2021 was the year that marked a major cyber-attack against a critical national infrastructure organization whose impact was felt by millions of Americans on the East Coast. However, the attack against the Colonial Pipeline Company was not the only incident that affected the Operational Technology (OT) systems of a critical sector for the U.S. national economy.

In November 2018, the Australian Prudential Regulation Authority (APRA) released the Prudential Standard CPS 234 in direct response to the escalating attack landscape in the financial sector. APRA has understood these threats to be the direct result of banking services moving to more complex and heavily used digital platforms. The new Standard emerged as an offshoot to the Notifiable Data Breach Scheme, which came into effect in early 2018.

Windows 11 is coming. Ever since its release in October 2021, users have been checking for updates, eagerly waiting to upgrade. Microsoft’s requirements are stricter than usual, and thus the feature rollout is coming in episodes. Existing Windows 10 users can download it for free. For the rest, there are a few compatibility checks before upgrading.

Sensitive data often makes its way into logs. Though most of the time unintentional, these incidents have the potential to do a lot of damage, as they usually involve exposure of API keys, passwords, and customer data that can give attackers access to critical business data or put companies at compliance risk. This is why it’s important for organizations to be proactive about securing their logs.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Well not a great time for NVIDIA, after being deprived of buying ARM, they have now been breached in what looks like hackers wanting GPU restraints removed for more efficient cryptocurrency mining.

Even with the rise of messaging apps and other collaboration software, email remains the tool for business communications, both inside and outside the organization. And despite its enduring ubiquity, email still has its drawbacks, especially when it comes to sharing documents, PDFs, photos, and other types of content. The average person spends about 28% of their workday dealing with emails, sending and receiving more than 600 each week.

If a couple of years ago Distributed Denial of Service attacks (DDoS) were just a nuisance for businesses, today they constitute serious, costly cybercrime. Equally, if not more alarming, is the use of cybercriminals as surrogates in state-to-state political conflicts. The tools for launching these attacks are easily available online. They are so simple and cheap to use that even amateur citizen fraudsters and kids can commit a financial crime.

Netskope is keeping a close watch on the rapidly changing situation in Ukraine. Along with the attention we are giving to the safety and well-being of Netskope employees in the region, we are in a state of high alert with respect to cyber threats and risks to our customers. Netskope Threat Labs is continuously monitoring cybersecurity threats related to the conflict in Ukraine.

The following organizations should raise their INFOCON levels and be prepared for cyber-attacks because of this conflict: Our threat intelligence teams continue to enhance Obrela’s technology with new threat intel information as soon as it becomes available. We are conducting threat hunting activities to proactively detect and respond to emerging threats.

The Russia-Ukraine conflict currently is ongoing and continues to escalate. Trustwave is on heightened alert, and we are actively monitoring malicious cyber activity associated with and adjacent to the conflict between Russia and Ukraine.