine

Clop ransomware claims responsibility for Cleo data theft attacks

Ransomware, deepfakes, and scams: the digital landscape in 2024 | TechRadar

RansomHub emerges as dominant ransomware group as 2024 ends | SC Media

LockBit ransomware gang teases February 2025 return | Computer Weekly

How Cyber Attacks Hold Patient Care Hostage | MedPage Today

Ransomware Gang Says Deloitte Sucks at Their Job - Going Concern

How Do We Build Ransomware Resilience Beyond Just Backups?

Romanian Netwalker ransomware affiliate sentenced to 20 years in prison

How to mitigate wiper malware | TechTarget

Ransomware Victims

46% of financial institutions had a data breach in the past 24 months - Help Net Security

Clop ransomware claims responsibility for Cleo data theft attacks

How the ransomware attack at Change Healthcare went down: A timeline | TechCrunch

The Bookseller - News - Waterstones hit by Blue Yonder ransomware gang attack

Ransomware Gang Says Deloitte Sucks at Their Job - Going Concern

Rhode Island confirms data breach after Brain Cipher ransomware attack

Major Auto Parts Firm LKQ Hit by Cyber Attack - SecurityWeek

Phishing & Email Based Attacks

How Companies Lose Millions Of Dollars To Phishing

Cofense report warns of credential-harvesting attacks that spoof Proofpoint, Mimecast and Virtru - SiliconANGLE

Credential phishing attacks up over 700 percent

Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets

Phishing Attacks Double in 2024 - Infosecurity Magazine

Credential phishing attacks rose by 703% in H2 of 2024 | Security Magazine

Mobile Spear Phishing Targets Executive Teams - Security Boulevard

MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security

Organisations Warned of Rise in Okta Support Phishing Attacks - SecurityWeek

Google Calendar invites spoofed in phishing campaign • The Register

Crooks use Docusign lures to attempt Azure account takeovers • The Register

Credential phishing attacks surge, report reveals | SC Media

Executives targeted in mobile spearphishing attacks | Security Magazine

YouTube Channels Targeted With Windows Malware Phishing Attacks

Inside the latest phishing campaigns: dissecting CarPhish, EDG, Tpass, and Mamba2FA kits - VMRay

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

HubSpot phishing targets 20,000 Microsoft Azure accounts

European firms subjected to HubSpot-exploiting phishing | SC Media

New fake Ledger data breach emails try to steal crypto wallets

New Gmail Security Warning For 2.5 Billion—Second Attack Wave Incoming

Other Social Engineering

FTC warns of online task job scams hooking victims like gambling

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Cyber Criminals Exploit Google Calendar to Spread Malicious Links - Infosecurity Magazine

Microsoft Teams Vishing Spreads DarkGate RAT

Mobile Spear Phishing Targets Executive Teams - Security Boulevard

MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security

DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media

Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System

‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful… | Intel 471

Cyber security is never out-of-office: Protecting your business anytime, anywhere

Interpol: Stop calling it 'pig butchering' • The Register

Now Scammers Are Abusing Legitimate Services to Show You Fake CAPTCHAs

Watch Out for These Holiday Cyber Attacks

Artificial Intelligence

The threat of AI-driven cyber warfare is real and it can disrupt the world

Ransomware, deepfakes, and scams: the digital landscape in 2024 | TechRadar

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Bosses struggle to police workers’ use of AI

How weaponized AI drives CISO burnout – and what to do about it | SC Media

With 'TPUXtract,' Attackers Can Steal Orgs' AI Models

Identity fraud attacks using AI are fooling biometric security systems | TechRadar

Cyberint's 2024 Report Highlights Surge in Credential Theft and Rise of AI-Powered Phishing - IT Security Guru

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2024 Cyber Review: Trump Re-Election Eclipses AI and Ransomware Stories

AI is becoming the weapon of choice for cyber criminals - Help Net Security

Cyber leaders are bullish on generative AI despite risks: report | CIO Dive

The Year of Global AI and Cyber Security Regulations: 7 GRC Predictions for 2025 - Security Boulevard

Malvertisers Fool Google With AI-Generated Decoys

Malware

How infostealers are used in targeted cyber attacks

Microsoft Teams Vishing Spreads DarkGate RAT

DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media

Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System

Winnti hackers target other threat actors with new Glutton PHP backdoor

PHP backdoor looks to be work of Chinese-linked APT group | CyberScoop

Google, Amnesty International uncover new surveillance malware | SC Media

FBI spots HiatusRAT malware attacks targeting web cameras, DVRs

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

Malvertising on steroids serves Lumma infostealer - Help Net Security

That cheap webcam? HiatusRAT may be targeting it, FBI warns | CSO Online

Raccoon Stealer malware operator gets 5 years in prison after guilty plea

YouTube Creators Targeted in Major Phishing Campaign - Infosecurity Magazine

How to mitigate wiper malware | TechTarget

Evasive Node.js loader masquerading as game hack - Help Net Security

The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

FBI Warns of HiatusRAT Attacks on Cameras, DVR Systems - SecurityWeek

A new antivirus model to fight against evasive malware - Diari digital de la URV

Critical flaw in WordPress plugin exploited to install malicious software | SC Media

Bitter APT Targets Turkish Defence Sector with WmRAT and MiyaRAT Malware

Thai Police Systems Under Fire From 'Yokai' Backdoor

Lazarus targets nuclear-related organisation with new malware | Securelist

Malicious Microsoft VSCode extensions target devs, crypto community

Bots/Botnets

Mirai botnet targets SSR devices, Juniper Networks warns

Juniper Warns of Mirai Botnet Targeting Session Smart Routers - SecurityWeek

Mobile

Mobile Spear Phishing Targets Executive Teams - Security Boulevard

Addressing BYOD Vulnerabilities in the Workplace - Security Boulevard

This Nasty Android Malware Is Picking Up Pace and Targeting Certain Devices

Executives targeted in mobile spearphishing attacks | Security Magazine

BadBox malware botnet infects 192,000 Android devices despite disruption

Serbian police used Cellebrite to unlock, then plant spyware, on a journalist's phone | TechCrunch

Authorities abroad use phone-cracking tools to install spyware, report says - The Washington Post

New Android NoviSpy spyware linked to Qualcomm zero-day bugs

Why you should not give your phone charger to others? Hackers can steal data. Tips to stay safe - The Economic Times

Hackers are using the Amazon Appstore to spread malware — delete this malicious app now | Tom's Guide

Internet of Things – IoT

Chinese wi-fi tech used in British homes investigated over hacking fears

Concerns over consumer surveillance in some smart devices | News UK Video News | Sky News

Multiple flaws in Volkswagen Group's infotainment unit allow for vehicle compromise

FBI spots HiatusRAT malware attacks targeting web cameras, DVRs

That cheap webcam? HiatusRAT may be targeting it, FBI warns | CSO Online

Zero Day Initiative — Detailing the Attack Surfaces of the Tesla Wall Connector EV Charger

Mirai botnet targets SSR devices, Juniper Networks warns

Juniper Warns of Mirai Botnet Targeting Session Smart Routers - SecurityWeek

FBI Warns of HiatusRAT Attacks on Cameras, DVR Systems - SecurityWeek

Germany blocks BadBox malware loaded on 30,000 Android devices

Data Breaches/Leaks

46% of financial institutions had a data breach in the past 24 months - Help Net Security

Huge cyber crime attack sees 390,000 WordPress websites hit, details stolen | TechRadar

Hacker Leaks Cisco Data - SecurityWeek

Cyber Security Incident at Deloitte May Be Responsible for RIBridges Data Breach | Console and Associates, P.C. - JDSupra

Consumers wrongly attribute all data breaches to cyber criminals - Help Net Security

Millions stolen from LastPass users in massive attack — what you need to know | Tom's Guide

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

LastPass threat actor steals $5.4M from victims just a week before Xmas

Deloitte handling 'major' cyber attack on Rhode Island system • The Register

Nearly 400,000 WordPress credentials stolen | Security Magazine

LastPass breach comes back to haunt users as hackers steal $12 million in two days – DataBreaches.Net

LastPass Hackers Allegedly Stole $5 Million This Week—Report

How common are consumer data breaches? | Chain Store Age

Texas Tech University System data breach impacts 1.4 million patients

Meta Fined $264M for Security Breach in Facebook's 'View As' Feature - CNET

Rhode Island Residents’ Data Breached in Large Cyber Attack; Data May Be Leaked Soon – DataBreaches.Net

International Development Firm Chemonics Sued Over Breach (1)

900,000 People Impacted by ConnectOnCall Data Breach - SecurityWeek

Regional Care Data Breach Impacts 225,000 People - SecurityWeek

Organised Crime & Criminal Actors

Consumers wrongly attribute all data breaches to cyber criminals - Help Net Security

UK’s internet watchdog unveils online criminal crackdown

Ofcom Issues Guidance for Tech Firms to Tackle Online Harms - Infosecurity Magazine

Major cyber crime crackdowns signal a shift in global cyber security strategies - Policing Insight

Texan man gets 30 years in prison for running CSAM exchange • The Register

Bobbies on the beat won't stop the cyber crime wave | The Spectator

Why Are Crypto Scammers (And Not Hackers) Looking For You? | HackerNoon

Hacker sentenced to 69 months for stealing payment card info | SC Media

Cryptocurrency hackers stole $2.2 billion from platforms in 2024 - Help Net Security

