Cybersecurity Risks

This is yet another reason why you need a Secure AI solution if you're exploring anything AI related. Research has uncovered a vulnerability in Microsoft 365 Copilot that allowed hackers to access sensitive information without any user interaction. This “zero-click” flaw, dubbed EchoLeak, could have exposed confidential data from emails, spreadsheets, and chats with nothing more than a cleverly crafted email quietly read by the AI assistant. Executive Summary - Security researchers at Aim Security discovered that Microsoft 365 Copilot was susceptible to a novel form of attack: hackers could send an email containing hidden instructions, which Copilot would process automatically, leading to unauthorized access and sharing of internal data. No phishing links or malware were needed—just the AI’s own background scanning was enough to trigger the breach. - The vulnerability wasn’t just a minor bug; it revealed a fundamental design weakness in how AI agents handle trusted and untrusted data. This mirrors the early days of software security, when attackers first learned to hijack devices through overlooked flaws. Microsoft has since patched the issue and implemented additional safeguards, but the episode raises broader concerns about the security of all AI-powered agents. - The real risk isn’t limited to Copilot. Similar AI agents across the industry, from customer service bots to workflow assistants, could be vulnerable to the same kind of manipulation. The challenge lies in the unpredictable nature of AI and the vast attack surface that comes with integrating these agents into critical business processes. My Perspective As organizations race to harness the productivity gains of AI, this incident serves as a stark reminder: innovation must go hand-in-hand with robust security. The EchoLeak vulnerability highlights how AI’s ability to autonomously process instructions can become a double-edged sword—especially when the line between trusted and untrusted data is blurred. Until AI agents can reliably distinguish between legitimate commands and malicious prompts, every new integration is a potential risk. The Future Looking ahead, expect to see a surge in research and investment focused on fundamentally redesigning how AI agents interpret and act on information. For now, widespread adoption of autonomous AI agents in sensitive environments will remain cautious, as organizations grapple with these emerging threats. What You Should Think About If you’re deploying or experimenting with AI agents, now is the time to audit your systems, ask tough questions about how data and instructions are handled, and push vendors for transparency on security measures. Share your experiences or concerns: How are you balancing innovation with risk in your AI projects? What additional safeguards would you like to see? Let’s keep this conversation going and help shape a safer future for AI in the enterprise. Source: fortune

As cybersecurity professionals, we've long focused on building walls against external attackers. But what happens when the threat walks through our front door with legitimate credentials and a smile? The recent revelations about North Korean nation-state actors systematically infiltrating Fortune 500 companies as fake IT workers represent one of the most sophisticated insider threat campaigns we've ever witnessed. The numbers should terrify every CISO: "Literally every Fortune 500 company has at least dozens, if not hundreds, of applications for North Korean IT workers," according to Mandiant's CTO Charles Carmakal. Security leaders estimate that 7% of Fortune 2000 companies have already been infiltrated by North Korean operatives working as full-time employees with privileged access. This isn't a distant threat—it's already inside our networks. These aren't amateur hackers trying their luck. North Korean operatives are leveraging AI to craft convincing resumes, manipulate voice and video feeds during interviews, and even form shell companies posing as legitimate US contractors. One startup founder estimates that 95% of IT job applicants are North Korean operatives posing as American developers. The sophistication is breathtaking: they're not just stealing identities—they're manufacturing them wholesale. Australia isn't immune. The Australian Sanctions Office has identified "thousands of highly skilled IT workers" dispatched globally by North Korea, specifically targeting employers in wealthier countries including Australia. These operatives are active across multiple sectors—business, health, entertainment, and technology—making no industry safe from infiltration. While we focus on nation-state actors, the broader insider threat landscape reveals the true scope of this challenge. The average cost of insider threats has reached $17.4 million annually per organisation—up from $16.2 million in 2023. Even more alarming, 95% of all data breaches are caused by human error, and insider-driven events cost organisations an average of $13.9 million per incident. We're fighting yesterday's war with today's budgets. Companies spend $211,021 on containment for every insider incident but only $37,756 on monitoring. We're still building higher walls when the enemy is already inside, wearing our badge and accessing our most sensitive systems. The North Korean IT worker campaign represents the future of cyber warfare: patient, sophisticated, and leveraging our own hiring processes against us. It's time to acknowledge that insider risk isn't just about disgruntled employees—it's about nation-states weaponising our trust in remote work and global talent pools. What strategies is your organisation implementing to address the evolving insider threat landscape? #CyberSecurity #InsiderThreats #NorthKorea #RiskManagement #InfoSec #Australia

Just came back from a cybersecurity conference yesterday, and here’s what crossed my mind: The longer I work in #cybersecurity, the more I realize: Most attacks don’t start with the company’s firewall. They start with a person. An email. A click. 𝟵𝟭% 𝗼𝗳 𝗯𝗿𝗲𝗮𝗰𝗵𝗲𝘀 𝗯𝗲𝗴𝗶𝗻 𝘄𝗶𝘁𝗵 𝗮 𝗽𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗲𝗺𝗮𝗶𝗹. One click is all it takes. Even with filters and awareness training in place, people still click. I’ve seen folks at highly technical companies fall for phishing emails with fake Amazon logos. Why? Because it was Friday, 6:03 PM. They were tired, distracted, and ready to go home. We had a case just two weeks ago in which a company managing $2,000,000,000 didn't have adequate email security. The VP clicked on the malicious link, and the attackers were able to take over his email account. Our team was able to identify it and block this attack, but what if we were not? That’s the second gap.  Even if nobody clicks, your credentials might already be out there for sale. There are 𝟮𝟰 𝗯𝗶𝗹𝗹𝗶𝗼𝗻+ 𝗹𝗼𝗴𝗶𝗻𝘀 𝗮𝗻𝗱 𝗽𝗮𝘀𝘀𝘄𝗼𝗿𝗱𝘀 floating around the dark web. They get traded, sold, and reused. Most companies—especially #SMBs — have no idea they’ve been exposed until it’s too late. 𝟴𝟯% 𝗼𝗳 𝗯𝗿𝗲𝗮𝗰𝗵𝗲𝘀 involve stolen or weak credentials. 𝟮𝟬𝟰 𝗱𝗮𝘆𝘀 is the average time to detect a breach. That’s nearly 7 months of silence while attackers have a foothold. Here are the basics any cybersecurity team should do:   • Run phishing simulations that aren’t just checkbox exercises  • Deploy advanced email protection (not “we’re covered by Microsoft”)  • Monitor for unusual logins and outbound email activity.  • Enforce mandatory password resets after exposures.  • Use #MFA across all systems.  • Constantly monitor the #darkweb If you’re not doing this yet, start simple: → 2-week 𝗳𝗿𝗲𝗲 𝗘𝗺𝗮𝗶𝗹 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗣𝗢𝗖 from Cyberwall – see what’s actually slipping past your filters → 𝗙𝗿𝗲𝗲 𝗗𝗮𝗿𝗸 𝗪𝗲𝗯 𝗠𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴 𝗰𝗵𝗲𝗰𝗸 – see if your data is already exposed and in use Bonus: Add a 𝗳𝘂𝗹𝗹 𝗡𝗜𝗦𝗧 𝗖𝘆𝗯𝗲𝗿 𝗥𝗶𝘀𝗸 𝗔𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 𝗳𝗼𝗿 $𝟱𝟬𝟬 — a clear, no-fluff snapshot of your cybersecurity posture based on the most common standard. Message me, and I’ll show you how to get it up and running fast without the headache.

