Despite 2023 ushering in cutting-edge technologies like AI, the cyber security landscape painted a starkly contrasting picture. Companies across diverse industries faced a chilling wave of high-profile hacks, ransomware attacks, and exposed personal identifiable information (PII) vulnerabilities. This surge in cyber-crime serves as a potent reminder: malicious actors operate relentlessly, 24/7, 365 days a year.
In our monthly "Cyber threat bulletin", we aim to equip businesses with the, latest breaches, knowledge and insights necessary to bolster their digital defences and prepare for the ever-evolving threats lurking in the digital shadows.
In a staggering revelation, cyber security researchers have uncovered what is being referred to as the 'Mother of all Breaches‘. The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak, which contains LinkedIn, Twitter, Weibo, Tencent, and other platforms’ user data, is almost certainly the largest ever discovered.
The Microsoft security team detected a nation-state attack on its corporate systems on January 12, 2024, and immediately activated its response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium.
Global energy company Schneider Electric has disclosed a ransomware attack that affected its sustainability division, affecting a number of systems. Schneider Electric was previously targeted in the widespread MOVEit data theft attacks by the Clop ransomware gang that impacted over 2,700 companies.
Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation. Jenkins is a leading open-source automation server for CI/CD, allowing developers to streamline the building, testing, and deployment processes.
iPhone apps abuse iOS push notifications to collect user data. According to mobile researcher Mysk, numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking.
Trello, known for its visual project management capabilities, is widely used by teams for efficient workflow and task tracking. A threat actor has emerged, asserting the sale of Trello data comprising 15,115,516 unique lines of information such as individuals’ emails, usernames, full names, and other account details.
Indian infosec firm CloudSEK last week claimed it found records describing 750 million Indian mobile network subscribers on the dark web, with two crime gangs offering the trove of data for just $3,000. Further, the Govt and the Department of Telecom have asked the service operators for a security audit of their systems following claims by the cyber security firm.
According to the UK's National Cyber Security Centre (NCSC), the near-term impact of AI on the cyber-threat assessment, concludes that AI is already being used in malicious cyber-activity and will almost certainly increase the volume and impact of cyber-attacks – including ransomware – in the near term.
According to a study by Veeam, 92% of organisations will increase 2024 data protection spend, to achieve cyber-resilience amidst continued threats of ransomware and cyberattacks.
Reflections on the state of cyber security from Davos 2024: Cyber-insecurity remains prominently among the top risks in the 2024 edition of the World Economic Forum’s Global Risks Report 2024, both over the two and 10-year time horizon.
2024 will be the year of deception, Charles Henderson, Global Head, IBM X-Force predicts. 2024 is going to be a busy year for cyber-criminals amid ongoing geopolitical tensions, major elections in the U.S. and European Union and the biggest sporting event in the world (Paris Olympics) all taking place within a few months of each other. It’s a perfect storm of events that’s going to see disinformation campaigns on a whole new level.
The intersection of AI and cyber security is complex,” said Roland Costea, Chief Information Security Officer (CISO) at SAP. “It’s a new frontier, constantly evolving and often misunderstood. But one thing is certain: AI is here to stay, and its role in cyber security is only going to increase.”
AI has topped the list of emerging trends that are likely to impact the enterprise security segment in 2024, according to a study by the security industry association (SIA). The research that surveyed hundreds of security industry business leaders, including several volunteers and speakers from the 2023 Securing New Ground (SNG) conference, indicated a multifaceted penetration of AI in the security segment.
Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. CVE-2024-23222 is the first zero-day vulnerability that Apple has disclosed in WebKit in 2024. Last year, the company disclosed a total of 11 zero-day bugs in the technology — its most ever in a single calendar year.
As we usher in 2024, check out the World Economic Forum’s Global Cybersecurity Outlook 2024, which examines the cyber security trends that will affect economies and societies in the year to come. The report illuminates major findings and puts a spotlight on the widening cyber-inequity and the profound impact of emerging technologies.
Security leaders across the globe acknowledged and celebrated the 17th International Data Privacy Day on 28 January 2024. The day aims to raise awareness of the challenges of data protection and best privacy. At SoftwareOne, we also celebrated International Data Privacy Day while arming clients with a strategic plan so you can mitigate data privacy pitfalls when it comes to AI in the workplace. Check out the brief here to help you get started. Happy Privacy Day (belated).
Consider these cyber security predictions when planning for the year ahead, especially as the cyber skills gap continues to widen. Acting proactively on such trends rather than in reactive mode will enhance your organisation’s cyber protection in 2022.
It offers huge potential but it needs the right security, access and data protocols to be implemented. We can help.
It offers huge potential but it needs the right security, access and data protocols to be implemented. We can help.
