QuoIntelligence’s Weekly Intelligence Snapshot for the week of 5 – 11 Jan is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!
Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!
Cyber Highlights
Current threats
Microsoft January Patch Tuesday Addresses 98 Flaws, Including An Actively Exploited Zero-Day
Microsoft released its monthly Patch Tuesday security update, which includes fixes for 98 flaws, one of which is an actively exploited zero day, and 11 more are critical severity. Impacted products include Microsoft Windows, Microsoft Office, Microsoft Exchange Server, and Microsoft SharePoint. Other vendors who have also released important security updates this Patch Tuesday include SAP and Adobe.
Dark Pink: Targeted Campaigns Lead To High Profile Infections
Industry impacted: Government
Group-IB released a detailed description of a newly discovered APT group called Dark Pink targeting government and military entities in Southeast Asia and Europe. QuoIntelligence discovered parts of this activity in late December and analyzed the infection chain, assessing that it was indeed involving custom tools used by a previously unknown APT group. QuoIntelligence also discovered further infection stages and is currently investigating further details on the threat actor’s attribution and motivation, which were not provided in the Group-IB report.
Rollups
Industries impacted: Communication Services, Industrials
- New Backdoor Malware Variant of a CIA Project, Distributed Through Vulnerability Exploitation
- ChatGPT Confirmed to Be Leveraged to Write Malicious Code
- Infostealer Phishing Campaign Targets Italian Victims
- SCATTERED SPIDER: Bypassing EDR With Bring-Your-Own-Driver Tactic
Geo Highlights
EU Digital Operational Resilience Act: Implications of Stricter Requirements for Financial Institutions
Industries impacted: Financials, Information Technology
Given DORA’s newly binding nature, QuoIntelligence expects scrutiny over financial organizations to increase. Since DORA will come into effect in 2 years, QuoIntelligence analyzes its impact on financial organizations and how they can prepare for compliance by late 2024.
Rollups
Industries impacted: Communication Services, Government, Information Technology
- The US and Japan Expand Security Cooperation In Joint Effort to Counter China
- US Proposes to Make Telecom Companies Report on Data Breaches Faster
- EU Sets Objectives To Reach EU 2030 Digital Decade Targets As Programme Enters Into Force
- The World Economic Forum Identifies Cyber Crime and Cyber Insecurity As Severe Risks For the Next Decade
Community Area
Outlook
- 16 to 20 January – World Economic Forum Annual Meeting
2022 — An Incredible Year!
QuoIntelligence experienced a positive and eventful 2022, not forgetting we could not have achieved any of it without the loyal support of our wonderful customers. Read the highlights in our blog, or watch this short video: