Security

Are SOC 2 Reports Sufficient for Vendor Risk Management?

by

July 5, 2024 at 10:21AM Businesses heavily rely on third-party vendors for various services, but this dependence introduces security vulnerabilities. Cybercriminals exploit weaknesses in vendors to target organizations, making robust vendor risk management crucial. While SOC 2 reports are useful, they have limitations. Organizations should supplement them with security questionnaires, testing, contractual agreements, and ongoing … Read more

Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks

by

July 5, 2024 at 09:07AM A webinar on Identity Threat Detection and Response (ITDR) will provide insider knowledge on modern cybersecurity threats and protection. Led by Silverfort’s VP of Product Marketing, Yiftach Keshet, the session will cover hidden security vulnerabilities, top features of ITDR solutions, real-world scenarios, and future identity security trends. Register now before … Read more

OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers

by

July 5, 2024 at 09:07AM OVHcloud recently thwarted a record-breaking DDoS attack, reaching a packet rate of 840 million packets per second. The attack utilized a TCP ACK flood from 5,000 source IPs and a DNS reflection attack from 15,000 DNS servers. Such attacks, including those leveraging compromised MikroTik routers, are becoming more frequent and … Read more

Euro 2024 Becomes Latest Sporting Event to Attract Cyberattacks

by

July 5, 2024 at 09:07AM Cybercriminal activity has increased around the Euro 2024 football tournament, with over 15,000 UEFA credentials exposed on underground forums. Threat intelligence firm Cyberint warns of potential risks for fans and their employers due to stolen corporate credentials. The tournament has already been targeted by DDoS attacks and is expected to … Read more

Latest Ghostscript vulnerability haunts experts as the next big breach enabler

by

July 5, 2024 at 08:41AM Infosec experts are discussing a vulnerability in Ghostscript, which may lead to significant breaches. The format string bug, designated as CVE-2024-29510, allows remote code execution (RCE) on systems running Ghostscript. It poses a serious threat to web applications and services utilizing Ghostscript for document conversion and preview functionality. The severity … Read more

A CISO’s Guide to Avoiding Jail After a Breach

by

July 5, 2024 at 08:35AM While serving on the Commission on Enhancing National Cybersecurity, Joe Sullivan, a former Uber CSO, faced legal challenges for mishandling a data breach. The government’s effort to enforce good corporate behavior has led to an increase in legal actions against security leaders. To avoid trouble, it’s recommended that security leaders … Read more

How Intelligence Sharing Can Help Keep Major Worldwide Sporting Events on Track

by

July 5, 2024 at 07:52AM Major worldwide sporting events like Olympics and the FIFA World Cup attract global interest, but also face cybersecurity threats. The 2024 Paris Olympic Games are expected to have 4 billion viewers. Such events have been targeted by cybercriminals in the past, making robust cybersecurity strategies and threat intelligence sharing essential … Read more

In Other News: Microsoft Details ICS Flaws, Smart Grill Hacking, Predator Spyware Activity

by

July 5, 2024 at 07:52AM This week’s cybersecurity news roundup includes an Australian man charged for creating ‘evil twin’ Wi-Fi networks, dozens of vulnerabilities found in Sharp and Toshiba printers, a data breach at the Egyptian Health Department, and hacking of smart grills. Also covered are a Pakistan-linked Android spyware targeting gamers and weapons enthusiasts, … Read more

OVHcloud Sees Record 840 Mpps DDoS Attack

by

July 5, 2024 at 07:52AM OVHcloud announced its mitigation of the largest ever packet rate DDoS attack, reaching 840 Mpps, revealing a surge in such attacks with over 100 Mpps. The attacks aim to disrupt infrastructure leading to an increase in bandwidth and resources. The company attributes the attacks to the misuse of MikroTik routers … Read more

Blueprint for Success: Implementing a CTEM Operation

by

July 5, 2024 at 07:43AM The evolving attack surface poses a significant challenge to business security. Gartner introduced Continuous Threat Exposure Management (CTEM) as a solution, predicting 3 times less breaches for organizations that prioritize it. CTEM offers a comprehensive view of the attack surface, emphasizes vulnerability management and validation, and urges organizations to adapt … Read more