Welcome to the 2nd Cyber Weekly Digest of 2024. The weekend is within touching distance, you've got this!
New and noteworthy this week: We are super excited to announce that Cyber Vigilance are exhibiting at this years Scot-Secure on 27th March! You can find out more about this event HERE. Also this week - Cequence released a case study to show how they empowered a global telecom provider to effectively manage and secure their extensive API network. You can check out the results HERE
Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.
This week we were warned about hackers targeting Microsoft SQL servers, how an accounting firm fell victim to a phishing attack and a great article from The Hacker News on the importance of Identity Security!
Keep reading to stay up to date on the latest cyber security news.
A group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware. These ongoing attacks are tracked as RE#TURGENCE and have been directed at targets in the European Union, the United States, and Latin America. The threat actors compromised MSSQL database servers exposed online in brute force attacks. Then, they used the system-stored xp_cmdshell procedure, which allowed them to spawn a Windows command shell with the same security rights as the SQL Server service account.
Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days. In addition to Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, which you can read in the article.
Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack. The California-based manufacturer of upgradeable and modular laptops says a Keating Consulting accountant was tricked on January 11 by a threat actor impersonating Framework's CEO into sharing a spreadsheet containing customers' personally identifiable information (PII) "associated with outstanding balances for Framework purchases."
IT professionals have developed a sophisticated understanding of the enterprise attack surface – what it is, how to quantify it and how to manage it. The process is simple: begin by thoroughly assessing the attack surface, encompassing the entire IT environment. Identify all potential entry and exit points where unauthorised access could occur. Strengthen these vulnerable points using available market tools and expertise to achieve the desired cybersecurity posture. While conceptually straightforward, this is an incredibly tedious task that consumes the working hours of CISOs and their organisations. Both the enumeration and the fortification pose challenges: large organisations use a vast array of technologies, such as server and endpoint platforms, network devices, and business apps. Reinforcing each of these components becomes a frustrating exercise in integration with access control, logging, patching, monitoring, and more, creating a seemingly endless list of tasks. It's time to break the cycle of acquiring another tool for another surface and get off the hamster wheel.
Fidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers.
FNF is an American title insurance and transaction services provider for the real estate and mortgage industries. It is one of the largest companies of this kind in the United States, with an annual revenue of more than $10 billion, a market capitalisation of $13.3 billion, and an employee force of over 23,000 people. In mid-December, the firm warned that it had suffered a cyberattack after the threat actors accessed the network using stolen credentials.