Cyber Weekly Digest #50
Cyber Vigilance
Security for an intelligent future... Protecting organisations through technical excellence and disruptive technology.
?? Welcome to the big FIVE ZERO edition Cyber Weekly Digest?of 2024
The Christmas cheer kicked off early this week at the e92plus Christmas CyberSocial.
A huge THANK YOU to Egress, a KnowBe4 company for the lovely hamper. It wasn't just any hamper, it was an M&S super special Christmas hamper and we loved it!!
Agents Maxted & Butler visited BlackHat this week, tracking down our friends at Bugcrowd , Censys , Axonius , Egress, a KnowBe4 company and Secure Code Warrior . Great event, great people, great conversation, terrible journey home!
Via LinkedIn we shared how you can get invaluable visibility of all your cyber assets, discover all your gaps to identify risk and how you can automatically validate and enforce policies to secure your business. "It's the first thing I implement when joining a new company" isn't something you usually hear 3 times in 1 week!
?? No Dad Joke of the Week this week...Booooo!
Instead we have a little Christmas Quiz... Yay!
1. How many gifts were given in total in 'The Twelve Days of Christmas' song?
2. What is the name of the Grinch's dog?
3. Who was crowned King of England on Christmas Day 1066?
4. Which ocean is Christmas Island in?
5. Which of these festive classics is the only one to have been a Christmas number 1?
a. The Pogues & Kirsty MacColl - Fairytale Of New York
b. All I Want For Christmas is You - Mariah Carey
c. Merry Christmas Everyone - Shakin’ Stevens
d. I Wish it Could Be Christmas Everyday - Wizzard
6. In which country is it tradition to eat KFC for Christmas dinner?
7. Which country started the tradition of putting up a Christmas tree?
8. Which city has been donating Trafalgar Square’s Christmas tree to London every year since 1947?
?
?? Send your answers via LinkedIn comment! NO CHEATING! I'lll give you a like if you get them all right
Right then, tastier than any Christmas Pud, here is our...
?
New?and noteworthy?from our Technology Community this week:
?
?? “We no longer have to choose between dedicating all our time to the client onboarding process and scaling our business. Without CoreView, I can’t imagine how we would handle growth while providing our clients with the premium experience they signed up for.”
Discover how CoreView transforms IT operations and boosts productivity, directly from their customers' experiences.
? Trusted by over 30,000 IT and security leaders globally.
? Proven to enhance Microsoft 365 management with improved IT administration, governance, and security.
?
?? Did you know? ZeroFox 's Dark Ops team scours the #DarkWeb, extending visibility and engagement into places traditional security teams can’t reach. In the Underground Economist, they share meaningful #Intelligence on the trends and tactics threat actors are leveraging across the dark web and criminal underground.
The latest intel? We're glad you asked...
?? Extortion “Negotiator” Seeks Employment in Dark Web Forum
?? Allegedly-Functional Stripe Accounts Announced for Sale
?? New Drainer-as-a-Service Announced in Dark Web Forum
?? Dark Web Actor Announces Malicious Chrome Extension for Sale ?
领英推荐
?? Have you ever wondered how Immersive creates its renowned Cyber Threat Intelligence (CTI) labs at the speed of cyber? Join CTI experts Ben McCarthy and Ben Hopkins to learn lab design best practices and what's to come in 2025 to help you be ready for threats.
It's the latest in their Cyber Countdown series and you can register here
?
?? How is your team using technology to stay one step ahead of cybersecurity risks? In today’s fast-moving threat landscape, the right cybersecurity metrics can be the difference between staying ahead of attacks or playing catch-up. As 2025 approaches, it’s time to use data not just to track security, but to drive alignment and secure leadership buy-in for your strategy.
Join the Axonius webinar on Dec 19th where they'll show you how the Axonius platform empowers your team to confidently answer the critical security questions that will shape your organisation’s future.
?
?? Organisations can proactively secure their third-party vendors and suppliers.
Want to learn the critical steps needed to shield your supply chain from hidden cyber risks?
Then check out Panorays new guide 6 Steps to Shield Your Supply Chain from Hidden Cyber Risks
?
Last?but not least... ?
?? Egress, a KnowBe4 company last CISO guide of 2024 is here and what a topic they have in store for you Social Engineering in the Age of AI is a must-read for any IT security professional concerned about the impacts AI will have on phishing attacks targeting employee inboxes and how cybercriminals have used it to take the sophistication of social engineering one step further.
Now, let's take a look at our top Cyber Security News picks of the week
?
?
Cyber attackers never stop inventing new ways to compromise their targets. That's why organisations must stay updated on the latest threats. Here's a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you.
?
?
Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the account holder with any indication of trouble," Oasis Security researchers Elad Luz and Tal Hason said in a report shared with The Hacker News.
?
?
The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan has been accused of developing and testing a zero-day security vulnerability used to conduct the attacks against Sophos firewalls.
?
?
A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. "This can lead to stealthy command execution, which can harvest sensitive data, redirect browsers to phishing websites, and more."?
?
?
A new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems. The malware is a multi-component set that includes a dropper, memory-resident executables, a kernel module rootkit, and a shared object (SO) userland rootkit. Elastic Security discovered Pumakit in a suspicious binary ('cron') upload on VirusTotal, dated September 4, 2024, and reported having no visibility into who uses it and what it targets.
?
That's it for this weeks tasty morsels...
?
Have a great weekend all,
?
Much ?? Stay Safe
The CV Team
?
Security for an intelligent future...
Founder & CEO at Cyber Vigilance
2 个月Loving the Home Alone quote!
It almost time...