Cyber Weekly Digest #33

👋 Welcome to the 33rd edition Cyber Weekly Digest of 2025

The UK's National Cyber Security Centre (NCSC) has released the most significant update to its Cyber Assessment Framework since its inception, with CAF 4.0 launching on August 6, 2025.

This enhanced framework represents a critical evolution in how UK businesses must approach cybersecurity, particularly those operating essential services and critical national infrastructure.

The timing is particularly crucial as cyber attackers increasingly exploit remote connections and supply chain vulnerabilities, necessitating a more robust defensive posture across Britain's critical sectors.

🔗 Read our full blog on CAF 4.0 here

This week we say HAPPY 1 YEAR CV ANNIVERSARY to our favourite CSM Danielle Lang . We 🧡 you Langgers!!

Some members of Team CV also enjoyed the cricket yesterday, thanks to Ignition Technology for hosting!

Right then, this thing is bigger than J Kav's breakfast so let's crack on... 

⭐️ Vendor of the Week ⭐️

Ever wish app security was less “slow motion disaster” and more “proactive power-up”? Us too. That’s why we’ve teamed up with Contrast Security and honestly - game changer.

Here’s the deal: software risks don’t wait for your compliance cycle. Your code is under fire 24/7, and static scans just can’t keep up. Contrast flips the script with real-time vulnerability detection, right where your apps live and breathe. No waiting. No guesswork. Just instant alerts the second a problem arises.

And let’s talk about your devs... They’re the heroes behind the build, and Contrast actually helps them - clear, actionable guidance baked right in. No “security says block everything!” drama, just smart tools that make fixing bugs as smooth as pushing a new feature.

Compliance? Sorted. Productivity? Untouched. Software? Streamlined, secure - and still moving at 90MPH.

Because in 2025, safe apps can’t be a box-tick. They’ve got to be built in, continuous and friendly enough for every coder in the room.

🤙🏼 Want to find out more? Contact us for a demo

New and noteworthy from our Tech Community this week:

🔥 Microsoft doesn’t back up your tenants... but CoreView do

Critical tenant settings aren’t protected by Microsoft’s native capabilities. If something breaks or is tampered with, you can recover your data… but you’ll have nowhere to put it.

🔗 Watch this short video to see the GIANT gap in your backup strategy.

🔥 Non-human identities (NHIs) such as service accounts can't be protected like human users, yet traditional identity security solutions are designed to be human-centric.

Here's a few reasons why they're different:

🤳 NHIs can't use MFA like people

🔎 They're typically not subjected to the same level of scrutiny as human users, with formalised onboarding and off boarding procedures

📉 Their baseline behaviour is meant to be predictable and unchanging

As explained in the bar graph above, a majority of organisations have either low or medium confidence in their ability to prevent service account abuse in real time. With NHIs outnumbering human users by 50 to 1, these identities must be folded into your overall identity security strategy.

A strategic approach to securing NHIs involves the IDEAL Framework:  

𝗜ntegrate with all IdPs

𝗗iscover and classify all NHIs

𝗘nforce security controls

𝗔nalyse and act on all NHI activity

𝗟ightweight deployment and maintenance

🔗 Get the specifics of the IDEAL Framework for NHI Security in Silverfort 's research report  

🔥 Traditional, hours-based incident response retainers often fall short when you need help most. But now there is a better way

Arctic Wolf Incident360 Retainer delivers the right expertise at the right moment, when seconds count.

🔗 Watch the full on-demand webinar here

🔥 Scattered Spider isn’t just a threat actor - it’s a crisis response wake-up call for leadership

Since 2022, Scattered Spider has hit organisations like M&S, Co-op, MGM Resorts, and Caesars - not as a lone hacker, but as a franchise of social engineers, access brokers, and affiliates.

The result? Weeks of disruption, fragmented recovery, and leadership under pressure to balance legal, operational, and public scrutiny.

Is it time to rethink your organisation's crisis readiness? Prove and Improve vital cyber skills against this threat with new Immersive labs and exercises.

