👋 Welcome to the 34th edition Cyber Weekly Digest of 2024
We are incredibly excited to be back in 🏴 Scotland 🏴 next month for DIGIT.FYI Scot-Secure West in Glasgow on the 11th September. This year we will be joined by Egress, a KnowBe4 company, Automox, Bugcrowd and One Identity!
Make sure you sign up here for your ticket
📢 This week we announced our new partnership with Immersive Labs, the global leader in people-centric cyber resilience! Focused on equipping workforces with the knowledge and skills needed to effectively prevent and respond to cyber threats, can't wait to share more...
🎳 Would also like to thank the teams at Ignition and illumio this week for hosting us at their partner kick off event. Fantastic to meet the people behind the tech and learn about the future of #ZeroTrustSegmentation. Watch this space!
😁 Dad Joke of the Week: I adopted a dog from a blacksmith. As soon as I brought him home, he made a bolt for the door.
New and noteworthy from our vendor community this week:
🟣 #QuantumComputing is on the horizon, and it poses a significant risk to current encryption methods. With NIST’s new post-quantum encryption standards now finalised, it’s essential to understand how they can help protect your data.
In their latest blog, Ben McCarthy, Immersive Labs Lead Cybersecurity Engineer, shares:
🔍 NIST’s new standards and their impact
🛡️ How #QuantumComputing could threaten #DataSecurity
🔧 Steps to future-proof your organisation
🟣 We are thrilled to see illumio recognised in five of the Gartner Hype Cycle reports!
Learn why Gartner considers #microsegmentation a high-benefit technology in their latest blog post and how, with illumio ZTS you can quickly and easily:
👀 See Risk
✍🏽 Set Policy
🛑 Stop the Spread
🟣 Sticking with Hype Cycle buzz - Automox has been recognised as a Sample Vendor for Autonomous Endpoint Management (AEM) in three Gartner Hype Cycle reports: IT Management Intelligence, I&O Automation, and Digital Workplace Infrastructure and IT Operations for 2024.
✅ IT overhead reduction
✅ Compliance increase
✅ Employee enablement and business value-added work
Last but not least...
🟣 What is MFA fatigue? It's a social engineering attack where hackers bombard users with repeated MFA requests until they approve one out of frustration.
Learn how these attacks work with One Identity, sharing proven methods to prevent them and real-world examples including:
🔵 Cisco
🍏 Apple
🚖 Uber
Now, let's take a look at our top Cyber Security News picks of the week:
☠️ This week we were warned of wild goings on with #Google, disturbing news for visitors of #OregonZoo and a #CyberAttack on American microchips (not to be confused with the 90's classic snack box)
The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser. The credential-harvesting techniques has been observed by the Sophos X-Ops team during incident response engagements and marks an alarming change on the ransomware scene.
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page," according to a description of the bug in the NIST National Vulnerability Database (NVD).
Oregon Zoo is informing that visitors who purchased tickets online between December and June had their payment card information compromised. Formerly Portland Zoo and Washington Park Zoo, Oregon Zoo is a 64-acre zoo owned by the regional Metro government. It is home to 1,800 animals from 232 species, including 28 on the endangered and threatened list. It is the state’s largest zoo and one of the most popular tourist attractions, with more than 1.7 million visitors every year.
American chipmaker Microchip Technology Incorporated has disclosed that a cyberattack impacted its systems over the weekend, disrupting operations across multiple manufacturing facilities. Headquartered in Chandler, Arizona, the company has roughly 123,000 customers across multiple industry sectors, including industrial, automotive, consumer, aerospace and defense, communications, and computing markets. Due to an incident, some Microchip Technology manufacturing facilities operate at reduced capacity, affecting the company's ability to meet orders. Microchip Technology also had to take steps to manage the situation, such as shutting down some systems and isolating the affected ones following the breach.
SolarWinds left hardcoded credentials in its Web Help Desk product that can be used by remote, unauthenticated attackers to log into vulnerable instances, access internal functionality, and modify sensitive data The software maker has now issued an update to address that critical oversight; its users are encouraged to install the fix, which presumably removes the baked-in creds.
Comentários