Cyber Weekly Newsletter

The weekly Security, Tech and Cybercrime newsletter from Riskigy's vCISO Cybersecurity team

Cybersecurity awareness tips and alerts from Riskigy Cybersecurity & Tech Advisors to empower your team to #BeCyberSmart #CyberAware

This Weeks Need-to-Know News and Alerts

???Microsoft released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution (RCE). https://thehackernews.com/2024/03/microsofts-march-updates-fix-61.html

?? ChatGPT Spills Secrets in Novel PoC Attack. Research is latest in a growing body of work to highlight troubling weaknesses in widely used generative AI tools. https://www.darkreading.com/cyber-risk/researchers-develop-new-attack-for-extracting-secrets-from-ch...

?? Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. https://thehackernews.com/2024/03/fortinet-warns-of-severe-sqli.html

?? A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. https://www.bleepingcomputer.com/news/security/hackers-exploit-windows-smartscreen-flaw-to-drop-dark...

?? Typosquatting Wave Shows No Signs of Abating. A spate of recent typosquatting attacks shows the scourge of this type of attack is still very much with us, even after decades of cyber defender experience with it. https://www.darkreading.com/threat-intelligence/typosquatting-wave-shows-no-signs-of-abating

?? QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. https://www.bleepingcomputer.com/news/security/qnap-warns-of-critical-auth-bypass-flaw-in-its-nas-de...

?? SIM swappers hijacking phone numbers in eSIM attacks. A user can typically add an eSIM to a device that supports the functionality by scanning a QR code from the service provider. https://www.bleepingcomputer.com/news/security/sim-swappers-hijacking-phone-numbers-in-esim-attacks/

?? Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. https://www.bleepingcomputer.com/news/google/google-chrome-gets-real-time-phishing-protection-later-...

?? GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. https://www.bleepingcomputer.com/news/security/over-12-million-auth-secrets-and-keys-leaked-on-githu...

?? A security bug in the widely used Kubernetes container-management system allows attackers to remotely execute code with System privileges on Windows endpoints. https://www.darkreading.com/cloud-security/patch-now-kubernetes-flaw-allows-for-full-takeover-of-win...

From Our Blog

? Manage Cybersecurity with a Limited Budget

With all the cybersecurity regulations, cyberattacks and vulnerabilities, it can be mindboggling that organizations still have restricted cybersecurity budgets to invest in security resources. Organizations face pressure from multiple directions when it comes to cybersecurity investments. In our experience organizations often have limited cybersecurity budgets due to various factors that influence resource allocation and decision-making processes. Read more now at https://riskigy.com/blog/f/manage-cybersecurity-with-a-limited-budget

? 5 Important Things to Know About NIST CSF 2.0

The National Institute of Standards and Technology (NIST) released an updated version of its Cybersecurity Framework on February 26, 2024, aimed at helping organizations strengthen their cybersecurity defenses in today's evolving threat landscape. Adopting the updated NIST Cybersecurity Framework offers numerous benefits for organizations. Read more now at https://riskigy.com/blog/f/5-important-things-to-know-about-nist-csf-20

? Fake Government Compliance Notices Targeting Businesses

Fake government compliance notices are becoming a sophisticated tool in the arsenal of scammers, targeting businesses with the threat of non-compliance penalties unless immediate action is taken. The ingenuity of these notices often lies in their ability to instill fear and urgency, pushing businesses to act hastily without verifying the authenticity of the request. Read more now at https://riskigy.com/blog/f/fake-government-compliance-notices-targeting-businesses

??5 Ways to Prepare for Synthetic Media Threats

Synthetic media refers to the artificial production, manipulation, and modification of data and media by automated means, particularly through the use of artificial intelligence algorithms. These technologies, while having legitimate uses, can also be abused to produce misleading or harmful content. Read more now at?https://riskigy.com/blog/f/5-ways-to-prepare-for-synthetic-media-threats

Recent?Data Breach News

???Acer confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum. https://www.bleepingcomputer.com/news/security/acer-confirms-philippines-employee-data-leaked-on-hac...

?? Ivanti Breach Prompts CISA to Take Systems Offline. CISA has not confirmed which two systems it took offline or what kind of data was accessed. https://www.darkreading.com/cyberattacks-data-breaches/ivanti-breach-cisa-systems-offline

?? Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. https://www.bleepingcomputer.com/news/security/okta-says-data-leaked-on-hacking-forum-not-from-its-s...

?? Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. https://www.bleepingcomputer.com/news/security/over-15-000-hacked-roku-accounts-sold-for-50-each-to-...

?? Stanford University says the personal information of 27,000 individuals was stolen in a ransomware attack impacting its Department of Public Safety (SUDPS) network. https://www.bleepingcomputer.com/news/security/stanford-data-of-27-000-people-stolen-in-september-ra...

?? New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack. https://www.bleepingcomputer.com/news/security/equilend-warns-employees-their-data-was-stolen-by-ran...

Cybersecurity Resources

Looking for Cybersecurity Policy templates??

See our latest Policy - ChatGPT Generative AI Use Policy Template: Generative Ai and large language model (LLM) platforms already have millions of users. While most people were initially using the publicly available version of ChatGPT (and others) for personal tasks, many have started to use it for work-related projects without understanding the associated risks and what policies companies should consider implementing to reduce those risks.

Click here to see the full library

The Riskigy Cyber Weekly Newsletter first launched in 2019 and as we approach the 5 year anniversary of the Cyber Weekly Newsletter we are moving the newsletter exclusively to our LinkedIn company homepage.

The move has several benefits including

• Never miss another need-to-know alert from Riskigy.
• LinkedIn in-app notifications when the newsletter is published.
• Instantly share feedback and further knowledge sharing on the post.
• Easily share need-to-know news and alerts with your own LinkedIn network.
• and much more.

Follow the link below to subscribe or use the button

Subscribe on LinkedIn

? 2024 Riskigy Cyber & Tech Adviso