🔗 Learn more here

🔥 KnowBe4 Defend + Microsoft Defender for Office 365 integration is officially LIVE!

KnowBe4 Defend now automatically quarantines threats directly into your existing Microsoft workflow. That means no platform switching, no context loss, and no delays - just seamless protection.

What's in it for you?

✅ One unified quarantine console

✅ Faster threat response times

✅ Defence-in-depth without operational overhead

🔗 Read how KnowBe4 are simplifying multi-vendor security here  

🔥 Cyber Threats Level Up

CrowdStrike 's 2025 Threat Report reveals the next evolution in attacks: adversaries are mastering AI at scale.

They're not just building better malware - they're targeting the AI systems running modern enterprises.

🔗 Get the full insights from the report here  

🔥 Stop what you're doing and register for this webinar!

Did you know cloud clutter could open doors for massive data leaks and breaches? Join Skyhigh Security on 2nd September as they explore:

🔍 How to detect and prevent cloud risks

🔒 Best practices for secure cloud management

♟️ How to stay ahead of evolving threats

At the end, you'll know how to transform your organisation's data security posture from reactive to proactive, ensuring sensitive information is protected and managed effectively.

🔗 Register here  

🔥 Cyber security leaders know: threats don’t respect contractual boundaries.

‼️ While third-party risk gets most of the attention, fourth-party dependencies – the organisations your vendors depend on – are increasingly where attackers find the weakest link.

Building on our existing network mapping and visualisation capabilities, Risk Ledger 's new Fourth Parties tool specifically takes fourth-party mapping to the next level, for a much faster, deeper supply chain analysis.

Want to know why fourth-party risk deserves a place in your TPRM strategy? Risk Ledger's latest article explores why fourth parties are a critical blind spot in supply chain security, and what you can do about it.

🔗 Learn more about why - here  

🔥 Insurance TPRM – Broken Models, New Pressures

Third- and fourth-party risk is no longer just their problem - regulators are calling it your risk.

For insurers, this shift brings new challenges:

⚠️ Hidden aggregation bubbles across portfolios

⚠️ Limited visibility into sprawling global supply chains

⚠️ Certifications and tick-box compliance that don’t equal resilience

On 3 September at 11:00 AM BST, they’re opening our Summer Supply Chain Risk Sessions with a panel that cuts through the noise:

👤 Ben Francis – Insurance Lead, Risk Ledger (Moderator)

👤 Jay Vinda – Global CISO & Cyber Risk Engineering Lead, Mosaic Insurance

👤 Lucy Barker-Hahlo – VP, Cyber Underwriter & Cyber Team Lead, Mosaic Insurance

👤 Andrea Garcia Beltran – Partner & Head of Cyber Media & Tech Europe, Nirvana

Join Risk Ledger as they unpack why current TPRM is “broken” and what insurers, CISOs, and underwriters can do differently.

🔗 Register here  

🔥 Insider threats are one of the toughest challenges security teams face – not just because of alert fatigue, but because by the time you know you have a problem, it’s often already too late.

Security teams report taking a layered approach when it comes to insider threat indicators, monitoring for both technical and behavioural signals including:

⚠️ Strange login behaviour

⚠️ Excessive data downloads

⚠️ Behavioural changes

⚠️ Unauthorised access attempts

While some organisations watch for background check issues or financial stress as early red flags, these are usually just supporting clues – not proof of a threat.

Ultimately, detecting intent (malicious or unwitting) is much more an interpretive art than a precise science.

🔗 Read more from your peers about the biggest obstacles to their insider threat defence programs in SpyCloud 's recent Insider Threat Pulse Report  

🔥 How is agentic AI technology changing the security testing landscape?

Synack CTO and co-founder Mark Kuhr, Ph.D. joined Juniper Networks CIO Sharon Mandell and WE’RE IN! podcast host Blake Thompson Heuer last week to lay out the case for greater human+AI collaboration in cyber defence.

AI agents bring speed and scale, while human experts bring creativity and finesse. Both sides are needed to shrink the time it takes for organisations to remediate vulnerabilities before they’re exploited by AI-enabled adversaries.

