UK ransomware trends, OAuth misuse, an update on push notifications

December 14, 2023
1 min read

The UK Parliament’s Joint Committee on the National Security Strategy has issued a worrying report on the state of ransomware in the country. It criticized the government’s failure to tackle the issue, suggesting this lack of action puts the nation at risk of a catastrophic ransomware attack. The report calls for a change of responsibility from the Home Office to the Cabinet Office and National Cyber Security Centre, and advocates for increased funding to the latter to better assist entities under attack.

Microsoft’s Threat Intelligence team reported a rise in threat actors utilizing OAuth applications to automate attacks, with accounts that lack multifactor-authentication frequently targeted. The company recommends enabling MFA to make initial compromise more difficult.

Apple has updated its policy pertaining to the disclosure of push notification records to law enforcement, now requiring a judge’s order. This places Apple on par with Google’s existing requirement for judicial approval for such records.

Google’s next-gen LLMs, Gemini, will soon be deployed to enterprises. This move features the launch of Gemini Pro for enterprises, offering a free opportunity for existing cloud customers to build apps on top of the model. A public release of the more powerful Gemini Ultra model is slated for next year.

A new coalition named the ‘Coalition for Open Digital Ecosystems’ was formed by various tech companies to manage the implementation of current and upcoming EU regulatory frameworks via open platforms. The founding members comprise Google, Meta, Qualcomm, Lenovo, Honor, Motorola, Nothing, and Opera.

Ukraine’s defense intelligence directorate claimed to have disrupted Russia’s state tax service infrastructure, compromising and corrupting databases and backups. There has been no confirmation of these attacks from the Russian tax authority or state media.

Lastly, threat actors have reportedly begun using public proof-of-concept code to exploit a recently-patched vulnerability in the Apache Struts web app framework. The small number of impacted IP addresses suggests the Struts remains widely used.

Latest from Blog

Trust is the secret sauce for cybersecurity success

TLDR: Key Points: Trust between CISOs and top executives is crucial for justifying cybersecurity investments. Five key questions CISOs must ask themselves about their cybersecurity strategy include budget justification, risk reporting, celebrating

Expert opinion on cyber security is a must have

TLDR: Key points from the article: Study shows link between lack of sleep and increased risk of Alzheimer’s disease. Researchers found that poor sleep quality was associated with higher levels of brain