In today’s 5+All digest for Thursday, Dec 7, 2023, find:
- 2023 Cyberthreat Defense Report
- CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps
- Top 10 Malware Q3 2023
- Cambridge Hospitals Admit Two Excel-Based Data Breaches
- Top Characteristics of a QR Code Phishing Email
Browse these and all resources added in the last day in my personal security resource database, the SSD, for free at Go.StrykerNoStriking.com/Complete-DB
.
#1: 2023 Cyberthreat Defense Report
- The CyberEdge Cyberthreat Defense Report provides insights into IT security professionals’ perspectives, including decreases in cyberattacks, overall threat concern, and the prevalence of double extortion ransomware, as well as the involvement of IT security leaders with the board of directors and the popularity of zero trust frameworks.
#2: CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps
- CISA collaborates with NSA and FBI to publish “The Case for Memory Safe Roadmaps” resource, promoting memory safe coding to prevent software vulnerabilities.
#3: Top 10 Malware Q3 2023
- Significant shifts in the top 10 malware in Q3 2023 include SocGholish, RogueRaticate, and Fake Browser taking the top spots, utilizing fake browser updates for initial access and often installing the NetSupport Remote Access Tool; top initial infection vectors changed to Malvertisement, with Malspam and Dropped being the most popular combination for multiple initial infection vectors; the top 10 malware are SocGholish, NanoCore, RogueRaticate, Agent Tesla, Fake Browser, ViperSoftX, CoinMiner, Arechclient2, Gh0st, and Ratenjay.
#4: Cambridge Hospitals Admit Two Excel-Based Data Breaches
- Cambridge NHS trust had two data breaches involving accidental disclosure of patient data in response to FOI requests, affecting 22,073 maternity patients and 373 cancer patients; the Information Commissioner’s Office recommends ending the use of Excel spreadsheets for publishing FOI data.
#5: Top Characteristics of a QR Code Phishing Email
- QR codes in phishing emails are becoming more prevalent and pose a significant threat, changing the attack vector and making victims more vulnerable on personal phones; QR code campaigns use various email themes and deliver codes through attached files or images, featuring URLs with different characteristics, and are primarily delivered via embedded images, but threat actors are also using a little-known Google API to generate QR codes as external images that automated systems often ignore, making them effective for bypassing security; attached files with embedded QR codes, particularly in PDF format, are common, and QR code emails typically have MFA themes and contain personally identifiable information, with the most commonly abused legitimate domains for QR code redirection being Bing and Google.
Access all SSD records at go.StrykerNoStriking.com/Complete-DB
To search and use any resource record from today’s 5+All Daily Digest — or any resource ever uploaded to the SSD, including any downloadable PDFs, files, or additional links to related sources! — click this link
.
Airtable requires that I request an email address for access controls before I can grant full read-only access to the SSD. Once I approve your requst, you can browse any of the available pre-sorted dashboards for your own projects, including:
- Every resource record ever added to the SSD in a single, searchable (but very long!) list;
- All 5+All Daily Digest records added in the last day; and
- All records sorted into their format type, such as “Research & Stats,” “News Articles & Blogs,” “Documentation & References,” “Online Conversations,” etc.
Please share this digest and database with anyone you think would find these resources helpful. And, let me know what you think?
- I am actively seeking a new position in cyber intelligence and / or cyber risk analysis! Please feel free to review my resume
and my complete project portfolio
— including research reports, guides, webinars, podcasts, and personal certifications — for an idea of what I could do for your cybersecurity program.
- This database project — including all its supporting automations and content subscriptions — is entirely self-funded. It’ll remain free to anyone who would like to use it! However, you can help support the project on Ko-Fi
or simply by sharing it with others. :)
Thank you to all contributors to the SSD, including:
Originally published on Medium
.