Raccoon Stealer malware operator gets 5 years in prison after guilty plea

Cyber Criminals and the SEC: What Companies Need to Know

Trump to Wage War on Cyber Criminals, Says Advisor

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

LastPass threat actor steals $5.4M from victims just a week before Xmas

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

LastPass breach comes back to haunt users as hackers steal $12 million in two days – DataBreaches.Net

Why Are Crypto Scammers (And Not Hackers) Looking For You? | HackerNoon

Cryptocurrency hackers stole $2.2 billion from platforms in 2024 - Help Net Security

North Korean Hackers Stole $1.3 Billion in Crypto in 2024

New fake Ledger data breach emails try to steal crypto wallets

Crypto Hacks in 2024: Centralized Exchanges Are Now the Top Targets for Cyber Criminals

Interpol: Stop calling it 'pig butchering' • The Register

Crypto holder loses assets priced at $2.5 million

Malicious Microsoft VSCode extensions target devs, crypto community

Insider Risk and Insider Threats

Kroll Settles With Ex-Employees Over Cyber Security Trade Secrets

GCHQ worker accused of taking top secret data home - BBC News

Protecting IP in a Cyber-Threatened World: Insights from Zifino and Foley & Lardner | Foley & Lardner LLP - JDSupra

Insurance

Lloyd's of London Launches New Cyber Insurance Consortium

What will happen in the cyber insurance space during 2025? | Insurance Business America

Supply Chain and Third Parties

Supply Chain Risk Mitigation Must Be a Priority in 2025

Cyber Security Incident at Deloitte May Be Responsible for RIBridges Data Breach | Console and Associates, P.C. - JDSupra

Deloitte handling 'major' cyber attack on Rhode Island system • The Register

Harnessing Threat Intel and Automation to Counter Supply Chain Risks | MSSP Alert

Property deals hit by IT security failure at search service

CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

Cloud/SaaS

Clop is back to wreak havoc via vulnerable file-transfer software | CyberScoop

Crooks use Docusign lures to attempt Azure account takeovers • The Register

SaaS: The Next Big Attack Vector | Grip Security - Security Boulevard

DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media

Crooks use Docusign lures to attempt Azure account takeovers • The Register

CISA issues new directive to bolster cloud security – and Microsoft was singled out | ITPro

Ransomware attacks exploit Cleo bug as Cl0p claims it • The Register

US Government Issues Cloud Security Requirements for Federal Agencies - Infosecurity Magazine

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

HubSpot phishing targets 20,000 Microsoft Azure accounts

European firms subjected to HubSpot-exploiting phishing | SC Media

Microsoft 365 users hit by random product deactivation errors

Identity and Access Management

Why Role-Based Access Control is Critical to Your Security Stack | MSSP Alert

Proactive Approaches to Identity and Access Management - Security Boulevard

Security Leaders Say Machine Identities – Such as Access Tokens and Service Accounts – Are Next Big Target for Cyber Attack | Business Wire

Machine identity attacks will be top of mind for security leaders in 2025 | ITPro

Encryption

The Simple Math Behind Public Key Cryptography | WIRED

Why 2025 Will Be Pivotal in Our Defence Against Quantum Threat

Passwords, Credential Stuffing & Brute Force Attacks

"Password Era is Ending " Microsoft to Delete 1 Billion Password to Replace "Passkey"

Millions stolen from LastPass users in massive attack — what you need to know | Tom's Guide

Credential phishing attacks rose by 703% in H2 of 2024 | Security Magazine

LastPass threat actor steals $5.4M from victims just a week before Xmas

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

LastPass 2022 hack fallout continues with millions of dollars more reportedly stolen | TechRadar

Nearly 400,000 WordPress credentials stolen | Security Magazine

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft

What is a Compromised Credentials Attack? - Security Boulevard

MUT-1244 targeting security researchers, red teamers, and threat actors - Help Net Security

Cyberint's 2024 Report Highlights Surge in Credential Theft and Rise of AI-Powered Phishing - IT Security Guru

Social Media

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Study reveals vulnerability of metaverse platforms to cyber attacks

YouTube Creators Targeted in Major Phishing Campaign - Infosecurity Magazine

European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine

Meta fined for 2018 breach that exposed 30M accounts • The Register

Malvertising

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Fake Captcha Campaign Highlights Risks of Malvertising Networks - Infosecurity Magazine

Malvertising on steroids serves Lumma infostealer - Help Net Security

Malvertisers Fool Google With AI-Generated Decoys

Regulations, Fines and Legislation

UK’s internet watchdog unveils online criminal crackdown

Ofcom Issues Guidance for Tech Firms to Tackle Online Harms - Infosecurity Magazine

Why We Should Insist on Future-Proofing Cyber Security Regulatory Frameworks - Security Boulevard

Why the UK's "outdated" cyber security legislation needs an urgent refresh | ITPro

Hundreds of websites to shut down under UK's 'chilling' internet laws

The Top Cyber Security Agency in the US Is Bracing for Donald Trump | WIRED

EU Sanctions Russian Cyber Actors for “Destabilizing Actions” - Infosecurity Magazine

With DORA approaching, financial institutions must strengthen their cyber resilience - Help Net Security

Understanding NIS2: Essential and Important Entities - Security Boulevard

Study finds ‘significant uptick’ in cyber security disclosures to SEC | CyberScoop

The Year of Global AI and Cyber Security Regulations: 7 GRC Predictions for 2025 - Security Boulevard

Meta Fined $264M for Security Breach in Facebook's 'View As' Feature - CNET

Meta fined for 2018 breach that exposed 30M accounts • The Register

Trump Looks to Go 'On the Offense' Against Cyber Attackers

Models, Frameworks and Standards

How the cyber security landscape affects the financial sector

An easy to follow NIST Compliance Checklist - Security Boulevard

With DORA approaching, financial institutions must strengthen their cyber resilience - Help Net Security

Understanding NIS2: Essential and Important Entities - Security Boulevard

Using CIS Benchmarks to Assess Your System Security Posture | MSSP Alert

NIS2 Penetration Testing and Compliance - Security Boulevard

Backup and Recovery

Ransomware defences are being weakened by outdated backup technology, limited backup data encryption, and failed data backups | TechRadar

Careers, Working in Cyber and Information Security

Closing the SMB cyber security skills gap: Key steps | SC Media

Leadership in Cyber Security: A Guide to Your First Role

The key to growing a cyber security career are soft skills - Security Boulevard

Law Enforcement Action and Take Downs

Major cyber crime crackdowns signal a shift in global cyber security strategies - Policing Insight

Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop

Texan man gets 30 years in prison for running CSAM exchange • The Register

Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence - SecurityWeek

Hacker sentenced to 69 months for stealing payment card info | SC Media

Raccoon Stealer malware operator gets 5 years in prison after guilty plea

Dodgy Firestick crackdown: full list of UK areas targeted by police

Germany blocks BadBox malware loaded on 30,000 Android devices

Romanian Netwalker ransomware affiliate sentenced to 20 years in prison

Misinformation, Disinformation and Propaganda

Romania’s election was target of cyber attacks and misinformation, parliament finds

European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Chinese wi-fi tech used in British homes investigated over hacking fears

Feds Investigate, Mull Ban on Chinese-Made Routers | Newsmax.com

TP-Link routers could be banned in the US over national security concerns | TechSpot

European Commission Opens TikTok Election Integrity Probe - Infosecurity Magazine

PHP backdoor looks to be work of Chinese-linked APT group | CyberScoop

Trump security advisor urges offensive cyber attacks on China • The Register

Russia

Russia Recruits Ukrainian Children for Sabotage and Reconnaissance - Infosecurity Magazine

Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets

EU Sanctions Russian Cyber Actors for “Destabilizing Actions” - Infosecurity Magazine

Romania’s election was target of cyber attacks and misinformation, parliament finds

Russian hackers use RDP proxies to steal data in MiTM attacks

APT29 group used red team tools in rogue RDP attacks

CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

Ukraine's Defence Minister agrees with US to deepen cooperation in cyber security | Ukrainska Pravda

Largest cyber attack on Ukraine's state registers: Ministry of Justice systems shut down | Ukrainska Pravda

Russian FSB relies on Ukrainian minors for criminal activities disguised as "quest games"

Recorded Future CEO applauds "undesirable" designation by Russia

US Organisations Still Using Kaspersky Products Despite Ban - Infosecurity Magazine

Russia spent €69mn on propaganda and interference in Bulgaria and Romania, Bulgarian cyber security group reveals

Iran

Iran crew used 'cyberweapon' against US critical infra • The Register

North Korea

North Korean Hackers Stole $1.3 Billion in Crypto in 2024

Lazarus targets nuclear-related organisation with new malware | Securelist

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal

Bitter APT Targets Turkish Defence Sector with WmRAT and MiyaRAT Malware

Serbian police used Cellebrite to unlock, then plant spyware, on a journalist's phone | TechCrunch

Authorities abroad use phone-cracking tools to install spyware, report says - The Washington Post

New Android NoviSpy spyware linked to Qualcomm zero-day bugs

Tools and Controls

Ransomware defences are being weakened by outdated backup technology, limited backup data encryption, and failed data backups | TechRadar

From digital risk to physical threat: Why cyber security must evolve for executives | SC Media

Why Role-Based Access Control is Critical to Your Security Stack | MSSP Alert

Addressing BYOD Vulnerabilities in the Workplace - Security Boulevard

DarkGate malware spread via Microsoft Teams, AnyDesk | SC Media

Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System

Hackers Scanning RDP Services Especially Port 1098 For Exploitation

To Defeat Cyber Criminals, Understand How They Think

Are threat feeds masking your biggest security blind spot? - Help Net Security

The evolution of incident response: building a successful strategy | TechRadar

New APIs Discovered by Attackers in Just 29 Seconds - Infosecurity Magazine

Harnessing Threat Intel and Automation to Counter Supply Chain Risks | MSSP Alert

Penetration testing – a critical component of financial cyber security in 2025

Machine identity attacks will be top of mind for security leaders in 2025 | ITPro

The pros and cons of biometric authentication | TechTarget

Wallarm Releases API Honeypot Report Highlighting API Attack Trends

Might need a mass password reset one day? Read this first.

The evolution of incident response: building a successful strategy | TechRadar

Making smart cyber security spending decisions in 2025

Why You Must Replace Your Legacy SIEM and Migrate to Modern SIEM Analytics? - IT Security Guru

Russian hackers use RDP proxies to steal data in MiTM attacks

APT29 group used red team tools in rogue RDP attacks

What will happen in the cyber insurance space during 2025? | Insurance Business America

Is Your Cloud Infrastructure Truly Protected? - Security Boulevard

The Feds Have Some Advice for 'Highly Targeted' Individuals: Don't Use a VPN

Gaining Confidence Through Effective Secrets Vaulting - Security Boulevard

NCSC Mail Check Changes & Their Impact on UK Public Sector Email Security - Security Boulevard

Reports Published in the Last Week

Potential Risks to Financial Stability: The Financial Stability Oversight Council’s 2024 Annual Report | BakerHostetler - JDSupra

Other News

Hackers Scanning RDP Services Especially Port 1098 For Exploitation

Travel Cyber Security Threats and How to Stay Protected - Security Boulevard

Schools Need Improved Cyber Education (Urgently) - IT Security Guru

Study reveals vulnerability of metaverse platforms to cyber attacks

WiFi hacking for the everyday spy | Cybernews

Leadership skills for managing cyber security during digital transformation - Help Net Security

UK businesses risk disruption as PSTN switch-off approaches | Computer Weekly

MSSP Market Update: Fortune 500 Firms Fail at Cyber Security | MSSP Alert

2025 is set to bring changes in technology adoption and the evolving attack surface

Cyber Security In 2025 – A New Era Of Complexity

The Feds Have Some Advice for 'Highly Targeted' Individuals: Don't Use a VPN

Resolve to Be Resilient: Top Cyber Priorities for State and Local Government

Cyber Security Threats to Our Most Basic Needs

Cyber Security in the legal sector: awareness & proactive strategies - Legal News

Global cyber security impact on food and drink firms

Inform: The cyber complexities facing local government | UKAuthority

Santa-hacking - how to carry out a cyber attack on Father Christmas - Prolific North

Watch Out for These Holiday Cyber Attacks

How to tell if a USB cable is hiding malicious hacker hardware | PCWorld

Inform: The cyber complexities facing local government | UKAuthority

The Education Industry: Why Its Data Must Be Protected

How fan engagement impacts cyber security in sports - Verdict

Why cyber security is critical to energy modernization - Help Net Security

Vulnerability Management

Are threat feeds masking your biggest security blind spot? - Help Net Security

Drowning in Visibility? Why Cyber Security Needs to Shift from Visibility to Actionable Insight - Security Boulevard

No, Microsoft has not 'reversed course' on Windows 11 hardware requirements | ZDNET

Vulnerabilities

2024 Sees Sharp Increase in Microsoft Tool Exploits - Infosecurity Magazine

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog - SecurityWeek

Citrix shares mitigations for ongoing Netscaler password spray attacks

Cleo MFT Zero-Day Exploits Are About Escalate

Over 25,000 SonicWall VPN Firewalls exposed to critical flaws

Windows kernel bug now exploited in attacks to gain SYSTEM privileges

Clop ransomware group claims responsibility for exploiting Cleo file transfer vulnerabilities

Over 300 orgs compromised through several DrayTek exploits | SC Media

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Chrome 131 Update Patches High-Severity Memory Safety Bugs - SecurityWeek

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

Hackers are abusing Microsoft tools more than ever before | TechRadar

BeyondTrust Patches Critical Vulnerability Discovered During Security Incident Probe - SecurityWeek

Microsoft confirms critical Windows Defender vulnerability. What you need to do right now. | Mashable

New Apache Tomcat Vulnerabilities Let Attackers Execute Remote Code

Undocumented DrayTek Vulnerabilities Exploited to Hack Hundreds of Orgs - SecurityWeek

Critical flaw in WordPress plugin exploited to install malicious software | SC Media

Researchers claim an AMD security flaw could let hackers access encrypted data | ITPro

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 15/12/2024 Black Arrow Admin 15/12/2024

Black Arrow Cyber Threat Intelligence Briefing 13 December 2024

Black Arrow Cyber Threat Intelligence Briefing 13 December 2024:

-Cyber Security Risks Rise During Mergers & Acquisitions

-Ransomware Gangs’ Merciless Attacks Bleed Small Companies Dry

-AI & Cyber Security to Shape the Tech Landscape in 2025

-Phishing: The Silent Precursor to Data Breaches

-Business Cyber Understanding Gap Creates New Vulnerabilities

-Cyber Defence vs Cyber Resilience: Why It's Time to Prioritise Recovery

-UK SMEs Are Concerned About Preparedness for Cyber Attacks as Fraud Rises

-Cyber Risk to Intensify in 2025 as Attackers Switch Tactics

-Companies Pull Company and Board Leadership Bios from Their Websites After Insurance Executive’s Killing

-Boardroom Risks Revealed in Latest Beazley Report

-Employee Visits to Adult or Gambling Sites Doubles Risk of Infection by Malware

-North Korea's Fake IT Worker Scam Hauled in at Least $88 Million Over Six Years

Governance, Risk and Compliance

UK SMEs Are Concerned About Preparedness For Cyber Attacks as Fraud Rises Finds Mollie | The Fintech Times

Cyber security risks rise during mergers & acquisitions

Boardroom risks revealed in latest Beazley report | Insurance Business America

UnitedHealthcare and other major insurance companies pull company and board leadership bios from their websites after executive’s killing | Fortune

Dear CEO: It’s time to rethink security leadership and empower your CISO | CSO Online

Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks

We must adjust expectations for the CISO role - Help Net Security

Cyber defence vs cyber resilience: why it's time to prioritize recovery

Business cyber understanding gap creates new vulnerabilities

Cyber risk to intensify in 2025 as attackers switch tactics: Moody's - Reinsurance News

Cyber Security In The Digital Frontier: Reimagining Organisational Resilience

Charges Against CISOs Create Worries, Hope in Security Industry: Survey - Security Boulevard

The skills that cyber security leaders need

70 percent of cyber security leaders worry about personal liability

Report: 84% of Fortune 500 companies scored a D or worse for their cyber security efforts | Cybernews

CISOs need to consider the personal risks associated with their role - Help Net Security

Cyber security has become a strategic differentiator for organisations, says Ismail Al Naqi at GN forum | Technology – Gulf News

Cultivating a Hacker Mindset in Cyber Security Defence

Blackbaud Appoints Bradley Pyburn, Former Chief of Staff of US Cyber Command, to Board of Directors

Heed the warnings on cyber security threats - James McGachie

How to Improve Your Cyber Security On a Lower Budget | Mimecast

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Gangs’ Merciless Attacks Bleed Small Companies Dry

You’ve been hit with ransomware. Think twice before you pay. | Constangy, Brooks, Smith & Prophete, LLP - JDSupra

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

Cleo Vulnerability Exploitation Linked to Termite Ransomware Group - SecurityWeek

New Windows Drive-By Security Attack—What You Need To Know

What Do We Know About the New Ransomware Gang Termite?

Ransomware Victims

Blue Yonder SaaS giant breached by Termite ransomware gang

8Base hacked port operating company Luka Rijeka - Help Net Security

Separate ransomware attacks hit Japanese firms’ US subsidiaries | SC Media

Deloitte Responds After Ransomware Group Claims Data Theft - SecurityWeek

Anna Jaques Hospital ransomware breach exposed data of 300K patients

National Museum of the Royal Navy hit by cyber attack - Museums Association

Ransomware Disrupts Operations At Leading Heart Surgery Device Maker

Krispy Kreme admits there's a hole in its security • The Register

Phishing & Email Based Attacks

Businesses plagued by constant stream of malicious emails - Help Net Security

Phishing: The Silent Precursor to Data Breaches - SecurityWeek

A new report shows QR code phishing is on the rise | Security Magazine

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

Cyber criminals are using virtual hard drives to drop RATs in phishing attacks | TechRadar

European Police Disrupt Phone Phishing Gang with Arrests - Infosecurity Magazine

Eight Suspected Phishers Arrested in Belgium, Netherlands - SecurityWeek

Millionaire Airbnb Phishing Ring Busted Up by Police

Brand Impersonations Surge 2000% During Black Friday

Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down - Security Boulevard

New Advanced Email Attack Warning Issued—5 Things To Know

Email security: Why traditional defences fall short in today's threat landscape

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

Businesses received over 20 billion spam emails this year | TechRadar

Phishing Scam Targets Ukrainian Defence Companies - Infosecurity Magazine

5 Email Attacks You Need to Know for 2025 | Abnormal

Business Email Compromise (BEC)/Email Account Compromise (EAC)

