Sunday, June 22, 2025

Agentforce London: Salesforce Reports 78% of UK Companies Embrace Agentic AI

WhatsApp Aims to Collaborate with Apple on Legal Challenge Against Home Office Encryption Directives

AI and the Creative Industries: A Misguided Decision by the UK Government

CityFibre Expands Business Ethernet Access Threefold

Fusion and AI: The Role of Private Sector Technology in Advancing ITER

Strengthening Retail: Strategies for UK Brands to Combat Cyber Breaches

Apple Encryption Debate: Should Law Enforcement Use Technical Capability Notices?

Sweden Receives Assistance in Strengthening Its Sovereign AI Capabilities

MPs to Explore Possibility of Government Digital Identity Program

NCSC Releases New Alert Regarding Surge in Cozy Bear Activities

Today, the UK’s National Cyber Security Centre (NCSC), along with the NSA and FBI, issued a stark warning about ongoing cyber threats from groups tied to the Russian government. They are highlighting how these actors exploit vulnerabilities on a large scale.

The latest alert focuses on the risk posed by Moscow’s Foreign Intelligence Service, the SVR. They’re urging organizations to act fast, applying patches and software updates as soon as they can. The SVR is believed to direct a group known as APT29, or Cozy Bear. This group has made headlines for major incidents like the SolarWinds breach and the 2016 attack on the U.S. Democratic National Committee.

Paul Chichester, the NCSC operations director, pointed out that Russian cyber actors are skilled at infiltrating unpatched systems across various sectors. Once they gain access, they exploit that entry to further their goals.

The advisory outlines Cozy Bear’s recent tactics, especially their focus on government entities, think tanks, tech firms, and financial institutions. They’re adept at scanning internet-facing systemslooking for unpatched vulnerabilities, ready to capitalize on them. This means any organization, not just those in high-stakes sectors, could find themselves exposed. Cozy Bear can use compromised systems to host malicious activities, launch follow-up operations, or move into other networks.

The notorious Sunburst incident showed how SolarWinds inadvertently gave Cozy Bear a gateway into U.S. government networks. The advisory details Cozy Bear’s tendency to exploit publicly known vulnerabilities in various products, many of which have been known for over five years and are now patched. Still, these holes can facilitate a range of attacks.

Notably, two vulnerabilities have caught attention recently: CVE-2022-27924 and CVE-2023-42793. The first is a command injection flaw in Zimbra, allowing attackers to inject commands into targeted systems without needing user interaction. Cozy Bear has exploited this vulnerability across hundreds of domains, gaining access to user accounts and emails without alerting the victims.

The second, linked to JetBrains TeamCity, involves a flaw that allows authentication bypass through improper handling of certain paths, paving the way for additional attacks. Given Cozy Bear’s established tactics and past targets, they’re likely to explore other vulnerabilities for access, remote code execution, and escalating privileges.