It's the beginning of a new week, and that means a new round up of what's been going on in the world of cyber security and data protection over the last 7 days!
On Monday, Microsoft announced that it has taken steps to disrupt a persistent threat actor with objectives aligned with Russian state interests. Named SEABORGIUM, the espionage-orientated activity cluster has been linked to hack and leak campaigns, using persistent phishing and credential theft to intrude and steal data. (The Hacker News)
South Staffordshire PLC, the company that operates South Staffs Water and Cambridgeshire Water, has confirmed that it was the target of a cyber attack. Their ability to supply water was not affected, but the corporate IT network was disrupted and cyber security experts suggested that the attack sets a “worrying precedent”. (BBC News)
Google has rolled out patches for the desktop version of Chrome, following the discovery of an actively exploited and high-severity zero-day flaw. Discovered on the 19th of July, the flaw has been described as a case of insufficient validation of untrusted intent in Intents, however Google will not release details of the vulnerability until the majority of users have updated their browsers. (The Hacker News)
Threat actors have been able to use Amazon Web Services for phishing purposes, using trusted brand names to manipulate victims. Hackers are taking advantage of AWS’s free website hosting to create phishing pages, with the links distributed over email to avoid scanners and obtain credentials. These emails, which contain harmful password reset links, are designed as deliberately poor emails in order to bypass automated scanners, before the threat actors use previously obtained data to direct victims to a login page that is preloaded with the company’s logo and user email address. Due to easy access and a simple request, this cyber threat is particularly effective. (Cyber News)
A recent government white paper states that business leaders in the UK are failing to take cyber security risk into account, and typically will only do so following a major cyber incident. Interviews with IT leaders found that while most boards understand the need for cyber security, they do not necessarily understand the scale of the threat. Leaders should be listening to and engaging with their IT teams in order to find proactive ways to prevent cyber incidents from occurring, instead of simply thinking ‘what’s the worst that could happen’. (Computer Weekly)
Advanced persistent threat group Cozy Bear, with links to Russian Intelligence, has adopted a number of new techniques that are designed to target Microsoft 365 environments. The group has been observed disabling critical email investigation tools when targeting mailboxes, and taking advantage of self-enrolment processes when setting up multi factor authentication. (Computer Weekly)
Apple has recently rolled out updates to its iPhone, iPad and Mac devices, fixing flaws that were being actively exploited by hackers. By infiltrating WebKit, the engine that powers the Safari browser, hackers were able to take complete remote control of a victim’s device through maliciously crafted web content. It is important that devices are updated as soon as possible. (BBC News)