ThreatLight

Interesting article from the NCSC regarding the targeting of SoHo devices by nation state actors: https://lnkd.in/e4qnD7Pj This is an attack vector overlooked by many organisations but something we have seen exploited numerous times over the years (how many server rooms have you seen with a Synology/QNAP NAS for lab backups or a SoHo router for ADSL backup lines etc). We go beyond the "rinse and repeat" threat models/security assessments to accurately understand your threat model from an attackers standpoint: https://lnkd.in/enVssR7d #cybersecurity #state-sponsoredattacks #APT40 

The recent cyberattack on Kadokawa Group, as reported by Kadokawa Corporation itself and across the Japanese media, highlights the critical need for robust cybersecurity measures to protect essential assets. This incident underscores the significant risk to critical business infrastructure, emphasizing the urgent requirement for enhanced cyber resilience. The Kadokawa Group incident is a stark reminder of the importance of timeliness and speed in cybersecurity. Swift and effective incident response is crucial to minimizing damage and restoring operations. ThreatLight’s solutions are designed to ensure that our clients can respond rapidly and efficiently to a cyber threat, safeguarding their critical assets and maintaining operational continuity. Our AI-driven technology and real-world expertise enable us to offer comprehensive services, from preemptive defenses to post-breach recovery. More importantly for this case, a next-generation Incident Response strategy that operates at unmatched speed makes a dramatic difference in the outcome, level of damage and time to recover. For more details on the incident and its implications, you can read the article on Asahi Shimbun: https://lnkd.in/eacUunVt Link to the press release in comments #CyberAttack #Ransomware #KadokawaBreach #DataBreach #CyberSecurity #CriticalInfrastructure #IncidentResponse #BusinessContinuity

This is the most serious SSH vulnerability we’ve seen in a while: https://lnkd.in/edQPE4Pp. The exploit allows Remote Code Execution without user interaction and Proof of Concept code is already readily available online. That said, before everyone rushes to learn if they are vulnerable, exploitation of a Race Condition is extremely hit and miss and many customers likely have far more easily exploitable vulnerabilities exposed. Get a better understanding of what your environment looks like from an attackers perspective and ensure you are protected from real world threats: https://lnkd.in/enVssR7d #regreSSHion #CyberSecurity #SSH #SoftwareSecurity #Vulnerability #InfoSec #SecurityUpdate #DevSecOps #CVE #NetworkSecurity

The Teamviewer breach will be interesting to watch as it unfolds: https://lnkd.in/gCazkahy TeamViewer continues to be favoured by attackers for maintaining access post exploitation but we often find the free version installed in many customer environments as a workaround by well meaning IT staff without the risk owners approval. TeamViewer and many others provide often inadvertently provide direct access to the core of your environment, bypassing all security controls. Take a Cyber Compromise Assessment to understand what other Remote Access Tools are lurking in your environment: https://lnkd.in/enVssR7d #CyberSecurity #TeamViewer #SecurityBreach #ExpertResponse

If the Lockbit Ransom of the US Federal Reserve turns out to be true this could have interesting ramifications US policy on Ransomware moving forward. Our time dealing with Lockbit over the years has shown that those 33tb will contain a whole lot more than Personal Identifible Information (which in itself would be breach on an enormous scale): https://lnkd.in/ex9XBpdd #CyberSecurity #DataBreach #Ransomware #Lockbit #FederalReserve #InfoSec #DataProtection #CyberAttack #ThreatIntelligence #CyberAwareness

The industry is rushing towards allowing AI to automatically make decisions around protecting customer environments, meanwhile it’s struggling with physical bacon bits: https://lnkd.in/ed5SkS33 Should we take a step back and master breakfast before breaches? 🫠 #firstnuggetsthentheworld #AI #notlovinit #cybersecurity #chatgpt

Potentially serious Microsoft WiFi vulnerability affecting all OS versions once exploit code is in the wild: https://lnkd.in/ePbm_THw This potentially allows Remote Code Authentication with zero input from the targeted user/endpoint. What is more worrying is that although all of the coverage so far lists the vulnerability as being an exploitation of the input validation of the WiFi stack and that local proximity is required, Microsoft’s own bulletin states (you have to dig down): “This can mean an attack must be launched from the same shared physical (e.g., Bluetooth or IEEE 802.11) or logical (e.g., local IP subnet) network, or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN to an administrative network zone)” Which implies this vulnerability could be far further reaching than the weekend media suggests. Further updates to follow but in the meantime please patch! If you are concerned how this vulnerability or any other may have affected your organisation, we’re waiting to help: https://lnkd.in/eRqvpntU #CyberSecurity #PatchTuesday #WiFi

Microsoft have decided to delay the release of Recall amid security concerns. As security professionals, we sincerely hope this massively intrusive feature has some serious rework (and is disabled by default) before being launched. Please leave the key logging to the professionals 🫣 https://lnkd.in/eHUWVEnx #cybersecurity #dataprotection #privacy #hacking

It's VPN Wednesday! State-sponsored threat actors from China breach 20,000 Fortinet FortiGate systems globally, exploiting a critical security flaw. This highlights the importance of staying vigilant against evolving cyber threats and looking beyond the endpoint: https://lnkd.in/eZa8pRCp #CyberSecurity #ThreatActor #FortiGate #ChinaHacker

It’s a rare occasion to get a decryption key during an investigation these days however, the FBI now have over 7,000 decryption keys for LockBit ransomware victims to reclaim their data for free. If you think you've been affected, visit ic3.gov now. #cybersecurity #FBI #LockBit Read more: