Cyber Weekly Digest #3
Cyber Vigilance
Security for an intelligent future... Protecting organisations through technical excellence and disruptive technology.
?? Welcome to the 3rd edition Cyber Weekly Digest?of 2025
Move over Blue Monday - Our new podcast episode is here... and it's Purple! ??
In our latest episode Katie Maxted is joined by Brett Taylor from SentinelOne talking all things Defensive AI in cyber.
"AI" is without a doubt the biggest buzzword in the world at the moment, but how can we get real value from AI in the cyber defence world?
Listen to our new episode to find out! https://lnkd.in/e-Dp6SK9
??? NEW TEAM MEMBER ALERT! ??
We are incredibly excited to welcome Josh Duce to the Cyber Vigilance team!
Josh is joining us as Head of Sales to continue to support our customers solve their cyber security challenges.
We are beyond proud to be growing the Cyber Vigilance team with industry experts who align with our vision... can't wait to see what 2025 has in store!
New?and noteworthy?from our Technology Community this week:
?
?? Don't miss Vicarius Villain of the Week ?
A high-severity vulnerability, CVE-2025-21298, has been identified in Windows Object Linking and Embedding (OLE), a key Windows component. This flaw allows attackers to execute arbitrary code remotely by sending specially crafted emails or documents, potentially leading to full system compromise.
?? Why it matters:
Exploiting this vulnerability could result in:
?? Unauthorised access to sensitive data.
?? Complete system compromise.
?? Deployment of malicious code or malware.
?? Recommended actions:
?? Update Windows: Apply the latest security updates released by Microsoft in January 2025 to patch this vulnerability.
???Read Emails in Plain Text: Configure email clients, such as Microsoft Outlook, to display emails in plain text to avoid triggering malicious OLE objects.
???Avoid Untrusted RTF Files: Be cautious with emails containing RTF attachments or content from unknown senders.
Use these scripts from the Vicarius research team:
?? Remediation: https://www.vicarius.io/vsociety/posts/cve-2025-21298-windows-ole-remote-code-execution-vulnerability-in-microsoft-products-mitigation-script
?
??
?? Your scariest threats are the ones you don’t see!
Discover your blind spots with Bugcrowd 2-week free trial of EASM before it’s too late: https://ww1.bugcrowd.com/the-greatest-cybersecurity-offer/
Another not to miss is Bugcrowd 's Bugboss Fighter Challenge a one-of-a-kind? competition that pits a collective force of 50 skilled hackers from the crowd against two of the industry’s most accomplished hackers in an intense two-week challenge: https://www.bugcrowd.com/blog/bugcrowds-bugboss-fighter-challenge/
?? Modern healthcare is made up of connected devices, acquisitions and mergers, and digital transformation - which means healthcare’s attack surface is growing.
Attack Surface Management can help you better safeguard patient data, sensitive records, and critical healthcare infrastructure with visibility into all internet-exposed assets.
Get started with this ebook from Censys : https://censys.com/attack-surface-management-101-your-guide-to-total-visibility-in-healthcare
?? Insider threats are a growing challenge in the modern workplace. How is your organisation tackling them?
As remote work and cloud adoption expands, the risk of insider threats, whether through human error, negligence, or malicious intent escalates.
These threats aren’t just hypothetical; they’re real, complex, and can bypass even the most sophisticated security measures if left unaddressed.
CultureAI 's latest article delves into the strategies every organisation needs to mitigate this growing risk: https://www.culture.ai/resources/blog/the-growing-risk-of-insider-threats-in-cyber-security
领英推荐
?? When you hear "governance," do you picture shadowy figures and high-stakes espionage?
Surprisingly, though, mastering governance in Microsoft 365 is more than an action movie plot, it's a necessity.
With over 2,000 individual configurations awaiting manual customisation for each M365 tenant, managing this complexity by hand isn't feasible. In CoreView 's latest blog post, "MVPs Explain All You Need to Know About Microsoft 365 Governance," brings together insights from CoreView’s Microsoft MVPs and experts to help you navigate this crucial aspect of your digital workspace.
Here's what you'll uncover:
?? A practical framework, best practices, and a starter kit for M365 governance.
??? A comprehensive governance planning roadmap spanning the entire M365 lifecycle.
?? A checklist to ensure effective collaboration governance across your organization.
?? Self-service governance guidelines tailored for Microsoft 365 environments.
?? Strategies to scale and automate your M365 governance plan seamlessly.
Are you ready to streamline and strengthen your Microsoft 365 governance strategy? https://www.coreview.com/blog/4-things-to-know-about-m365-governance
?
?? Are you ready for #DORA?
The new Digital Operational Resilience Act (DORA) is reshaping the financial sector in Europe, ensuring organisations stay strong in the face of severe operational disruptions. Is your team prepared?
Join Veracode for an exclusive webinar on 29th January at 11 AM GMT to unpack what DORA means for your business and how you can stay ahead: https://www.veracode.com/the-digital-operational-resilience-act-explained
Last?but not least... ?
Join Michael Adjei (UK) as he explores how innovation in #ZeroTrustSegmentation can deliver real value for your organisation. This session will show you how to leverage cutting-edge strategies to reduce #risk and enhance #security in today's digital landscape.
Don’t miss out - sign up today to attend: https://illumio.swoogo.com/illumioworldtour_london
?
Now, let's take a look at our top Cyber Security News picks of the week
?
Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick?employees into allowing remote control and install malware that provides access to the company network. The threat actors are sending thousands of spam messages over a short period and then call the target from an adversary-controlled Office 365 instance pretending to provide IT support. This tactic has been observed since late last year in attacks attributed to Black Basta ransomware?but researchers at cybersecurity company Sophos have seen the same method being used by other threat actors that may be connected to the?FIN7 group.?
An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. "These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News. "Instead these were very well-known issues that we wouldn't expect to see even on a consumer-grade laptop. These issues could allow attackers to evade even the most basic integrity protections, such as Secure Boot, and modify device firmware if exploited."
?
Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware. On the fake pages, the threat actor is abusing the Reddit brand by showing a?fake discussion thread on a specific topic.?The thread creator asks for help to download a specific tool, another user offers to help by uploading it to WeTransfer and sharing the link, and a third thanks him to make everything appear legitimate.
?
A malicious campaign has been specifically targeting Juniper edge devices, many acting as VPN gateways, with malware dubbed J-magic that starts a reverse shell only if it detects a “magic packet” in the network traffic. The J-magic attacks appear to target organizations in the semiconductor, energy, manufacturing (marine, solar panels, heavy machinery), and IT sectors. The J-magic malware is a custom variant of the publicly available cd00r backdoor - a proof-of-concept that stays silent and passively monitors network traffic for a specific packet before opening a communication channel with the attacker.
?
Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December. Nearly 100 domains hosting Sneaky 2FA phishing pages have been identified as of this month, suggesting moderate adoption by threat actors. "This kit is being sold as phishing-as-a-service (PhaaS) by the cybercrime service 'Sneaky Log,' which operates through a fully-featured bot on Telegram," the company said in an analysis. "Customers reportedly receive access to a licensed obfuscated version of the source code and deploy it independently."
?
That's it for this weeks tasty morsels...
?
Much ?? Stay Safe
The CV Team
?
Security for an intelligent future...