Cyber attacks on Australian hospitals and healthcare providers are becoming a more frequent occurrence. The Australian Cyber Security Centre, the ACSC, has recently warned healthcare providers in Australia of an increased number of cyber attacks aimed at the healthcare industry. The ACSC has identified ransomware and other cyber attack methods as leading to dangerous breaches of sensitive hospital data, which can have widespread ramifications if not addressed and preempted.

Cyber risk is everywhere. From credential theft to misconfigurations to vulnerabilities and even phishing attempts, there are cybercriminals poking and prodding at organizations from every angle. This means that organizations not only need to up their cybersecurity, but they also need to think about it in terms of risk and how to holistically mitigate that risk — from identifying threats to protecting against them and responding to them.

On Wednesday, the 24th of May, 2023, Zyxel released a security advisory for several vulnerabilities capable of granting unauthenticated remote code execution (RCE) in their line of Firewall and VPN products, tracked as CVE-2023-33009 and CVE-2023-33010. These buffer overflow vulnerabilities are also capable of inducing denial of service conditions.

On Wednesday, May 3, 2023, Google introduced eight new top-level domains (TLD) available for purchase and that could be used with websites and/or email addresses. From these eight new TLD’s, one that stands out as a potential security risk is.zip. The.zip TLD is concerning since it is also used as an extension of files commonly shared over the internet. With the inclusion of.zip as a domain, email clients and web platforms will now accept URLs disguised as filenames with.zip extensions.

On Wednesday, May 17, 2023, Cisco disclosed four critical remote code execution vulnerabilities affecting the web-based user interface of Cisco Small Business Series Switches. Cisco’s Product Security Incident Response Team (PSIRT) is aware of PoC exploit code being available for these vulnerabilities, however, they have not identified a publicly available PoC exploit.

Financial institutions experience a level of regulatory burden and security compliance requirements that few other industries must contend with. Since they’re a central target for attackers due to the money they move and the vast amounts of data they possess, they’ve become a central focus for regulators due to the danger to the global economy should one of them fall victim to a breach.

On Tuesday May 9th, 2023, CISA published a Joint Cybersecurity Advisory titled “Hunting Russian Intelligence ‘Snake’ Malware” which provided an in-depth analysis of the Russian Federal Security Services’ (FSB) Snake malware. Arctic Wolf Labs has analyzed the advisory and have summarized the content into key findings and takeaways for the security community.

In a security advisory published on May 9th, Microsoft disclosed the existence of a Local Privilege Escalation vulnerability in Sysmon (CVE-2023-29343). The vulnerability was discovered by an independent security researcher and was responsibly disclosed to Microsoft. Microsoft has released Sysmon version 14.16 to address this vulnerability.

Phishing emails are a tremendous threat and one of the most common vehicles cyber criminals use to trick employees and succeed in their attacks. Cybercriminals are on a mission to gain access to sensitive information, such as login credentials, business information, customer data, or financial data. Despite the best efforts by IT departments and security professionals to put the proper filters in place, cybercriminals still often find a way to get into employee inboxes with their phishing schemes.

Too many organizations fail to see advanced threats as they make their way into and through their systems. This is partially because organizations have too many tools feeding them more information than their staff can handle, and partially because those tools are siloed off and improperly managed, preventing comprehensive information and complete understanding of what’s happening within an organization’s IT infrastructure.