Euractiv [excerpt]: #China poses a fundamental threat to Euro-Atlantic civilisation and is using various channels, including #LinkedIn, to establish contacts and gain #influence and know-how, the Czech Security Information Service (BIS) has warned. In the latest BIS report, the Czech intelligence service found that China targets academics in the country. Through LinkedIn, Chinese intelligence services use “cover profiles of employees from fictitious consulting or headhunting companies, most commonly based in Singapore or Hong Kong,” to approach Czech #academics, the report warns. The academics are offered financial incentives in exchange for reports and research that align with China’s political interests. What starts as a seemingly legitimate professional opportunity often leads to deeper involvement and the sharing of sensitive, non-public information, the report adds. “These studies generally serve as a preliminary step towards further cooperation, involving the provision of specific information,” the BIS report also warned. Once initial contact has been established, Chinese operatives often invite academics on all-expenses-paid trips to China. These visits are used to cement relationships and create a sense of commitment to Chinese interests. In addition to warning about China’s efforts on LinkedIn, the BIS report also points to China’s broader long-term geopolitical goal of positioning “itself as the most important economic superpower and creating an effective counterbalance to the G7 countries.” By infiltrating academic and professional circles, China is not only seeking direct information but also working to undermine the principles of democracy and free markets that are central to Euro-Atlantic civilisation, the report adds. The intelligence agency also raised the alarm about the risks of foreign smart devices, such as smartphones, smartwatches and electric vehicles, being used to misuse personal data. These devices, the BIS warns, could be vulnerable to data collection that could then be exploited by state actors. The Czech agency does not explicitly mention Chinese smart devices but warns against products from countries “whose political regimes and legislation increase the possibility of data misuse by state power”. #news #Europe #CzechRepublic

Let’s face it—despite next-gen firewalls and endpoint protection, most breaches still start the old-fashioned way: through email and web browsers. Why? Because they’re the tools we use every day, and that makes them the easiest to exploit. The Problem ✔ Email is a hacker’s best friend—phishing, BEC scams, and weaponized attachments keep evolving. Even with filters, one cleverly disguised email can bypass defenses and trick even savvy users. ✔ Browsers are the wild west—malicious ads, drive-by downloads, and rogue extensions turn routine web browsing into a minefield. And with SaaS apps everywhere, employees are constantly logging into new (and sometimes risky) sites. Basic spam filters and antivirus won’t cut it anymore. Attackers use AI-generated messages, zero-day exploits, and social engineering to slip past traditional defenses. What Actually Works ✅ AI-powered email filtering that detects subtle phishing cues (not just obvious spam). ✅ Browser isolation or strict extension controls to stop malicious code before it executes. ✅ Zero Trust policies—because assuming "trusted" users or devices is a recipe for disaster. ✅ Ongoing security training—because human error is still the weakest link. The Bottom Line If your security strategy isn’t obsessed with locking down email and browsers, you’re leaving the front door wide open. #CyberSecurity #EmailSecurity #BrowserSecurity #ZeroTrust #Phishing

The FBI Internet Crime Complaint Center released a PSA this week identifying nearly $55B in exposed losses due to #BEC—up from $50B in 2023, $43B in 2022, and more than double the estimated $26B that the FBI announced in 2019. Despite years of ongoing awareness campaigns and companies investing heavily in email security technology, BEC attacks are continuing to rise year over year and it’s because they’re becoming increasingly advanced. There’s been a shift away from classic phishing attacks—characterized by misspellings, poor grammar, and irrelevant context—to attacks that closely mimic legitimate communications. Generative AI tools like ChatGPT have catalyzed the social engineering threat, giving criminals a tool to scale their BEC attacks in both volume and sophistication, ultimately improving their attacks’ success rates. Until organizations find a radically different approach to detect these advanced social engineering attacks, I expect that BEC losses will continue to tick upwards. Unfortunately, as cybercriminals see less success with one tactic, they will switch to another. Security leaders should continue to focus on protecting their organizations from this threat, while also working with vendors and partners that are stopping the threats of tomorrow. https://bit.ly/3XrsENm

