Infosec K2K Cyber News Of The Week - Friday 4th October

Welcome to Infosec K2K’s Weekly News Update! As technology continues to advance, so do the risks associated with it. Every week, we gather the latest news and insights on cyber threats, data breaches, and other essential topics in the world of cyber security.

In The News This Week

A new report from Ivanti has highlighted the risks of employees ignoring security protocols because of frustration with tech tools, with 32% admitting to using personal devices for work without their employers' knowledge. Only 13% of security professionals prioritise user experience (UX) in cyber security, despite the fact that this could prevent people using risky workarounds. The report also found that 81% of workers are untrained in the use of generative AI, with 15% using unauthorised AI tools.?

Find out more on DIGIT.FYI : https://www.digit.fyi/digital-employee-experience-ivanti/ ?

Last week, a malicious actor hacked the Wi-Fi at 19 railway stations across the UK to display terror-related messages to users. The Wi-Fi services, which were managed by Telent Technology Services Ltd through provider Global Reach, were compromised via an unauthorised change made by a Global Reach admin account. Telent has confirmed that no personal data was affected. Security experts suggest the attack may have been a security probe rather than a direct threat, and that by attacking a third-party provider, they were targeting the weakest link.

Find out more on ITPro : https://www.itpro.com/security/network-rail-confirms-cyber-attack-on-wi-fi-systems-at-uk-train-stations ?

Hackers are using website sign-up services to send out spam emails, making it harder for spam filters to block them, according to research by Cisco Talos . Instead of taking over the websites, attackers overload the name field with spam content and links, which then gets sent out unfiltered in post-registration emails. Since the emails are legitimate, they bypass traditional spam detection systems. There is little to be done to prevent this, as the spam blends in with regular website-generated messages.?

Find out more on TechRadar Pro :

https://www.techradar.com/pro/security/normal-websites-are-being-hijacked-to-overload-victims-with-spam ??

The tech firm DrayTek Corp. . has released security updates to address 14 vulnerabilities that could affect 785,000 exposed routers. Forescout Research discovered the flaws, which affect both active and end-of-life router models. The vulnerabilities include buffer overflow, command injection, and cross-site scripting issues, and five of the critical flaws require immediate attention. Although there have been no reports of these flaws being exploited, DrayTek has urged viewers to apply the latest firmware updates to prevent potential attacks.

Find out more on BleepingComputer : https://www.bleepingcomputer.com/news/security/draytek-fixed-critical-flaws-in-over-700-000-exposed-routers/ ?

The Stats This Week

$100 million

Last Friday, Meta was fined $100 million (around €91 million) by Data Protection Commission Ireland for exposing the plaintext passwords of 600 million Facebook users to internal employees, violating GDPR regulations. The issue was first reported in 2019, after Meta stored user passwords without encrypting them. Although there was no evidence of external access or misuse of the data, the DPC highlighted Meta's failure to implement proper security measures and notify the authorities.

Find out more on Cybernews :

https://cybernews.com/security/meta-100m-fine-dpc-ireland-plaintext-passwords-facebook-leak/ ?

80%

The manufacturing sector is highly vulnerable to cyber attacks, according to a Black Kite report, with 80% of companies having critical vulnerabilities. The study, which highlighted 5,000 global firms, found that 67% have at least one known exploited vulnerability, and 30% have critical flaws in web applications. Manufacturing was the top target for ransomware attacks, with industrial machinery manufacturing hit the hardest. Rapid digital transformation after the COVID-19 pandemic has left cyber defences struggling to keep pace with businesses’ expanding digital footprints, increasing the chances of ransomware attacks.

Find out more on Infosecurity Magazine : https://www.infosecurity-magazine.com/news/manufacturing-critical/ ?

17%?

According to Socura , the share of women in cyber security roles in the UK has dropped to 17% (down from 24% in 2021), despite cyber security being the fastest-growing IT sector, and a 128% rise in professionals since 2021. While the number of cyber professionals has doubled, they are a fraction of the overall IT workforce, and the gender gap continues to be a challenge in? the wider tech industry. Experts have called for more initiatives, such as the National Cyber Security Centre’s Cyber First Girls competition, to attract women and young talent to address the growing shortfall of cyber professionals.

Find out more on Infosecurity Magazine : https://www.infosecurity-magazine.com/news/share-women-uk-cyber-roles-17/ ?

Thoughts from Infosec K2K

A new report from Black Kite has revealed urgent cyber security challenges facing the manufacturing sector, with 80% of manufacturing firms facing critical vulnerabilities. These vulnerabilities can make companies attractive targets for criminals, and with 67% of businesses having at least one known exploited vulnerability, addressing these risks is crucial. Poor patch management practices can expose firms to even more potential attacks, particularly through web applications, which are common entry points for hackers.

The manufacturing sector's digital transformation in recent years has expanded its digital footprint, making it even more attractive to ransomware gangs. According to the report, the sector accounted for 21% of ransomware attacks between April 2023 and March 2024, making it the most targeted industry. Ransomware actors are particularly drawn to industrial machinery manufacturing, motor vehicle parts, and pharmaceutical sectors due to the potential to cause operational disruptions and significant financial damage.

To reduce the rising risk of cyber attacks, manufacturing firms need to adopt a more proactive approach to their cyber security. At Infosec K2K, we help businesses strengthen their defences by assessing their security solutions, as well as offering 24/7 protection. With 69% of firms experiencing credential leaks,? immediate action is needed to avoid becoming the next ransomware victim. We work closely with our clients to fortify their defences and protect their data.

Read more on Black Kite :

https://blackkite.com/vendor/manufacturing-cyber-risk-report-2024/ ?

—

Got questions about this week’s news? We’re here to help! Learn how best to bolster your cyber security defences by getting in touch with our expert team at Infosec K2K.?

Stay updated on all things #CyberSecurityNews when you subscribe to our weekly newsletter by clicking 'Subscribe' at the top of this page!