QuoIntelligence’s Weekly Intelligence Snapshot for the week of 7 – 13 December 2023 is now available! Find a summary here and subscribe to our mailing list below if you want to receive regular updates from us!
Want to read the full story? Subscribe to our newsletter to access the complete Weekly Intelligence Snapshot. Don’t miss out on more intelligence!
Cyber Highlights
Incident
Operation Blacksmith: Lazarus Targets Organizations Worldwide Using Telegram-based Malware
Industries impacted: Communication Services, Consumer Staples, Government, Health Care, Industrials
Lazarus group still leverages CVE-2021-44228, also known as Log4Shell, conducting reconnaissance on vulnerable VMWare servers and deploying Telegram-based remote access trojan on infected devices.
Vulnerability
Patch Tuesday: Microsoft Patches 34 Flaws, Four Critical and One Zero Day; Various Vendors Patch Actively Exploited and Critical Flaws
Microsoft released its monthly Patch Tuesday security updates, which includes fixes for 34 vulnerabilities, four of which are rated critical, including one zero day vulnerability. Microsoft is not aware of public exploitation of these vulnerabilities.
Rollups
Industries impacted: Communication Services, Energy, Government
- NCSC Reports About Ongoing Spear-Phishing Campaign By Russian APT Star Blizzard
- Researchers Uncovered An Active Directory DNS Spoofing Exploit
- Operational Overlaps Between Sandman and Storm-0866 Highlight the Complex Nature of the China-Based Threat Landscape
- TA4557 Targets Recruiters by Applying to Open Job Listings
- APT28 Uses Israel-Hamas War Lures to Deliver the Headlace Backdoor to Worldwide Targets
- WordPress Backup Migration Plugin Flaw Exposes 90,000 Websites to Remote Code Execution
Geopolitical Highlights
New Climate Change Legislation To Increase Compliance and Reputational Risks For Companies
As regulatory and civil society scrutiny increases over climate change commitments, compliance and reputational risks for businesses are also growing. QuoIntelligence outlines the key elements of the EU corporate sustainability due diligence directive.
Rollups
Industry impacted: Information Technology
- EU Parliament and Council Reach Political Agreement on Artificial Intelligence Act
- The Netherlands And South Korea To Form a Semiconductor Alliance
- US House of Representatives’ Committee Calls for Stress-Testing
- US Banks for Potential Loss of Market Access to China US and UK Antitrust Authorities Are Conducting Preliminary Inquiries on Microsoft’s OpenAI Investment
Vulnerability Alerts
(The following alert has been pushed to Premium customers via Mercury)
- 12 December – Patch Tuesday: Microsoft Patches 34 Flaws, Four Critical and One Zero Day; Various Vendors Patch Actively Exploited and Critical Flaws
Latest blogs
- 11 December – Fake Handelsregister Invoices: 5 Telltale Signs to Avoid The Scam (Link zur deutschen Version hier)
A new scam is successfully targeting companies that recently updated their information in the Handelsregister. Although convincing, these fake ‘Register Court’ invoices have telltale signs you can spot to avoid becoming a victim.
Interested in becoming a premium customer? Let’s talk