The Hidden Dangers of Email: Exposed Systems and Privacy Risk. Emails are the backbone of digital communication, facilitating everything from password resets to financial transactions. With trillions sent daily, they contain a wealth of Personally Identifiable Information (PII) that, when exposed, becomes a goldmine for cybercriminals. While some providers claim to offer "Privacy by Default," the reality is far more concerning. Threat Intelligence findings shared with Proton since 2023—one of the most well-known privacy-focused email providers—uncovered critical security exposed positions, including misconfigured subdomains, insecure IPv4 addresses, and fundamental PKI errors. Despite independent validation by top cybersecurity professionals, Proton's response was dismissive, even hostile. This exposure mirrors historical issues with Swiss encryption firms Omnisec AG and Crypto AG, whose security claims were later discredited. Such vulnerabilities provide fertile ground for phishing attacks, data breaches, and large-scale fraud. Cybercriminals exploit these weaknesses, leading to identity theft, financial loss, and national security threats. If even "secure" providers harbor exposed and exploitable positions, then the entire email ecosystem remains fundamentally flawed. Users must demand transparency and accountability, prioritizing true end-to-end security over marketing claims. Until providers address these systemic failures, email privacy remains an illusion, leaving billions at risk. Cybersec Innovation Partners

Work starts in the browser. Does your security? Think about it. Email. Customer data. Payroll. Source code. Financial dashboards. Even generative AI prompts. For most organizations, the browser has quietly become the primary workspace—where business really gets done. But many security strategies still focus on network controls, endpoint agents, and MFA, while losing visibility into what happens inside the browser session itself. That’s exactly the gap attackers exploit. Phishing kits today steal session cookies to bypass MFA entirely. Shadow SaaS adoption flourishes without oversight. Employees paste sensitive customer data into AI tools without triggering any DLP policies. Data exfiltrates via copy/paste or downloads that standard controls can't see. These aren’t hypothetical problems. Contractors often keep SaaS sessions active on personal devices even after offboarding. Attackers buy stolen session tokens on the dark web to access your business-critical apps undetected. Forward-thinking security teams are closing this blind spot by treating the browser as a first-class endpoint. They're enforcing session monitoring, copy/paste and download restrictions, browser isolation for risky content, and integrated DLP policies that work inside SaaS apps. Because if work starts in the browser, your security strategy needs to start there too. How is your organization approaching this challenge? Let’s discuss.

[Update] #Urgent #Security #Updates for #Microsoft #Outlook and #Exchange Server; used in tandem ... this is a problem 👾 Two critical security #vulnerabilities have been recently identified and are actively being exploited in Microsoft Outlook and Exchange Server. 1. #Vulnerability in Microsoft Outlook: #MonikerLink Bug (CVE-2024-21413) A significant security flaw known as the #MonikerLink bug has been discovered in Microsoft Outlook. This vulnerability exploits a specific way Outlook processes hyperlinks, potentially leading to the leakage of local NTLM login credentials and the execution of arbitrary code on the victim's system. Microsoft has released a critical security update (CVE-2024-21413) with a CVSS score of 9.8. 2. Vulnerability in Microsoft Exchange Server: CVE-2024-21410 A critical security error, CVE-2024-21410, actively exploited in Microsoft Exchange Server, involves privilege escalation within the Exchange Server, allowing attackers to leak NTLM data from an Outlook client and use it for example against the Exchange server. Microsoft has released a critical security update. 3. Combined Risk of Outlook and Exchange Vulnerabilities: The unique risk posed by these vulnerabilities lies in their potential to be exploited in tandem by attackers. First exploiting the Outlook vulnerability to obtain NTLM authentication information, and then leveraging the Exchange vulnerability, attackers can cause significant harm. Research by #CheckPoint has demonstrated how this attack can be relatively #easily #executed in Outlook, highlighting the need for #rapid #patch #application. For more details, see their research blog: https://lnkd.in/eDFXtHTz Additional Security Recommendations: Block SMB Egress Traffic: Blocking SMB egress traffic (port 445/tcp) across all network perimeters, including traffic flows from internal/trusted networks to the internet, is crucial. This also applies to virtual servers and cloud environments such as Azure. For the latest security advisories and updates, visit NCSC Advisories (https://lnkd.in/egvi498X). #infosec