![weekly roundup](https://insights.integrity360.com/hubfs/cyber%20weekly.png)
Insights
Posts about:
Breaches, Alerts & Advisories (2)
![weekly roundup](https://insights.integrity360.com/hubfs/cyber%20weekly.png)
![weekly news update](https://insights.integrity360.com/hubfs/cyber%20weekly.png)
Weekly Cyber News Roundup – January 23rd to 27th 2023
This week saw the release of a number of reports showing that payments to ransomware gangs fell in 2022. Our Incident response team offers some insight as to why that might be happening.
![weekly roundup](https://insights.integrity360.com/hubfs/cyber%20weekly.png)
Weekly Cyber News Roundup - January 9th to 13th 2023
This week saw Microsoft release patches for nearly 100 vulnerabilities and a new tactic was seen being utilised by the Lorenz ransomware group. Read about both and the biggest cyber news in this week’s roundup.
![news roundup](https://insights.integrity360.com/hubfs/cyber%20weekly.png)
Weekly Cyber News Roundup - January 2nd to 6th 2023
Happy New Year everyone! 2023 has just begun and the cyber criminals haven’t wasted any time in getting busy attacking businesses and organisations.
![world cup](https://insights.integrity360.com/hubfs/Shutterstock_2190840355%20%281%29.jpg)
Black Friday, Cyber Monday and World Cup to create a hat trick of Cyber Threats
Cyber criminals and other threat actors are looking to kick their activities into a higher gear as three major upcoming events provide the perfect opportunities to launch phishing and other cyber-attacks.
![monitoring data](https://insights.integrity360.com/hubfs/Untitled%20design%20%285%29.jpg)
Why Data Access Monitoring Should be Your Top Priority Heading into 2023
Your data is your organisation’s most valuable asset. With enough transparency it can provide you with a huge amount of insight into how to improve your business, but in the wrong hands, it can irreparably damage your reputation and cost millions in compliance liabilities.
![social engineers](https://insights.integrity360.com/hubfs/Untitled%20design%20%284%29.jpg)
Get to Grips with Social Engineering in 2023
While many organisations spend thousands on preventative cyber security tools, many make the mistake of overlooking the fact that cyber criminals are spending less time relying on brute force to gain access to protected information and more time on manipulating or bribing employees into giving up personal information.
![fish hook on computer](https://insights.integrity360.com/hubfs/Phishy.jpg)
Phishy Business: A Guide to Phishing
According to the government's Cyber Security Breaches Survey 2023, phishing is the most common form of cybercriminal activity suffered by UK businesses and charities, with 79% having been targeted by phishing scams.
![](https://insights.integrity360.com/hubfs/Google%20Chrome%20Advisory.png)
Google Chrome Advisory
Security Update (Updated 28/3/2022 15.50)
The Integrity360 Cyber Threat Response team are currently tracking a new Zero-day vulnerability, CVE-2022-1096, found within Google's web browser Chrome. Google published an advisory on Friday 25th March, noting they are aware of the exploit and it exists in the wild. Currently, the details regarding the exploit have not been revealed by Google, however we are aware the exploit involves the leveraging of a weakness in the Chrome V8 JavaScript engine, which allows attackers to execute arbitrary code.
![](https://insights.integrity360.com/hubfs/Ukraine-attack.jpg)
Advisory: Russia / Ukraine Conflict
Security Update (Updated 04/3/2022 17.20)
Since our initial statement last week, Integrity360 has been closely monitoring the ongoing Ukraine / Russia conflict and the security and business risks this brings. Our dedicated Threat Intelligence team have continued to actively monitor for any new indicators of compromise relating to the conflict and disseminate this intelligence throughout our the business. Our SOC Analysts are working closely with the Intelligence teams to protect our Managed Security Service customers.
As the situation continues to evolve, we are keeping a close eye on the risk level posed to our customers, notifying them and reacting accordingly. We would also like to remind our customers to remain vigilant and to take action if they notice anything suspicious in their environment. We are proactively working with various teams across Integrity360 to provide our customers with the latest threat intelligence. The below roundup has been updated as part of our investigations so far. Should you require more information, please don’t hesitate to reach out to us.
![](https://insights.integrity360.com/hubfs/Apache.png)
Log4Shell Critical Vulnerability Advisory
Security Update (Updated 14/12/2021 15.30)
On 10th December 2021, Apache announced a new critical vulnerability and fix for Log4j, CVE-2021-44228 dubbed ‘Log4Shell’. This vulnerability affects any organisation that utilises Log4J or has software with underlying Log4J dependencies. Apache is strongly recommending Log4j systems be updated to fixed versions as soon as possible.
![](https://insights.integrity360.com/hubfs/Microsoft.jpg)
MSHTML Critical Vulnerability Advisory
Security Update (14/09/2021)
Microsoft’s “Patch Tuesday” has included a fix for CVE-2021-40444. You can find the patch details for each Operating System version here. This round of updates also fixes 85 other vulnerabilities as shown here.
This week, Microsoft disclosed a newly discovered remote code execution vulnerability in MSHTML that affects Microsoft Windows. Integrity360 can confirm that it is actively being exploited in the wild.