Weekly Cyber News Roundup – January 23rd to 27th 2023
This week saw the release of a number of reports showing that payments to ransomware gangs fell in 2022. Our Incident response team offers some insight as to why that might be happening.
Our Managed Detection and Response Services provide continuous monitoring from a team who’ll neutralise any breaches at speed...
Gain access to malware experts to quickly contain threats and reduce future exposure to attacks...
Integrity360 has been recognised as a Gartner Representative Vendor.
Many organisations are choosing CyberFire MDR to strengthen their defences. Discover how it can protect your business in our brochure.
Cyber attacks often seem faceless, but hidden behind the headlines of financial loss and technical details there are very real human stories.
In 2025, we’re witnessing a shift in how ransomware operates, who it targets, and the consequences of falling victim.
Stay ahead of the latest cyber security industry developments, advancements and threats, and understand how you can best protect your organisation.
Do you know what your company’s network vulnerabilities are? Businesses that invest in penetration testing do.
If your business handles credit card data, PCI DSS compliance isn’t optional—it’s critical. From retailers and e-commerce platforms to service providers and financial institutions, securing credit card data is critical to customer trust and preventing fraud.
Stay informed with the latest cyber security news with our weekly threat roundups.
Confused about cyber security? Our A-Z Glossary of terms can help you navigate this complicated industry.
Despite its value, Penetration Testing is often misunderstood.
SOC 2 certification reflects Integrity360’s continued investment in strengthening cyber resilience for clients across highly regulated and high-risk industries.
Holiseum will form a new Integrity360 services practice focused on OT/IoT and as a regional hub for the group in France
Posts about:
This week saw the release of a number of reports showing that payments to ransomware gangs fell in 2022. Our Incident response team offers some insight as to why that might be happening.
Happy New Year everyone! 2023 has just begun and the cyber criminals haven’t wasted any time in getting busy attacking businesses and organisations.
Cyber criminals and other threat actors are looking to kick their activities into a higher gear as three major upcoming events provide the perfect opportunities to launch phishing and other cyber-attacks.
Your data is your organisation’s most valuable asset. With enough transparency it can provide you with a huge amount of insight into how to improve your business, but in the wrong hands, it can irreparably damage your reputation and cost millions in compliance liabilities.
While many organisations spend thousands on preventative cyber security tools, many make the mistake of overlooking the fact that cyber criminals are spending less time relying on brute force to gain access to protected information and more time on manipulating or bribing employees into giving up personal information.
According to the government's Cyber Security Breaches Survey 2023, phishing is the most common form of cybercriminal activity suffered by UK businesses and charities, with 79% having been targeted by phishing scams.
Security Update (Updated 28/3/2022 15.50)
The Integrity360 Cyber Threat Response team are currently tracking a new Zero-day vulnerability, CVE-2022-1096, found within Google's web browser Chrome. Google published an advisory on Friday 25th March, noting they are aware of the exploit and it exists in the wild. Currently, the details regarding the exploit have not been revealed by Google, however we are aware the exploit involves the leveraging of a weakness in the Chrome V8 JavaScript engine, which allows attackers to execute arbitrary code.
Security Update (Updated 04/3/2022 17.20)
Since our initial statement last week, Integrity360 has been closely monitoring the ongoing Ukraine / Russia conflict and the security and business risks this brings. Our dedicated Threat Intelligence team have continued to actively monitor for any new indicators of compromise relating to the conflict and disseminate this intelligence throughout our the business. Our SOC Analysts are working closely with the Intelligence teams to protect our Managed Security Service customers.
As the situation continues to evolve, we are keeping a close eye on the risk level posed to our customers, notifying them and reacting accordingly. We would also like to remind our customers to remain vigilant and to take action if they notice anything suspicious in their environment. We are proactively working with various teams across Integrity360 to provide our customers with the latest threat intelligence. The below roundup has been updated as part of our investigations so far. Should you require more information, please don’t hesitate to reach out to us.
Security Update (Updated 14/12/2021 15.30)
On 10th December 2021, Apache announced a new critical vulnerability and fix for Log4j, CVE-2021-44228 dubbed ‘Log4Shell’. This vulnerability affects any organisation that utilises Log4J or has software with underlying Log4J dependencies. Apache is strongly recommending Log4j systems be updated to fixed versions as soon as possible.
Security Update (14/09/2021)
Microsoft’s “Patch Tuesday” has included a fix for CVE-2021-40444. You can find the patch details for each Operating System version here. This round of updates also fixes 85 other vulnerabilities as shown here.
This week, Microsoft disclosed a newly discovered remote code execution vulnerability in MSHTML that affects Microsoft Windows. Integrity360 can confirm that it is actively being exploited in the wild.
Yesterday, it was announced that Fortinet discovered a breach, resulting in the disclosure of almost 500,000 FortiGate SSL-VPN credentials from 87,000 FortiGate SSL-VPN Devices. The attack vector was identified as a system unpatched against CVE-2018-13379.