Understanding the Shifting Anatomy of BEC Attacks

Notorious Nigerian cyber criminal tied to BEC scams extradited to US | CyberScoop

Other Social Engineering

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

KnowBe4 Report Finds 44% of HR Professionals Have Encountered Fraudulent or Scam Job Applications - IT Security Guru

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion | Trend Micro (US)

Cyber criminals Impersonate Dubai Police to Defraud Consumers in the UAE - Smishing Triad in Action

Hackers are posing as job recruiters to spread a dangerous banking trojan and steal your money — don’t fall for this | Tom's Guide

Spain busts voice phishing ring for defrauding 10,000 bank customers

Fake IT Workers Funnelled Millions to North Korea, DOJ Says - SecurityWeek

Artificial Intelligence

Generative AI's cyber security potential is clear, but so far it's given hackers the upper hand | ITPro

AI & cyber security to shape the tech landscape in 2025

Microsoft Recall caught capturing credit card and Social Security numbers despite reassurances it won't | Tom's Guide

AI is a gamble we cannot afford without cyber security

Compromised AI Library Delivers Cryptocurrency Miner via PyPI - Infosecurity Magazine

AI fakes, cyber attacks threaten German election – DW – 12/06/2024

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

A Very Merry NISTmas: 2024 Updates to the Cyber Security and AI Framework | Ropes & Gray LLP - JDSupra

2FA/MFA

Microsoft Azure MFA Flaw Allowed Easy Access Bypass - Infosecurity Magazine

Microsoft MFA Bypassed via AuthQuake Attack - SecurityWeek

No User Interaction, No Alerts: Azure MFA Cracked In An Hour

Researchers Crack Microsoft Azure MFA in an Hour

Snowflake Rolls Out Mandatory MFA Plan

Malware

Employee Visits to Adult or Gambling Sites Doubles | Newswise

Windows, macOS users targeted with crypto-and-info-stealing malware - Help Net Security

Cyber criminals are using virtual hard drives to drop RATs in phishing attacks | TechRadar

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion | Trend Micro (US)

Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks - SecurityWeek

Open source malware surged by 156% in 2024 | ITPro

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

Remcos RAT Malware Evolves with New Techniques - Infosecurity Magazine

More advanced Zloader malware variant emerges | SC Media

Hackers are posing as job recruiters to spread a dangerous banking trojan and steal your money — don’t fall for this | Tom's Guide

This devious new malware technique looks to hijack Windows itself to avoid detection | TechRadar

New stealthy Pumakit Linux rootkit malware spotted in the wild

RedLine info-stealer campaign targets Russian businesses

North Korean hackers target South Korea with Internet Explorer vulnerabilities to deploy RokRAT malware | TechRadar

Ongoing Phishing and Malware Campaigns in December 2024

Bots/Botnets

It’s Beginning To Look A Lot Like Grinch Bots

Mobile

Lookout Discovers New Spyware Deployed by Russia and China - Infosecurity Magazine

Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

'EagleMsgSpy' Android Spyware Linked to Chinese Police

New Smartphone Warning—Forget What You’ve Been Told About Security

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

Experts discovered the first mobile malware families linked to Russia's Gamaredon

Telegram founder Pavel Durov questioned in Paris court for first time: Report

Apple’s iPhone Hit By FBI Warning And Lawsuit Before iOS 18.2 Release

Denial of Service/DoS/DDoS

Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

Internet of Things – IoT

EU cyber security rules for smart devices enter into force | TechCrunch

DoD Digital Forensics: Unlocking Evidence In Cars, Wearables, And IoT

The EU Cyber Resilience Act: Enhancing Digital Security In The AI Era

Vulnerabilities in Skoda & Volkswagen Cars Let Hackers Remotely Track Users

Data Breaches/Leaks

Phishing: The Silent Precursor to Data Breaches - SecurityWeek

Deloitte Denies Breach, Claims Cyber-Attack Targeted Single Client - Infosecurity Magazine

Deloitte sues 3 partners who 'leaked secrets' to rival firm

Public Reprimands, an Effective Deterrent Against Data Breaches - Infosecurity Magazine

Salt Typhoon recorded 'very senior' US officials' calls • The Register

446,000 Impacted by Center for Vein Restoration Data Breach - SecurityWeek

Massive Data Breach Hits Senior Dating Website, Exposing Over 765,000 Users

Cyber security expert Abi Waddell hacked huntsmen to leak their names and addresses

Attackers can abuse the Windows UI Automation framework to steal data from apps | CSO Online

Cyber security Lessons From 3 Public Breaches

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

New Atrium Health data breach impacts 585,000 individuals

Thousands of children exposed in major data breach — including names, addresses and social security numbers | Tom's Guide

US Bitcoin ATM operator Byte Federal suffered a data breach

Organised Crime & Criminal Actors

Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks

Recently Charged Scattered Spider Suspect Did Poor Job at Covering Tracks - SecurityWeek

Cyber crime gang arrested after turning Airbnbs into fraud centres

Russian government spies targeted Ukraine using tools developed by cyber criminals | TechCrunch

Emulating the Financially Motivated Criminal Adversary FIN7 – Part 1 - Security Boulevard

Alleged Scattered Spider hacker arrested, indicted | SC Media

Cyber security expert Abi Waddell hacked huntsmen to leak their names and addresses

Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down - Security Boulevard

Cyber criminal marketplace Rydox seized in international law enforcement operation | CyberScoop

FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized

He Investigates the Internet’s Most Vicious Hackers—From a Secret Location - WSJ

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Windows, macOS users targeted with crypto-and-info-stealing malware - Help Net Security

Radiant links $50 million crypto heist to North Korean hackers

"CP3O" pleads guilty to multi-million dollar cryptomining scheme

North Korean Group UNC4736 Blamed for Radiant Capital Breach

Compromised AI Library Delivers Cryptocurrency Miner via PyPI - Infosecurity Magazine

US Bitcoin ATM operator Byte Federal suffered a data breach

Insider Risk and Insider Threats

Employee Visits to Adult or Gambling Sites Doubles | Newswise

Deloitte sues 3 partners who 'leaked secrets' to rival firm

How To Flip the Script on the Latest Insider Threat Trends

KnowBe4 Report Finds 44% of HR Professionals Have Encountered Fraudulent or Scam Job Applications - IT Security Guru

Insurance Worker Sentenced After Illegally Accessing Claimants’ Data - Infosecurity Magazine

7 types of insider threats | University of Strathclyde

Insurance

Lloyd's of London Launches First-of-its-kind Consortium Built on HITRUST Certification to Shape the Future of Cyber Insurance

How to make your clients less attractive to cyber criminals | Insurance Business America

Supply Chain and Third Parties

Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks

Blue Yonder SaaS giant breached by Termite ransomware gang

Containers are a weak link in supply chain security

Lessons From the Largest Software Supply Chain Incidents

Cloud/SaaS

Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again | TechCrunch

Blue Yonder SaaS giant breached by Termite ransomware gang

Who handles what? Common misconceptions about SaaS security responsibilities - Help Net Security

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion | Trend Micro (US)

Thousands of AWS credentials stolen from misconfigured sites • The Register

Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks - SecurityWeek

Microsoft MFA Bypassed via AuthQuake Attack - SecurityWeek

No User Interaction, No Alerts: Azure MFA Cracked In An Hour

Outages

Microsoft 365 outage takes down Office web apps, admin center

Facebook, Instagram, WhatsApp hit by massive worldwide outage

ChatGPT and Sora experienced a major outage | TechCrunch

Russian users report Gazprombank outages amid alleged Ukrainian cyber attack | The Record from Recorded Future News

Encryption

Telegram founder Pavel Durov questioned in Paris court for first time: Report

Google says its breakthrough Willow quantum chip can’t break modern cryptography - The Verge

Apple’s iPhone Hit By FBI Warning And Lawsuit Before iOS 18.2 Release

Linux and Open Source

Open source malware surged by 156% in 2024 | ITPro

New stealthy Pumakit Linux rootkit malware spotted in the wild

Passwords, Credential Stuffing & Brute Force Attacks

Thousands of AWS credentials stolen from misconfigured sites • The Register

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

Hackers Target Global Sporting Events With Fake Domains To Steal Logins

Social Media

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Federal Appeals Court Upholds Law Threatening US TikTok Ban - Infosecurity Magazine

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

Massive Data Breach Hits Senior Dating Website, Exposing Over 765,000 Users

Training, Education and Awareness

Opinion: Why cyber security awareness is everyone's responsibility | Calgary Herald

Regulations, Fines and Legislation

EU cyber security rules for smart devices enter into force | TechCrunch

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Federal Appeals Court Upholds Law Threatening US TikTok Ban - Infosecurity Magazine

Why Americans must be prepared for cyber security’s worst | CyberScoop

The EU Cyber Resilience Act: Enhancing Digital Security In The AI Era

US Telco Security Efforts Ramp Up After Salt Typhoon

Experts Call for Overhaul of National Cyber Director Role

Cyprus financial sector gears up for stricter cyber security | Cyprus Mail

Models, Frameworks and Standards

The EU Cyber Resilience Act: Enhancing Digital Security In The AI Era

A Very Merry NISTmas: 2024 Updates to the Cyber Security and AI Framework | Ropes & Gray LLP - JDSupra

Understanding ISO 27001: The Backbone of Information Security Management: By Kajal Kashyap

Careers, Working in Cyber and Information Security

HR Magazine - Lock it in: How to close the cyber security training gap

What makes for a fulfilled cyber security career - Help Net Security

Law Enforcement Action and Take Downs

Recently Charged Scattered Spider Suspect Did Poor Job at Covering Tracks - SecurityWeek

Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested

European Police Disrupt Phone Phishing Gang with Arrests - Infosecurity Magazine

Eight Suspected Phishers Arrested in Belgium, Netherlands - SecurityWeek

Spain busts voice phishing ring for defrauding 10,000 bank customers

Notorious Nigerian cyber criminal tied to BEC scams extradited to US | CyberScoop

Cyber criminal marketplace Rydox seized in international law enforcement operation | CyberScoop

Millionaire Airbnb Phishing Ring Busted Up by Police

"CP3O" pleads guilty to multi-million dollar cryptomining scheme

Telegram founder Pavel Durov questioned in Paris court for first time: Report

Horizon Post Office scandal: Police investigating dozens for perjury and perverting the course of justice | The Independent

Jersey police help disrupt multi-billion money laundering networks | Bailiwick Express

Misinformation, Disinformation and Propaganda

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

AI fakes, cyber attacks threaten German election – DW – 12/06/2024

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Keep cash at home due to cyber attack risks, Dutch Central Bank warns – The Irish Times

NATO Offensive cyber operations exercise Crossed Swords gets underway in Tallinn

Nation State Actors

China

Salt Typhoon recorded 'very senior' US officials' calls • The Register

Counterintelligence director reveals extent of damage from China telecom hacks - Washington Times

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Federal Appeals Court Upholds Law Threatening US TikTok Ban - Infosecurity Magazine

How Chinese insiders exploit its surveillance state • The Register

Compromised Software Code Poses New Systemic Risk to US Critical Infrastructure

Chinese hackers use Visual Studio Code tunnels for remote access

US Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

US Telco Security Efforts Ramp Up After Salt Typhoon

Why did China hack the world’s phone networks?

Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017

US govt says Cisco gear often targeted in China's Salt Typhoon attacks on 8 telecommunications providers — issues Cisco-specific advice to patch networks to fend off attacks | Tom's Hardware

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

As US finally details Chinese Salt Typhoon attack, FCC Chair proposes new rules for telcos

'EagleMsgSpy' Android Spyware Linked to Chinese Police

Russia

Lookout Discovers New Spyware Deployed by Russia and China - Infosecurity Magazine

Keep cash at home due to cyber attack risks, Dutch Central Bank warns – The Irish Times

The EU Makes an Urgent TikTok Inquiry on Russia's Role in Romanian Election Turmoil - SecurityWeek

Russian hacktivists target oil, gas and water sectors worldwide | SC Media

Suspected Russian hackers target Ukrainian defence enterprises in new espionage campaign | The Record from Recorded Future News

Russian government spies targeted Ukraine using tools developed by cyber criminals | TechCrunch

EU envoys to discuss first sanctions targeting Russian hybrid threats

Exploring Cyber-Darkness: How Moscow Undermines the West via the Dark Web | Geopolitical Monitor

NATO Offensive cyber operations exercise Crossed Swords gets underway in Tallinn

Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States

Ukraine Weighs Telegram Security Risks Amid War With Russia - The New York Times

Romania Exposes Propaganda Campaign Supporting Pro-Russian Candidate - Infosecurity Magazine

AI fakes, cyber attacks threaten German election – DW – 12/06/2024

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

Experts discovered the first mobile malware families linked to Russia's Gamaredon

Threat hunting case study: Cozy Bear | Intel 471

Phishing Scam Targets Ukrainian Defence Companies - Infosecurity Magazine

Russia disconnects several regions from the global internet to test its sovereign net | TechRadar

Russia takes unusual route to hack Starlink-connected devices in Ukraine - Ars Technica

Russian users report Gazprombank outages amid alleged Ukrainian cyber attack | The Record from Recorded Future News

RedLine info-stealer campaign targets Russian businesses

North Korea

North Korea's fake IT worker scam hauled in $88 million • The Register

Radiant links $50 million crypto heist to North Korean hackers

North Korean Group UNC4736 Blamed for Radiant Capital Breach

North Korean hackers target South Korea with Internet Explorer vulnerabilities to deploy RokRAT malware | TechRadar

Tools and Controls

Who handles what? Common misconceptions about SaaS security responsibilities - Help Net Security

Security researchers set up an API honeypot to dupe hackers – and the results were startling | ITPro

Neglect of endpoints presents a major security gap for enterprises

Conquering the Complexities of Modern BCDR

Safe Handling of Data: Why Secrets Sprawl is a Risk - Security Boulevard

Why don’t security leaders get the funds they need to succeed? | SC Media

What is Cyber Threat Detection and Response? | UpGuard

US Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls

Bug bounty programs: Why companies need them now more than ever | CSO Online

Cyber Security Products or Platforms - Which is More Effective? - Security Boulevard

AI is a gamble we cannot afford without cyber security

Exposed APIs and issues in the world's largest organisations - Help Net Security

WAF Vulnerability in Akamai, Cloudflare, and Imperva Affected 40% of Fortune 100 Companies

Microsoft enforces defences preventing NTLM relay attacks - Help Net Security

Businesses struggle with IT security, Kaspersky reports

Unlocking the Value of DSPM: What You Need to Know - IT Security Guru

7 Must-Know IAM Standards in 2025

Mastering PAM to Guard Against Insider Threats - Security Boulevard

The Future of Network Security: Automated Internal and External Pentesting

How to Make the Case for Network Security Audits - Security Boulevard

Strengthening security posture with comprehensive cyber security assessments - Help Net Security

Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge - Infosecurity Magazine

Generative AI's cyber security potential is clear, but so far it's given hackers the upper hand | ITPro

TPM 2.0: The new standard for secure firmware - Help Net Security

How to Improve Your Cyber Security On a Lower Budget | Mimecast

Reports Published in the Last Week

New Report from Cloud Security Alliance Highlights Key Aspects of Data Resiliency in the Financial Sector | Business Wire

The Cyber Security Challenge in Mergers and Acquisitions - ReliaQuest

5 Email Attacks You Need to Know for 2025 | Abnormal

Cloudflare 2024 report highlights internet growth and rising cyber security challenges - SiliconANGLE

Kiteworks 2025 Cyber Security Report Unveils Critical Trends And Strategies For Protecting Sensitive Data

2025 Forecast Report for Managing Private Content Exposure Risk

Other News

UK SMEs Are Concerned About Preparedness For Cyber Attacks as Fraud Rises Finds Mollie | The Fintech Times

TfL cyber attack cost over £30m to date | Computer Weekly

50% Of M&A Security Issues Are Non-Malicious

Cyber Security In The Digital Frontier: Reimagining Organisational Resilience

Attackers can abuse the Windows UI Automation framework to steal data from apps | CSO Online

Microsoft enforces defences preventing NTLM relay attacks - Help Net Security

Businesses struggle with IT security, Kaspersky reports

IT pros say hackers could compromise device supply chain, firmware security | SC Media

Report: 84% of Fortune 500 companies scored a D or worse for their cyber security efforts | Cybernews

Non-Human Identities: The Silent Threat - InfoRiskToday

The Big Question: Is the UK doing enough when it comes to cyber risks? - Emerging Risks Media Ltd

From Europe to South Africa: Where Is the World on Cyber Defence?

You Don’t Talk to Strangers, So Why Does Your Internet? | SC Media

Drowning in spam? Stop giving out your email address - do this instead | ZDNET

Heed the warnings on cyber security threats - James McGachie

Utility Companies Face 42% Surge in Ransomware Attacks - Infosecurity Magazine

Safeguarding Charities From Cyber Crime l Blog l Nelsons Solicitors

Vulnerability Management

What Is an Application Vulnerability? 8 Common Types - Security Boulevard

Containers have 600+ vulnerabilities on average - Help Net Security

Vulnerabilities

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

SonicWall Patches 6 Vulnerabilities in Secure Access Gateway - SecurityWeek

Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks - SecurityWeek

SAP Patches Critical Vulnerability in NetWeaver - SecurityWeek

Adobe Patches Over 160 Vulnerabilities Across 16 Products - SecurityWeek

Micropatching service releases fix for a zero-day vulnerability affecting three Windows generations | TechSpot

Apple Pushes Major iOS, macOS Security Updates - SecurityWeek

Apache issues patches for critical Struts 2 RCE bug • The Register

Security Flaws in WordPress Woffice Theme Prompts Urgent Update - Infosecurity Magazine

New Windows zero-day exposes NTLM credentials, gets unofficial patch

Unauthorized file access possible with chained Mitel MiCollab flaws | SC Media

New Windows Warning As Zero-Day With No Official Fix Confirmed For All Users

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Microsoft Azure MFA Flaw Allowed Easy Access Bypass - Infosecurity Magazine

Multiple Ivanti CSA Vulnerabilities Let Attackers Bypass Admin Web Console Remotely

WAF Vulnerability in Akamai, Cloudflare, and Imperva Affected 40% of Fortune 100 Companies

QNAP Patches Vulnerabilities Exploited at Pwn2Own - SecurityWeek

OpenWrt supply chain attack scare prompts urgent upgrades • The Register

Atlassian, Splunk Patch High-Severity Vulnerabilities - SecurityWeek

AMD VM security tools can be bypassed, letting hackers infilitrate your devices, experts warn | TechRadar

Hunk Companion WordPress plugin exploited to install vulnerable plugins

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Black Arrow Admin 11/12/2024 Black Arrow Admin 11/12/2024

Black Arrow Cyber Advisory 11 December 2024 – Microsoft, Ivanti, Adobe, and Chrome Security Updates

Executive summary

In line with Microsoft’s November Patch Tuesday, several vendors, including Ivanti, Adobe, and Google, have released security updates to fix vulnerabilities in their products. Microsoft has addressed 72 security issues, including a critical Windows Common Log File System (CLFS) vulnerability that is being actively exploited. Ivanti’s updates cover its Cloud Services Application (CSA), Connect Secure, Policy Secure, and Sentry products, fixing multiple critical vulnerabilities, one of which has the highest severity rating of 10, allowing unauthorised remote attackers to gain administrative access. Adobe has released patches for 168 security issues across various products, including Experience Manager, Connect, Animate, and InDesign. Google has updated Chrome to fix three high-severity vulnerabilities in the browser.

