#NSBCS.037 - Cyber Security: Defend with Confidence
Source: NSB Cyber
Cyber Security: Defend with Confidence
Cybersecurity doesn't have to be a daunting challenge. It is not an impossible task to empower businesses, especially small and medium-sized enterprises, to thrive in today’s digital landscape without undue cyber worry.
Everyone in business quite rightly focusses on running that business holistically and to the best of their ability, not narrowly focussing on only battling cyber threats. Cyber resilience advice needs to be practical and include tailored solutions designed to protect operations without disrupting them.
The right approach is grounded in education, prevention, and preparedness, helping to make informed and pragmatic decisions to safeguard a business.
10 Easy Steps to Boost Your Organisation’s Resilience
Here are some simple actions you can take this year to enhance your cyber security posture:
1. Assess Your Risks: Understand your business's weaknesses to identify potential threats.
2. Strengthen Your Password Game: Create strong, unique passwords and enforce regular updates.
3. Educate Your Team: Raise cyber awareness among employees to prevent human error.
4. Secure Your Data: Regularly back up your critical information.
5. Stay Updated: Keep software and systems patched to close security loopholes.
6. Control Access: Grant permissions on a need-to-know basis.
7. Protect Your Network: Implement strong security measures across your network devices.
8. Secure Your Devices: Protect all devices accessing your business systems, including mobile phones and laptops.
9. Monitor Network Activity: Keep an eye out for unusual patterns or anomalous activity.
10. Consider Cyber Insurance: Safeguard your business from financial loss due to cyberattacks.
Remember, small steps can lead to significant improvements in cyber resilience. By taking proactive measures, you're not just protecting your business; you're empowering it to succeed by taking #nostepsbackward.
For information on NSB Cyber’s Cyber Resilience or Cyber Governance capabilities, or to book a meeting with our team, click here.
What we read this week
Microsoft 365 Anti-Phishing Feature can be Bypassed with CSS - Researchers have discovered a method to bypass Microsoft 365's anti-phishing feature, the "First Contact Safety Tip" by using Cascading Style Sheets (CSS) to hide warning messages in emails. This feature is intended to alert users about unfamiliar email senders. The bypass technique manipulates the email's CSS to make the warning message invisible, increasing the risk of successful phishing attacks. Despite being informed, Microsoft has decided not to address this issue immediately, acknowledging its validity but considering it a lower priority for immediate servicing.
Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware - Cybercriminals are exploiting Cloudflare's TryCloudflare free service to evade detection and distribute malware. They use Cloudflare tunnels to create a rate-limited conduit, relaying traffic from attacker-controlled servers to local machines, facilitating the delivery of various malware types like AsyncRAT and Remcos RAT. The initial infection vector involves phishing emails containing ZIP archives with URL shortcuts leading to malicious Windows shortcut files on a TryCloudflare-proxied WebDAV server. These files execute scripts to download and run additional payloads while displaying decoy PDFs.
Chrome, Firefox Updates Patch Serious Vulnerabilities - Google and Mozilla have released updates for Chrome and Firefox, addressing several critical vulnerabilities. Chrome version 127.0.6533.99 fixes six issues, including a critical out-of-bounds memory access in the Angle component and a use-after-free in the Sharing component. Firefox version 129 addresses 14 vulnerabilities, 11 of which are rated as high severity, potentially allowing spoofing, sandbox escapes, and arbitrary code execution. Additionally, Mozilla has patched vulnerabilities in Thunderbird and Firefox ESR. Neither company has reported any active exploitation of these vulnerabilities.
Taiwan Government-Backed Research Organisation Targeted by APT41 Hackers - A Taiwanese government-backed research institution focused on sensitive technologies was targeted by the Chinese hacking group APT41. The campaign that may have started as early July 2023, involved the use of malware like ShadowPad and other tools written in Simplified Chinese. APT41, known for both criminal and nation-state attacks, managed to compromise at least three devices and exfiltrate some documents. The hackers utilised backdoors and compression tools to steal a large number of files. Cisco Talos identified the attack based on the specific malware and tactics used by the group.
Fake Google Authenticator App Spreads Malware, not Authentication - A fake Google Authenticator app is being distributed through a legitimate-looking Google ad, which actually spreads DeerStealer malware. The ad redirects users through multiple domains to a fake site where the malware, disguised as ‘Authenticator.exe’, is hosted on a GitHub repository. This malware can steal sensitive information from infected devices. The campaign is particularly concerning because it exploits users' trust in Google Authenticator for security. Users are advised to download software only from official repositories to avoid such threats.
References
https://www.bleepingcomputer.com/news/security/microsoft-365-anti-phishing-feature-can-be-bypassed-with-css/
https://thehackernews.com/2024/08/cybercriminals-abusing-cloudflare.html
https://www.securityweek.com/chrome-firefox-updates-patch-serious-vulnerabilities/
https://therecord.media/taiwan-government-backed-research-institution-apt41-hack
https://www.cyberdaily.au/security/10910-fake-google-authenticator-app-spreads-malware-not-authentication