The October Edition

Welcome to the fourth edition of Cyber Shorts, the latest instalment in our CYFOR Secure newsletter series! As your go-to resource for all things cybersecurity, we're excited to share our October recap with you.

The Milestones Series ??♀?

In October, the CYFOR team celebrated raising significant funds for two charities: the Internet Watch Foundation and Breast Cancer UK. Alongside these efforts, the team supported clients by enhancing website security and addressing ransomware threats. Their exceptional expertise was also showcased in this month’s Cyber Security Webinar, which covered 2024’s trending topics. Thanks to everyone involved, and here’s to continued success in November!

Read the full rundown from our C.O.O here.

Threat Watch ??

Breach Breakdown

Welcome back to 'Breach Breakdown', the series that covers everything related to data breaches, cyber-attacks, and more. It was throughout October that we observed attacks spanning the globe, impacting:

?? OpenAI and ICS Attacks: Iranian hackers exploited ChatGPT to plan attacks on industrial control systems, highlighting the risks of AI tools in cyber warfare. Enhanced cybersecurity measures are essential as AI integrates further into industries. Read more: OpenAI Says Iranian Hackers Used ChatGPT to Plan ICS Attacks - SecurityWeek

???♀? Fidelity Data Breach: Over 77,000 Fidelity customers had personal information compromised between August 17-19, 2024. Though no accounts were accessed, concerns about identity theft have arisen, marking this as the second breach for Fidelity this year. Read more: Fidelity Notifies 77K Customers of Data Breach (darkreading.com)

???? Comcast Data Breach: A breach at Financial Business and Consumer Solutions (FBCS) exposed the personal data of 237,000 Comcast customers. Comcast is offering 12 months of free identity theft protection and advises monitoring accounts for suspicious activity. Read more: Comcast Data Breach: 237,000+ Customers' Personal Data Exposed (cybersecuritynews.com)

?? Fortinet FortiOS RCE Attacks: A recent vulnerability in FortiOS SSL-VPN led to remote code execution attacks on 87,000 devices. Users should update and secure their systems immediately. Read more: 87,000+ FortiOS Devices Vulnerable to Remote Code Execution Attacks (cybersecuritynews.com)

?? Mamba 2FA Cybercrime Kit: The Mamba 2FA phishing-as-a-service kit is targeting Microsoft 365 users by bypassing two-factor authentication (2FA) and stealing credentials via Telegram. Read more: Mamba 2FA Cybercrime Kit Strikes Microsoft Users (darkreading.com)

Episode Seven of Breach Breakdown can be found here.

Cyber Corner ???

Enhancing POS Systems with strong Cybersecurity

Modernising point-of-sale (POS) systems is crucial for enhancing customer experiences, but it also increases cyber security risks, especially with the growth of e-commerce. Businesses storing payment details are prime targets for cybercriminals, making strong PCI compliance and security frameworks essential.

CYFOR Secure offers a range of services to address these challenges, including Risk Management to identify vulnerabilities, Advisory Services for secure technology adoption, and Penetration Testing to safeguard systems. Our experts can help businesses adopt new technologies without compromising data security. Contact us today to learn how we can protect your business.

The Cyber Security ReCap Series

October was a very busy month for the team!

Charity Fundraising

The team proudly completed the Pinsent Masons ‘Move for a Safer Internet’ challenge, dedicating an impressive 231 minutes and raising ￡1,000 for the Internet Watch Foundation (IWF). They joined other participants at the awards ceremony in Crown Place, London, where the collective fundraising total of ￡22,000 was celebrated—a remarkable achievement we are thrilled to have been a part of!

Additionally, on October 20th, the team raised ￡290 for Breast Cancer UK by braving harsh winds and rain to trek up Kinder Scout. It was a fantastic effort for an incredibly important cause. If you’d like to support this initiative, donations remain open until October 30th.

Donate here: CYFOR Group is fundraising for Breast Cancer UK (justgiving.com)

Educational Opportunities:

As part of Cyber Security Awareness Month, the team held an insightful and interesting webinar on the 25th October, with an in-depth PDF and examination of:

-??????????? Exploitation of third-party relationships

-??????????? Use of generative #AI in social engineering and information warfare

-??????????? ?Initial Access Brokers

-??????????? Increase in Big Game Hunting (BGH) incidents

Cyber Security expert Will Poole delivered an excellent webinar, discussing each threat in detail, offering practical advice for SME’s and individuals to follow.

If you couldn’t attend the webinar, don’t worry! You can find a link to the PDF guide below, with all the tips and insights for mitigating your cyber risk and increasing your cyber resilience threshold.

Link

Case Insight:

This month, Head of Incident and Response Will Poole, handled a web application incident response, quickly identifying and mitigating vulnerabilities after a client's customer-facing website was compromised. With his swift action, the client now has confidence in their web application’s security.

To round up:

October was filled with achievements, from fundraising and client education to effective threat responses. We look forward to what November brings as we close out the year on a high note.

Explore our complete sectors and solutions suite here.

Incident Response at 0330 135 8542 or here.