What’s the risk to me or my business?

What can I do?

Microsoft

Further details on specific updates within this Microsoft patch Tuesday can be found here:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec

Ivanti

Further details on specific updates across affected Ivanti products can be found here:

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US

https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs?language=en_US

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2024-8540?language=en_US

Adobe

Further details of the vulnerabilities in affected Adobe products can be found here under ‘Recent bulletins and advisories’:

https://helpx.adobe.com/security/security-bulletin.html

Chrome

Further details of the vulnerabilities in the Chrome Browser products can be found here:

https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin 08/12/2024 Black Arrow Admin 08/12/2024

Black Arrow Cyber Threat Intelligence Briefing 06 December 2024

Black Arrow Cyber Threat Intelligence Briefing 06 December 2024:

-Generative AI Makes Phishing Attacks More Believable and Cost-Effective

-Nearly Half a Billion Emails to Businesses Contain Malicious Content

-65% of Office Workers Bypass Cyber Security to Boost Productivity

-Cyber Warfare Rising Across EU in Bid to 'Destabilise' Member States

-INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million

-Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defences

-Russian Money Laundering Networks Uncovered Linking Narco Traffickers, Ransomware Gangs and Kremlin Spies

-UK Underestimates Threat of Cyber Attacks from Hostile States and Gangs

-Why You Must Beware of Dangerous New Scam-Yourself Cyber Attacks

-Security Must Be Used as a Springboard, Not Just a Shield

-Why Your Cyber Insurance May Not Cover Everything: Finding and Fixing Blind Spots

-Cyber Criminals Already Using AI for Most Types of Scams, FBI Warns

Governance, Risk and Compliance

Many small businesses are falling well short when it comes to cyber security plans | TechRadar

Security must be used as a springboard, not just a shield

NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News

6 Considerations to Determine if a Cyber Incident Is Material | Troutman Pepper - JDSupra

CISOs will face growing challenges in 2025 and beyond | Computer Weekly

CISOs in 2025: Evolution of a High-Profile Role

65% of employees bypass cyber security policies, driven by hybrid work and flexible access

Why Operational Risk Planning Is Crucial For Every SME

Large And Small Businesses Face More Serious Repercussions From Cyber Threats | HackerNoon

Incident Response Playbooks: Are You Prepared?

63% of companies plan to pass data breach costs to customers | CSO Online

Why your cyber insurance may not cover everything: Finding and fixing blind spots | SC Media

How to talk to your board about tech debt | CIO

Navigating the Changing Cyber Security Regulations Landscape

The Rising Tide of Cyber Threats: Stay Ahead, Fortify Defences - The Futurum Group

Employees suffering compliance and security fatigue | theHRD

Building a robust security posture with limited resources - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Strikes when Organisations Unknowingly Open the Door | Security Info Watch

Does Cyber Insurance Drive Up Ransom Demands?

Why Are Hospital Ransomware Attacks Becoming More Frequent Globally? The UN Met to Discuss | HackerNoon

Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek

No company too small for Phobos ransomware gang, indictment reveals | Malwarebytes

Storm-1811 exploits RMM tools to drop Black Basta ransomware

Ransomware attacks on critical sectors ramped up in November | TechTarget

Hackers are pivoting from data breaches to business shutdowns

Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested

Ransomware's Grip on Healthcare

Ransomware Costs Manufacturing Sector $17bn in Downtime - Infosecurity Magazine

Ransomware Victims

UK hospital resorts to paper and postpones procedures after cyber attack

Alder Hey Children’s Hospital confirms hackers gained access to patient data through digital gateway service | ITPro

Arrowe Park: 'Longer A&E wait times' continue after cyber attack - BBC News

Cyber attack hits three NHS Liverpool hospitals | UKAuthority

British telecoms giant BT confirms attempted cyber attack after ransomware gang claims hack | The Record from Recorded Future News

Blue Yonder Confirms Reports of Recent Ransomware Attack | Console and Associates, P.C. - JDSupra

Ransomware Attack Disrupts Operations at US Contractor ENGlobal - Infosecurity Magazine

Bologna FC Hit By 200GB Data Theft and Ransom Demand - Infosecurity Magazine

Stoli Vodka and Kentucky Owl File for Bankruptcy Following Cyber Attack, Russian Seizures | NTD

Vodka maker Stoli files for bankruptcy in US after ransomware attack

Italian football club Bologna FC says company data stolen during ransomware attack | The Record from Recorded Future News

Phishing & Email Based Attacks

Novel phising campaign uses corrupted Word documents to evade security

Corrupted Word Files Fuel Sophisticated Phishing Campaign - Infosecurity Magazine

This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar

This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defences

Nearly half a billion emails to businesses contain malicious content, Hornet Security report finds

KnowBe4 Releases the Latest Phishing Trends Report

GenAI makes phishing attacks more believable and cost-effective - Help Net Security

New Rockstar 2FA phishing service targets Microsoft 365 accounts

North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks

HR and IT are among top-clicked phishing subjects

Top Five Industries Aggressively Targeted By Phishing Attacks

Don't Fall For This "Sad Announcement" Phishing Scam

Defending Against Email Attachment Scams - Security Boulevard

Widespread RAT compromise via bogus emails, JavaScript payloads detailed | SC Media

50 Servers Linked to Cyber Crime Marketplace and Phishing Sites Seized by Law Enforcement - SecurityWeek

This sneaky phishing attack is a new take on a dirty old trick | PCWorld

Phishing attacks rose by more than 600% in the buildup to Black Friday | Security Magazine

Other Social Engineering

Why You Must Beware Of Dangerous New Scam-Yourself Cyber Attacks

North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC

Spotting the Charlatans: Red Flags for Enterprise Security Teams - SecurityWeek

How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn

Artificial Intelligence

GenAI makes phishing attacks more believable and cost-effective - Help Net Security

Cyber criminals already using AI for most types of scams, FBI warns | Cybernews

How laws strain to keep pace with AI advances and data theft | ZDNET

FBI Warns GenAI is Boosting Financial Fraud - Infosecurity Magazine

Teenagers leading new wave of cyber crime - Help Net Security

Cyber security professionals call for AI regulations

Cyber security in 2025: AI threats & zero trust focus

Do Macs get viruses? The answer is yes – and AI-powered malware is a growing threat, new report claims | TechRadar

Microsoft's Vasu Jakkal on how gen AI is redefining cyber security | VentureBeat

Treat AI like a human: Redefining cyber security - Help Net Security

AI chatbot startup WotNot leaks 346,000 files, including passports and medical records

25% of enterprises using AI will deploy AI agents by 2025 | ZDNET

The role of artificial intelligence in fostering multifaceted cooperation among BRICS nations - Africa Policy Research Institute (APRI)

2FA/MFA

This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar

This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How

Malware

North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor - Ars Technica

Venom Spider Spins Web of MaaS Malware

Russia's 'BlueAlpha' APT Hides in Cloudflare Tunnels

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

New Windows Backdoor Security Warning For Bing, Dropbox, Google Users

Do Macs get viruses? The answer is yes – and AI-powered malware is a growing threat, new report claims | TechRadar

More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

Widespread RAT compromise via bogus emails, JavaScript payloads detailed | SC Media

SmokeLoader Malware Campaign Targets Companies in Taiwan - Infosecurity Magazine

ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

Security Bite: Threat actors are widely using AI to build Mac malware - 9to5Mac

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks | Trend Micro (US)

'Horns&Hooves' Malware Campaign Hits Over 1,000 Victims

Mobile

8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play

SMEs put at risk by poor mobile security practices

New DroidBot Android malware targets 77 banking, crypto apps

Android's December 2024 Security Update Patches 14 Vulnerabilities - SecurityWeek

FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews

The FBI now says encryption is good for you – Computerworld

NSO Group's Pegasus Spyware Detected in New Mobile Devices

Business leaders among Pegasus spyware victims, says security firm | TechCrunch

Smartphone Security Warning—Make Changes Now Or Become A Victim

Many small businesses are falling well short when it comes to cyber security plans | TechRadar

Top 5 Mobile Security Risks for Enterprises - Zimperium

Trojan-as-a-Service Hits Euro Banks, Crypto Exchanges

This is why the FBI is warning iOS users not to text Android users and vice versa - PhoneArena

Banking apps can now require recent Android security updates

Denial of Service/DoS/DDoS

Misconfigured WAFs Heighten DoS, Breach Risks

How DDoS attacks are shaping esports security and risk management | Insurance Business America

Internet of Things – IoT

From Patchwork to Framework: Towards a Global IoT Security Paradigm - Infosecurity Magazine

Chinese LIDAR Dominance a Cyber Security Threat, Warns Think Tank - Infosecurity Magazine

