.png)
👋 Welcome to the 17th edition Cyber Weekly Digest of 2024.
Did you know we serve up the CWD in 3 ways? 1. Blog post 2. Via Email and 3. LinkedIn. Which ever way you're reading this I just want to say thank you for taking the time and I'm always open to feedback on what we can include to make future editions as useful and informative as possible!
New and noteworthy this week:
🟣 Pentera's annual State of Pentesting report is now available
Compiled from responses of 450 top CISOs, CIOs, and IT security leaders globally, this report gives you a comprehensive look at security budgets, the adoption of security tools and controls, and common pentesting practices across enterprises. Grab your copy here
🟣 The use of AI tools, both in our current business landscape and society in general, is more widespread than ever. However, the use of AI comes with a variety of well-documented concerns and challenges, among which are the implications for compliance with data protection legislation, such as the GDPR.
Check out URM’s blog, providing a breakdown of how the guidance and regulation on the DP considerations of AI are evolving, discuss in detail how AI poses challenges to DP compliance, and offer advice on what you should consider to achieve DP compliance in your organisation’s use of AI systems
🟣 Safeguarding sensitive information in today's digital world is crucial. Role-Based Access Control (RBAC) offers a structured approach to managing user permissions and access rights, minimising the risk of data breaches.
At Abnormal, they've developed a simplified, security-driven RBAC design pattern that allows customers to enhance security, streamline administration, and protect their assets with ease. Read the full blog post here
Last but not least...
🟣 Gartner predicts that by 2030, 80% of enterprises will have a well-defined human risk management programme (HRM). But what is driving the shift from traditional security awareness training to HRM?
Connect with the Lead Cyber Security Researcher, John Scott at CultureAI as he shares how HRM can help you measurably reduce human risk in your organisation. Register here
Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.
🚨 This week we were reminded to be cautious about the tech we use at home, continued to hear about the ever growing rise in AI powered cyber attacks and the ongoing threats to the Healthcare Industry!
Keep reading to stay up to date on the latest cyber security news.
Microsoft has revealed that North Korea-linked state-sponsored cyber actors have begun to use artificial intelligence (AI) to make their operations more effective and efficient. "They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and effective," the tech giant said in its latest report on East Asia hacking groups. The company specifically highlighted a group named Emerald Sleet (aka Kimusky or TA427), which has been observed using LLMs to bolster spear-phishing efforts aimed at Korean Peninsula experts. The adversary is also said to have relied on the latest advancements in AI to research vulnerabilities and conduct reconnaissance on organizations and experts focused on North Korea, joining hacking crews from China, who have turned to AI-generated content for influence operations.
The Los Angeles County Department of Health Services disclosed a data breach after patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. This integrated health system operates the public hospitals and clinics in L.A. County (the most populous county in the United States) and is the second largest public health care system in the country after NYC Health + Hospitals. As revealed in data breach notifications sent to an undisclosed number of potentially affected individuals, 23 employees had their credentials stolen in a February attack.
A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. Researchers believe that behind the campaign is CoralRaider, a financially motivated threat actor focused on stealing credentials, financial data, and social media accounts. The hackers deliver LummaC2, Rhadamanthys, and Cryptbot info stealers that are available on underground forums from malware-as-a-service platforms for a subscription fee.
The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. The attack led to an outage that impacted the Change Healthcare payment, affecting a range of critical services used by healthcare providers and pharmacies across the U.S., including payment processing, prescription writing, and insurance claims. The organisation reported that the cyberattack had caused $872 million in financial damages.
The Federal Trade Commission is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections. The action is part of a settlement following a complaint from May 2023 alleging that Ring failed to implement adequate security measures to protect the devices from unauthorised access. Ring is an Amazon subsidiary known its smart home security products, including video doorbells, indoor and outdoor security cameras, central alarm hubs, smart sensors, motion-activated lights, and more.
