Infosec K2K Cyber News Of The Week - Thursday 28th March
Infosec K2K
Our cybersecurity experts protect your business and keep it secure in today’s ever-changing digital landscape.
Welcome to Infosec K2K’s Weekly News Update! As technology continues to advance, so do the risks associated with it. Every week, we gather the latest news and insights on cyber threats, data breaches, and other essential topics in the world of cyber security.
In The News This Week
谷歌 has reported a 50% annual increase in #ZeroDayVulnerabilities from 2022 to 2023. The firm detected 97 vulnerabilities, close to 2021’s record of 106. While end-user platforms like 苹果 , Google, and 微软 have reduced the number of exploitable zero days, enterprise-focused technologies saw a 64% rise. Attackers are increasingly exploiting third-party components, and commercial #Spyware companies were responsible for 75% of the zero days targeting Google products in 2023.?
Find out more on Infosecurity Magazine :
Police in Romania and Spain have dismantled a #CyberFraud gang responsible for defrauding victims of millions through fake advertisements for holiday rentals, second-hand cars and electronic devices and #BusinessEmailCompromise (BEC) scams. In operations across Europe, authorities seized cash, gold, electronic devices, and over 300 SIM cards. As well as creating fake ads, the gang used BEC to intercept emails and divert funds. #BEC was the second-highest grossing #CyberCrime in 2023, earning criminals over $2.9 billion.
Find out more on Infosecurity Magazine :?
Rent Go , a car rental company based in Turkey, inadvertently exposed over 160,000 customer passport and driver's licence images, which had been left in an open Azure Blob Storage. Cybernews researchers discovered the breach, which contained 322,000 records of ID details, and affects users since August 2019. Despite notifying Rent Go in November 2023, the company didn't secure the exposed data, which includes information belonging to both Turkish and EU citizens.
Find out more on Cybernews : https://cybernews.com/security/rentgo-leaks-passports-drivers-licences/?
The European Union Agency for Cybersecurity (ENISA) has identified the top 10 emerging #CyberThreats for 2030, including supply chain compromises, skill shortages, and exploitation of outdated systems. Supply chain vulnerabilities remain a primary concern due to third-party integrations. New entries on the list? include exploiting unpatched systems and environmental impacts on digital infrastructure. ENISA has emphasised continuous monitoring and preparedness against these evolving cyber threats to bolster cybersecurity frameworks.
Find out more on European Union Agency for Cybersecurity (ENISA) :
The Stats This Week
领英推荐
3TB
A ransomware gang known as #IncRansom claims to have stolen three terabytes of data from NHS Scotland, and is threatening to release it. NHS Scotland is working with authorities, including Police Scotland and the National Cyber Security Centre, to address the situation. Despite the breach, patient services are operating normally. The ransomware group's demands, and the nature of the leaked data, remain unclear. NHS Dumfries and Galloway is currently reaching out to all affected patients.
Find out more on DIGIT.FYI :
3%
According to 思科 ’s 2024 Cybersecurity Readiness Index, only 3% of businesses are resilient against modern cyber threats - a decline from 15% the previous year. The majority (71%) are in 'formative' or 'beginner' stages of cybersecurity readiness. Despite increased cybersecurity budgets in 91% of organisations, over half (54%) of them had experienced a cyber incident last year, with the most common attacks being malware, phishing, and credential stuffing.
Find out more on Infosecurity Magazine : https://www.infosecurity-magazine.com/news/resilient-modern-cyber-threats/?
17,000
The German Federal Office for Information Security (BSI) reported that at least 17,000 Microsoft Exchange servers in Germany are exposed online and vulnerable to critical security flaws. Out of 45,000 servers with Outlook Web Access, 12% use outdated versions. 28% of newer servers haven't been patched for at least four months, making them susceptible to attacks. Threat monitoring by Shadowserver corroborated these findings, highlighting a potential risk for up to 97,000 servers (including over 22,000 from Germany).
Find out more on BleepingComputer : https://www.bleepingcomputer.com/news/security/germany-warns-of-17k-vulnerable-microsoft-exchange-servers-exposed-online/?
Thoughts from Infosec K2K
Recent findings from 思科 's 2024 Cybersecurity Readiness Index serve as a wake-up call for organisations around the world. Shockingly, only 3% of businesses are classed as 'mature' in their cybersecurity preparedness, a decrease from 15% just a year ago. The rise of phishing, ransomware, and social engineering attacks on supply chains has meant it's imperative for businesses to strengthen their cyber defences. Identity and Access Management (IAM) solutions can be pivotal in enhancing an organisation's cybersecurity posture. With the help of IAM tools, businesses can significantly reduce the risk of unauthorised access, data breaches, and insider threats.
The persistent cyber talent gap further compounds the challenges organisations face in defending against cyber threats. With 87% of companies identifying the lack of skilled cyber security professionals as a significant issue, businesses are stretched thin in managing their security infrastructure. IAM solutions can reduce some of this strain by automating and streamlining identity management processes, reducing the workload on cybersecurity teams, and enabling more efficient detection and response to potential security incidents.
As business increasingly rely on cloud-based platforms and services, securing access to data across multiple applications, devices, and services becomes paramount. IAM solutions also offer more centralised control and visibility over user access rights and permissions, ensuring data stored in the cloud is protected. As cyber threats continue to evolve in complexity and scale, IAM is an indispensable tool for any business looking to strengthen their cyber defences.
Read more on Cisco’s website: https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m03/cybersecurity-readiness-index-2024.html?
—
Got questions about this week’s news? We’re here to help! Learn how best to bolster your cyber security defences by getting in touch with our expert team at Infosec K2K.?
Stay updated on all things #CyberSecurityNews when you subscribe to our weekly newsletter by clicking 'Subscribe' at the top of this page!