Data Breaches/Leaks

Russian hacking software used to steal hundreds of MoD log-ins

760,000 Employee Records From Several Major Firms Leaked Online - SecurityWeek

Over 600,000 people hit in massive data breach — background checks, vehicle and property records | Tom's Guide

Sadiq Khan admits some commuters may never be refunded after TfL cyber attack

Hundreds of UK Ministry of Defence passwords found circulating on the dark web | CSO Online

White FAANG Data Export Attack: A Gold Mine for PII Threats

63% of companies plan to pass data breach costs to customers | CSO Online

Deloitte Hacked - Brain Cipher Group Allegedly Stolen 1 TB of Data

Process over top-down enforcement: prevent data leaks

Lessons in cyber security from the Internet Archive Breaches | TechRadar

Cyber attack on debt acquisition firm Cabot involved theft of 394,000 data files, court hears – DataBreaches.Net

AI chatbot startup WotNot leaks 346,000 files, including passports and medical records

Major USAID contractor Chemonics says 263,000 affected by 2023 data breach | The Record from Recorded Future News

Israeli tech firm Silicom denies Iranian claims of Mossad and Unit 8200 links after c | Ctech

Controversial Andrew Tate ‘War Room’ Videos Leaked By Hackers

Organised Crime & Criminal Actors

INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million

How laws strain to keep pace with AI advances and data theft | ZDNET

Cyber crime | At least 20% cyber crimes involve dark web usage by attackers: Report - Telegraph India

UK Justice System Failing Cyber Crime Victims, Cyber Helpline Finds - Infosecurity Magazine

Alleged Snowflake Hacker ‘Danger’ to the Public

Russia gives life sentence to Hydra dark web kingpin • The Register

Venom Spider Spins Web of MaaS Malware

Teenagers leading new wave of cyber crime - Help Net Security

Cyber criminals already using AI for most types of scams, FBI warns | Cybernews

German Police Shutter Country’s Largest Dark Web Market - Infosecurity Magazine

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Eurocops red pill the Matrix 'secure' criminal chat systems • The Register

Police seizes largest German online crime marketplace, arrests admin

50 Servers Linked to Cyber Crime Marketplace and Phishing Sites Seized by Law Enforcement - SecurityWeek

Record-Breaking $2 Million Bounty Offered To Crypto.com Hackers

Scattered Spider Hacking Gang Arrests Mount with California Teen

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024 - SecurityWeek

How North Korean hackers stole billions in crypto while posing as VCs, IT workers – Firstpost

North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC

New DroidBot Android malware targets 77 banking, crypto apps

How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn

Record-Breaking $2 Million Bounty Offered To Crypto.com Hackers

Insider Risk and Insider Threats

65% of employees bypass cyber security policies, driven by hybrid work and flexible access

Inside threats: How can companies improve their cyber hygiene?

Insider Threats vs. Privacy: A Dilemma for IT Professionals

Process over top-down enforcement: prevent data leaks

Macy’s found a single employee hid up to $154 million worth of expenses | CNN Business

Insurance

Does Cyber Insurance Drive Up Ransom Demands?

Re/insurance market must prepare for Single Point of Failure tech outage events: CyberCube - Reinsurance News

Cyber insurance checklist: 12 must-have security features | SC Media

Why your cyber insurance may not cover everything: Finding and fixing blind spots | SC Media

Supply Chain and Third Parties

Re/insurance market must prepare for Single Point of Failure tech outage events: CyberCube - Reinsurance News

Report shows the threat of supply chain vulnerabilities from third-party products | TechRadar

Blue Yonder Confirms Reports of Recent Ransomware Attack | Console and Associates, P.C. - JDSupra

Hardening Links in Supply Chain Security | SC Media UK

Fear of cyber attack outweighs investment in security along the supply chain - The Loadstar

Cloud/SaaS

This worrying new phishing attack is going after Microsoft 365 accounts | TechRadar

This New Microsoft 365 Attack Can Break Through Your 2FA: Here's How

CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media

New Rockstar 2FA phishing service targets Microsoft 365 accounts

5 things you should never back up to the cloud

New Windows Backdoor Security Warning For Bing, Dropbox, Google Users

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Outages

Re/insurance market must prepare for Single Point of Failure tech outage events: CyberCube - Reinsurance News

Identity and Access Management

The New Cyber Frontier: Managing Risks in Distributed Teams - Infosecurity Magazine

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Encryption

The Growing Quantum Threat to Enterprise Data: What Next?

FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews

The FBI now says encryption is good for you – Computerworld

This is why the FBI is warning iOS users not to text Android users and vice versa - PhoneArena

Linux and Open Source

70% of open-source components are poorly or no longer maintained - Help Net Security

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor - Ars Technica

New Report Highlights Open Source Trends And Security Challenges

Passwords, Credential Stuffing & Brute Force Attacks

Hundreds of UK Ministry of Defence passwords found circulating on the dark web | CSO Online

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

Six password takeaways from the updated NIST cybersecurity framework

Microsoft's Vasu Jakkal on how gen AI is redefining cyber security | VentureBeat

Social Media

Tech Support Scams Exploit Google Ads to Target Users | Tripwire

How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn

Romania to recount votes as TikTok slammed for election role | Stars and Stripes

Meta says it has taken down about 20 covert influence operations in 2024 | Meta | The Guardian

Malvertising

Tech Support Scams Exploit Google Ads to Target Users | Tripwire

Regulations, Fines and Legislation

How laws strain to keep pace with AI advances and data theft | ZDNET

EC takes action as member states miss NIS2 directive deadline

NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News

6 Considerations to Determine if a Cyber Incident Is Material | Troutman Pepper - JDSupra

DORA Demystified: Dispelling 5 Myths for ICT Service Providers | Morrison & Foerster LLP - JDSupra

An Overview of the NIS2 Directive and Its Implementation in France and Luxembourg | Goodwin - JDSupra

New EU Regulation Establishes European 'Cyber Security Shield' - SecurityWeek

Cyber Security: Council of EU formally adopts Cybersecurity and Cyber Solidarity Act | Practical Law

Cyber security professionals call for AI regulations

Navigating the Changing Cyber Security Regulations Landscape

Employees suffering compliance and security fatigue | theHRD

Models, Frameworks and Standards

EC takes action as member states miss NIS2 directive deadline

NIS2 still a mystery to cyber security bosses, research shows - Data Centre & Network News

New NIST Guidance Offers Update on Gauging Cyber Performance

DORA Demystified: Dispelling 5 Myths for ICT Service Providers | Morrison & Foerster LLP - JDSupra

An Overview of the NIS2 Directive and Its Implementation in France and Luxembourg | Goodwin - JDSupra

Six password takeaways from the updated NIST cybersecurity framework

Careers, Working in Cyber and Information Security

Human Intelligence is the Key to Combating the UK’s Cyber Skills Crisis | SC Media UK

Optimism About Cyber Workforce Advancements | AFCEA International

World Wide Work: Landing a Cyber Security Career Overseas

Law Enforcement Action and Take Downs

INTERPOL Arrests 5,500 in Global Cyber Crime Crackdown, Seizes Over $400 Million

Alleged Snowflake Hacker ‘Danger’ to the Public

Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek

German Police Shutter Country’s Largest Dark Web Market - Infosecurity Magazine

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

50 Servers Linked to Cyber Crime Marketplace and Phishing Sites Seized by Law Enforcement - SecurityWeek

US arrests Scattered Spider suspect linked to telecom hacks

UK Justice System Failing Cyber Crime Victims, Cyber Helpline Finds - Infosecurity Magazine

Misinformation, Disinformation and Propaganda

German intelligence launches task force to combat foreign election interference | The Record from Recorded Future News

Cyber Attacks Could Impact Romanian Presidential Race, Officials Claim - Infosecurity Magazine

German intelligence agency warns of 'foreign interference' in upcoming elections

Meta says it has taken down about 20 covert influence operations in 2024 | Meta | The Guardian

Romania to recount votes as TikTok slammed for election role | Stars and Stripes

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Cyberwarfare 2025: The rise of AI weapons, zero-days, and state-sponsored chaos

Cyber warfare rising across EU in bid to 'destablise' member states

NATO promises better strategy against cyber attacks and undersea cables – Euractiv

NCSC head warns of fundamental ‘contest for cyber space’ as annual report shows 44% hike in most serious incidents – PublicTechnology

UK Underestimates Threat Of Cyber-Attacks, NCSC | Silicon UK

German intelligence launches task force to combat foreign election interference | The Record from Recorded Future News

Nation State Actors

China

Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks

US government says Salt Typhoon is still in telecom networks | CyberScoop

FBI Tells Telecom Firms to Boost Security Following Wide-Ranging Chinese Hacking Campaign - SecurityWeek

Microsoft spots another China spy crew stealing US data • The Register

US org suffered four month intrusion by Chinese hackers

What is Salt Typhoon? Everything you need to know about 'the worst telecom hack in [US] history' | Mashable

FBI and CISA say to use encrypted messengers as Chinese hackers attack networks | Cybernews

Australia, Canada, New Zealand, and the US warn of PRC-linked cyber espionage targeting telecom networks

Government Guidance on Chinese Telco Hacking Highlights Threat to Cisco Devices - SecurityWeek

The FBI now says encryption is good for you – Computerworld

US shares tips to block hackers behind recent telecom breaches

White House says at least 8 US telecom firms, dozens of nations impacted by China hacking campaign - ABC News

