.png)
Welcome to the 9th edition Cyber Weekly Digest of 2024.
Â
After that weird little day yesterday when someone, somewhere, celebrated their 10th birthday as a 40 year old (anyone you know?!), hello March!
This is no ordinary March, this is the March we take CyberVigilance on the road to Edinburgh and host our second Cyber Security... It's No Joke comedy night and no joke, we are more than a wee bit excited for it!
Registrations have been rolling in this week so make sure you sign up before we hit capacity.
New and noteworthy this week: NEW PODCAST ALERT - This week we saw the release of our latest podcast with Katie, episode titled Cyber Hygiene with ThreatAware's CEO Jon Abbott. You can listen here.
CultureAI announced that they are a named finalist in the 2024 Cyber OSPAs for Outstanding Cyber Security Training/Awareness Initiative. These awards recognise and celebrate innovation in the global security sector. Want to see why it's clearly not just us who think they're awesome? Click here for a demo.
Last but not least... HUGE congratulations to Abnormal Security's very own Georgia Bell who has qualified for the World Championships with Team GB. Georgia fights cyber criminals by day and can run a 5k in just over 16 minutes. An actual superhuman!! Good luck this weekend. We're so proud of you!
Â
Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.
Â
This week we heard about ongoing Ransomware attacks targeting the healthcare sector, some malicious goings on found on the Hugging Face platform and enjoyed a great article from The Hacker News on how to prioritise cyber security spending (cough - Pentera - cough)
Â
Keep reading to stay up to date on the latest cyber security news.
Â
The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this month as part of Patch Tuesday updates. "To exploit this vulnerability, an attacker would first have to log on to the system," Microsoft said. "An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system."
The Golden Corral American restaurant chain disclosed a data breach after attackers behind an August cyberattack stole the personal information of over 180,000 people.
Golden Corral offers an all-you-can-eat buffet and grill in 298 locations across 43 U.S. states and Puerto Rico (operations are temporarily suspended at 24 locations for undisclosed reasons). In a press release published today, the company said that attackers had access to its systems between August 11 and August 15 and stole the sensitive data of "current and former employees and beneficiaries."
As an IT leader, staying on top of the latest cybersecurity developments is essential to keeping your organisation safe. But with threats coming from all around — and hackers dreaming up new exploits every day — how do you create proactive, agile cybersecurity strategies? And what cybersecurity approach gives you the most bang for your buck, mitigating your risks and maximizing the value of your cybersecurity investments?
This article takes a closer look at the trends that are impacting organisations today, including the growing reach of data breaches and the increase in cybersecurity spending, and explore how you can get the most out of your cybersecurity resources, effectively securing your digital assets and maintaining your organisation's integrity in the face of ever-evolving cyber threats.
At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor. Hugging Face is a tech firm engaged in artificial intelligence (AI), natural language processing (NLP), and machine learning (ML), providing a platform where communities can collaborate and share models, datasets, and complete applications. JFrog's security team found that roughly a hundred models hosted on the platform feature malicious functionality, posing a significant risk of data breaches and espionage attacks.
The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform. Change Healthcare is the largest payment exchange platform used by more than 70,000 pharmacies across the United States. UHG is the world's largest healthcare company by revenue, employing 440,000 people worldwide and working with over 1.6 million physicians and care professionals in 8,000 hospitals and other care facilities.