🔗 Check out the full webinar, which also includes a demo of Synack’s new Sara agentic AI capabilities, here or listen to the podcast version here  

🔥 Your Agentic AI system might be leaking secrets, and you'd never know

SPLX submitted a simple, banal-looking prompt.

The agents accepted it. Planned it. Executed it …

…and quietly exfiltrated data from a .env file. No warnings, no alerts.

Why?

- Shared memory, no isolation

- Implicit trust between agents

- Unvalidated messages treated as commands

🔗 They call this a chained exploit and most agentic systems are wide open to it. Read Part 1 of their breakdown how they did it, and how you can stop it.

🔥 CISO Confessions Series

"I treat patchless protection like good tahini: it binds the dish until the rest of the ingredients are ready." 🥙

🔗 Enjoy the next instalment in the Vicarius CISO Confessions series  

🔥 Before any build, you review the plans.

👀 Before any attack, cybercriminals look for gaps.

Device hardening closes those gaps and strengthens your entire environment, all without halting operations.

🔗 Ready to reinforce your defences? Read Remedio (formerly GYTPOL) 's blog post to learn how.  

Now, let's take a look at our top Cyber Security News picks of the week

1. DaVita Says Ransomware Gang Stole Data of Nearly 2.7 Million People

Kidney dialysis firm DaVita has confirmed that a ransomware gang that breached its network stole the personal and health information of nearly 2.7 million individuals.

DaVita serves over 265,400 patients across 3,113 outpatient dialysis centers, 2,660 in the United States, and 453 centers in 13 other countries worldwide. The company reported revenues of over $12 billion in 2024 and of $3.3 billion for the second quarter of 2025.

In April, the healthcare provider revealed in a filing with the U.S. Securities and Exchange Commission (SEC) that its operations were disrupted after attackers partially encrypted its network over the weekend.

2. FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as a means to establish persistent access to target networks.

Cisco Talos, which disclosed details of the activity, said the attacks single out organizations in telecommunications, higher education and manufacturing sectors across North America, Asia, Africa and Europe. Prospective victims are chosen based on their "strategic interest" to Russia, it added, with recent efforts directed against Ukraine and its allies following the onset of the Russo-Ukrainian war in 2022.

The vulnerability in question is CVE-2018-0171 (CVSS score: 9.8), a critical flaw in the Smart Install feature of Cisco IOS Software and Cisco IOS XE software that could allow an unauthenticated, remote attacker to trigger a denial-of-service (DoS) condition or execute arbitrary code.

3. Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft

A 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in the U.S. in connection with a series of major hacks and cryptocurrency thefts.

Noah Michael Urban pleaded guilty to charges related to wire fraud and aggravated identity theft back in April 2025. News of Urban's sentencing was reported by Bloomberg and Jacksonville news outlet News4JAX.

In addition, 120 months in federal prison, Urban faces an additional three years of supervised release and has been ordered to pay $13 million in restitution to victims. In a statement shared with security journalist Brian Krebs, Urban called the sentence unjust.

4. Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3.

Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA pages as lures to trick users into providing initial access to their systems, which is then monetized by other threat groups.

"The initial infection vector, dubbed ClickFix, involves luring users on compromised websites to copy a malicious PowerShell script and execute it via the Windows Run dialog box," Google said in a report published today.

5. Ex-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch Malware

A 55-year-old Chinese national has been sentenced to four years in prison and three years of supervised release for sabotaging his former employer's network with custom malware and deploying a kill switch that locked out employees when his account was disabled.

Davis Lu, 55, of Houston, Texas, was convicted of causing intentional damage to protected computers in March 2025. He was arrested and charged in April 2021 for abusing his position as a software developer to execute malicious code on his employer's computer servers.

"The defendant breached his employer's trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company," said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department's Criminal Division.

That's it for this weeks tasty morsels...

Go forth and enjoy thy Bank Holiday weekend

Much 🧡 Stay Safe

The CV Team

Security for an intelligent future...