T-Mobile CSO: Cyber spies' initial access method 'is novel' • The Register

US critical infrastructure, military at risk of Chinese LiDAR tech compromise | SC Media

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks | Trend Micro (US)

Finland: Outage reported after fiber optic cable damaged – DW – 12/03/2024

Romania to recount votes as TikTok slammed for election role | Stars and Stripes

SmokeLoader Malware Campaign Targets Companies in Taiwan - Infosecurity Magazine

Russia

The UK is 'widely' underestimating online threats from hostile states and criminals, cyber security chief warns | UK News | Sky News

Russia is exploiting UK’s dependence on technology to cause ‘maximum destruction’, warns GCHQ | The Independent

NATO promises better strategy against cyber attacks and undersea cables – Euractiv

NCSC head warns of fundamental ‘contest for cyber space’ as annual report shows 44% hike in most serious incidents – PublicTechnology

‘Russia can turn the lights off’: how the UK is preparing for cyberwar | Cyberwar | The Guardian

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

Germany’s cyber security and infrastructure under attack by Russia, chancellor says – POLITICO

Pro-Russian Hacktivist Group Claims 6600 Attacks Targeting Europe - Infosecurity Magazine

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

NCA Disrupts Multi-Billion Dollar Russian Money Laundering Network

Russian money laundering networks uncovered linking narco traffickers, ransomware gangs and Kremlin spies | The Record from Recorded Future News

She Was a Russian Socialite and Influencer. Cops Say She’s a Crypto Laundering Kingpin | WIRED

Finland: Outage reported after fiber optic cable damaged – DW – 12/03/2024

Russian programmer says FSB agents planted spyware on his Android phone | TechCrunch

Spy v Spy: Russian APT Turla Caught Stealing From Pakistani APT - SecurityWeek

Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested - SecurityWeek

Ransomware suspect Wazawaka reportedly arrested by Russia | The Record from Recorded Future News

Russia gives life sentence to Hydra dark web kingpin • The Register

Putin and ransomware blamed for Stoli US bankruptcy filing • The Register

'Horns&Hooves' Malware Campaign Hits Over 1,000 Victims

Romania's election systems targeted in over 85,000 cyber attacks

Agent for Russia and UK-based Bulgarian planned ‘honeytrap’ for journalist, court hears | UK news | The Guardian

Russian hacking software used to steal hundreds of MoD log-ins

Iran

Kash Patel, Trump's pick to lead FBI, hit with Iranian cyber attack, sources say - ABC News

North Korea

North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks

How North Korean hackers stole billions in crypto while posing as VCs, IT workers – Firstpost

North Korea deploying fake IT workers and hackers to target UK firms, cryptocurrency,... - LBC

How North Korean Hackers Pilfered $16 Million From A Crypto Exchange Via LinkedIn

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

Kimsuky Group Adopts New Phishing Tactics to Target Victims - Infosecurity Magazine

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Pro-Russian Hacktivist Group Claims 6600 Attacks Targeting Europe - Infosecurity Magazine

Polish Central Banker Testifies in Pegasus Spyware Case – BNN Bloomberg

How widespread is mercenary spyware? More than you think - Help Net Security

Study shows potentially higher prevalence of spyware infections than previously thought | CyberScoop

NSO Group's Pegasus Spyware Detected in New Mobile Devices

Business leaders among Pegasus spyware victims, says security firm | TechCrunch

A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections | WIRED

How a Russian man’s harrowing tale shows the physical dangers of spyware | CyberScoop

Tools and Controls

65% of office workers bypass cyber security to boost productivity - Help Net Security

Storm-1811 exploits RMM tools to drop Black Basta ransomware

5 reasons to double down on network security - Help Net Security

Misconfigured WAFs Heighten DoS, Breach Risks

CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media

Incident Response Playbooks: Are You Prepared?

Why your cyber insurance may not cover everything: Finding and fixing blind spots | SC Media

7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments

Why Robust API Security is a Must for Your Business - Security Boulevard

Many small businesses are falling well short when it comes to cyber security plans | TechRadar

Human Intelligence is the Key to Combating the UK’s Cyber Skills Crisis | SC Media UK

Six password takeaways from the updated NIST cybersecurity framework

Does Cyber Insurance Drive Up Ransom Demands?

Insider Threats vs. Privacy: A Dilemma for IT Professionals

New NIST Guidance Offers Update on Gauging Cyber Performance

Shorter Lifespan Reduces Digital Certificate Vulns

How to talk to your board about tech debt | CIO

Modernizing incident response in the era of cloud and AI - TechTalks

Reports Published in the Last Week

NCSC Annual Review 2024 - NCSC.GOV.UK

EU’s first ever report on the state of cyber security in the Union | ENISA

KnowBe4 Releases the Latest Phishing Trends

Half of UK businesses have experienced a cyber attack. How can you protect yourself? - ByteStart

Other News

Hackers Can Access Laptop Webcams Without Activating LED Indicator

Many small businesses are falling well short when it comes to cyber security plans | TechRadar

71% of US Adults Have Dangerous Online Security Habits This Year, CNET Survey Finds - CNET

Sadiq Khan admits some commuters may never be refunded after TfL cyber attack

Your Kids Are Probably Compromising Your Online Security | Next Avenue

As Device Dependency Grows, So Do The Risks

Nordics move to deepen cyber security cooperation | Computer Weekly

Re/insurers’ operations exposed to cyber threats, says S&P - Reinsurance News

The UK’s cyber security strategy is no longer fit for purpose

Christmas is Coming: Cyber Security Lessons from the Holidays - Security Boulevard

In the new space race, hackers are hitching a ride into orbit

SQL Injection Prevention: 6 Strategies - Security Boulevard

The Legal Landscape Of Privacy: Why Lawyers Must Keep Up With Change - Above the Law

Microsoft confirms the Windows 11 TPM security requirement isn't going anywhere

Why OT environments are vulnerable – and what to do about it | SC Media

Almost all top US retailers were hacked in 2024 | Chain Store Age

Data-rich universities are both targets and treasure troves | Times Higher Education (THE)

Vulnerability Management

Microsoft Warns 400 Million PC Owners—This Ends Your Windows Updates

70% of open-source components are poorly or no longer maintained - Help Net Security

Report shows the threat of supply chain vulnerabilities from third-party products | TechRadar

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Vulnerabilities

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) - Help Net Security

Cisco ASA flaw CVE-2014-2120 is being exploited in the wild

Android's December 2024 Security Update Patches 14 Vulnerabilities - SecurityWeek

Bootloader Vulnerability Impacts Over 100 Cisco Switches - SecurityWeek

Critical Vulnerability Found in Zabbix Network Monitoring Tool - SecurityWeek

CyberRatings report exposes critical flaws in cloud-native firewalls | SC Media

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

TP-Link Archer Zero-Day Vulnerability Let Attackers Inject Malicious Commands

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) - Help Net Security

CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks - SecurityWeek

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

Japan warns of IO-Data zero-day router flaws exploited in attacks

Rather than fixing its old routers, D-Link is telling customers to upgrade

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Threat Intelligence Blog

Black Arrow Cyber Threat Intelligence Briefing 14 March 2025

Summary

Top Cyber Stories of the Last Week

95% of Data Breaches Tied to Human Error in 2024

Hackers Using Advanced Social Engineering Techniques with Phishing Attacks

Confidence Gap in Cyber Security Leaves Businesses at Risk

Over Half of UK Organisations Experienced a Security Breach Resulting from Third-Party Access in the Past Year

Ransomware Gang Encrypted Network from a Webcam to Bypass Security Controls

Microsoft Reveals Over a Million PCs Hit by Malvertising Campaign

How Cyber Attacks Affect Your Staff

UK Government Officials: The UK Is Unprepared and Vulnerable to Russian Cyber Attacks.

Navigating AI-Powered Cyber Threats in 2025: 4 Expert Security Tips for Businesses

86% of Financial Firms are Still Not Fully Compliant With DORA

The CISO as Business Resilience Architect

Data Breach at Japanese Telecom Giant NTT Hits 18,000 Companies

Sources:

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering

Artificial Intelligence

Malware

Bots/Botnets

Mobile

Denial of Service/DoS/DDoS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

Tools and Controls

Other News

Vulnerability Management

Vulnerabilities

Sector Specific

Black Arrow Cyber Advisory 12 March 2025 – Security Updates from Microsoft, Fortinet, Apple, Adobe, Zoom and SAP

Black Arrow Cyber Threat Intelligence Briefing 07 March 2025

Executive Summary

Top Cyber Stories of the Last Week

Cyber Security's Future Is All About Governance, Not More Tools

'Cocktail of Cyber-Risk' Should Stir Concerns Among CISOs

Why Cyber Drills are as Vital as Fire Drills

Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%

Rising Cyber Threats in Europe’s Financial Sector: An ENISA Overview

Old Unpatched Vulnerabilities Among the Most Widely Exploited

Chinese State Back Threat Actor ‘Silk Typhoon’ Shifted to Specifically Targeting Outsourced IT Providers

Social Engineering and Stolen Credential Threats Continue to Dominate Cyber Attacks

Security CEOs Warn Your Voicemail Greeting is the Latest Target for Cyber Criminals

Would-be Extortionists Send “BianLian” Ransom Notes in the Mail

Cyber Threat Highest It’s Ever Been, Ex-Five Eyes Leader Warns

Trump Administration Retreats in Fight Against Russian Cyber Threats

Sources:

Governance, Risk and Compliance