👋 Welcome to the 36th edition Cyber Weekly Digest of 2024
🏴 Firstly a quick shout out to Kelvin and the team @ First Line who have less than 4 weeks to get ready for the Two Ball 700 Mile Rally around Scotland to raise money for the fantastic Bodie Hodges Foundation! Follow the Scottish Banger Challenge and donate here
This week we announced our all star line up for next weeks Cyber Security... is no Joke at Revolution De Cuba in Glasgow 🥳
⭐ Joining us once again is Martyn Wallace! Martyn’s day job as a CDO has seen him present digital keynote speeches sprinkled with humour on famous stages all over the world including Barcelona, Sydney Australia, Singapore and Clydebank Town hall.
⭐ Scott Gibson: The Big, Bald, Bearded Glaswegian. A naturally skilful and riveting raconteur, Gibson mixes a conversational style with his own unique brand of dark humour, gloriously bad language and shrewd observations.
⭐ Scott Agnew: Previous winner of Scottish Comedian of The Year, Scott is considered one of the best story tellers in the business and his latest BBC 4 Radio series "Dead Man Talking" has received incredible reviews.
⭐ Rachel Jackson: Award winning Scottish actress, comedian and writer. Winner of The Herald Scottish Culture Award ‘One to Watch’ prize and nominated for best new comedian at The Scottish Variety Awards and The Scottish Comedy Awards.
Please be reminded that this will be a ⛔️ Zero Sales Patter Zone ⛔️ Anyone breaking the rules may face eviction!
⏰ For those attending Scot Secure West don't miss: 12.15pm to 12.45pm "From Quishing to Deepfakes: The latest phishing threat trends for 2024" as James Dyer from Egress shares invaluable insights for all cybersecurity professionals looking to stay ahead in the ever-evolving cybersecurity threat landscape.
⏰ Automox's very own Katherine Chipday also has a unmissable break out session covering Proactive Risk Reduction in an Age of Exponential Vulnerabilities including the state of the threat landscape, why proactive risk reduction is critical and how we can implement safe automations.
New and noteworthy from our vendor community this week:
🔥 We loved this blog by eSecurity Planet 5 Key Cybersecurity Trends to Know in 2024 (thanks for sharing Immersive Labs)
Expect to see #ransomware groups leveraging new techniques in endpoint detection and response (EDR) evasion, and four other trends to know this year.
🔥 With #NodeZero Tripwires™, leverage Horizon3.ai unique attacker’s perspective to automatically deploy deception tech in the most critical areas of your network. That way, you’ll catch threats where they hurt the most.
Learn more about this upcoming launch here
🔥 On average, organisations have 613 API endpoints in production, making effective management critical to ensure APIs are secure, reliable, and delivering value to the business.
Discover the Five components of API Management and what to consider when selecting an API management tool with Imperva
Last but not least...
🔥 #AI is quickly becoming a key player in #ThreatIntelligence, according to SANS Institute's recent threat landscape survey shared by ZeroFox this week. Nearly 25% of intelligence teams are already using it, and another 38% plan to follow suit.
See how teams across industries are using AI to enhance data collection and analysis in the SANS CTI Survey 2024
Now, let's take a look at our top Cyber Security News picks of the week:
☠️ This week we were warned of #NorthKoreanHackers, Zyxel trying to get to the #Router of the problem and an urgent update shared with #Android users...
US-based semiconductor supplier Microchip Technology (NASDAQ: MCHP) has confirmed that personal information and other types of data was stolen from its systems during a recent ransomware attack. The company disclosed the incident on August 20, when it informed the US Securities and Exchange Commission that certain servers and business operations had been disrupted. The company isolated the impacted systems to contain the attack.
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. In addition, the September 2024 updates address 13 other high-severity flaws that could permit privilege escalation, multi-factor authentication (MFA) bypass, and execute code with elevated permissions.
North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview. The new attack wave, spotted by Singaporean company Group-IB in mid-August 2024, is yet another indication that the activity is also leveraging native installers for Windows and Apple macOS to deliver malware.
Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. The flaw, tracked as CVE-2024-7261 and assigned a CVSS v3 score of 9.8 ("critical"), is an input validation fault caused by improper handling of user-supplied data, allowing remote attackers to execute arbitrary commands on the host operating system.
Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component.
Comments