January 19, 2024 at 07:49PM The Ivanti Zero-Day vulnerability poses significant real-world impacts, with the need for immediate action to mitigate its effects. The broader concern lies in the pervasive vulnerability of VPNs. An alternative approach, such as Trend Micro™ Zero Trust Secure Access, offers a promising solution to prevent vulnerabilities from escalating into major … Read more
January 19, 2024 at 05:24PM In 2024, CISOs are facing increased personal and legal responsibility for data breaches, particularly due to new SEC regulations. To protect themselves, they should create a system record, define “materiality,” speak to the board in financial terms, participate in cyber insurance negotiations, and monitor emerging privacy threats. Managing third-party risks … Read more
January 19, 2024 at 06:54AM The US government released new guidance for the water and wastewater sector to improve cyber resilience and incident response capabilities. The document, developed by CISA, the FBI, and the EPA, outlines federal roles and resources, encourages incident reporting, and emphasizes interaction with local cyber communities. It aims to mitigate escalating … Read more
January 18, 2024 at 09:12AM The US Department of Energy (DoE) plans to invest $30 million in innovative cybersecurity tools to secure clean energy infrastructure from cyber threats. The funding, part of the Biden-Harris administration’s efforts, will support projects focused on identifying and mitigating threats to energy infrastructure, including cloud and renewable energy devices. Additional … Read more
January 18, 2024 at 08:03AM Multi-factor authentication (MFA) is increasingly used by organizations to bolster security, as traditional password-only systems are vulnerable to cyberattacks. However, MFA spamming, a tactic where attackers inundate users with verification requests, poses a threat. Mitigation strategies include strong password policies, end-user training, rate limiting, and monitoring systems. Strengthening security measures … Read more
January 17, 2024 at 12:52PM TAG.Global now mandates all employees to take a cybersecurity fluency assessment to enhance awareness and responsibility for information security. The test, covering various security subjects, aims to build a strong cybersecurity culture. Tawfiq Talhouni plans to extend the program outside the company, contributing to cybersecurity awareness in the Middle East. … Read more
January 17, 2024 at 06:39AM The upcoming webinar, “The Art of Privilege Escalation – How Hackers Become Admins,” presented by Joseph Carson, aims to equip IT security experts with the knowledge, tools, and strategies to counter cyber threats. Attendees will delve into the mind of cyber attackers, learn to detect privilege escalation attempts, and develop … Read more
January 16, 2024 at 10:09AM Ransomware poses a significant challenge for businesses, with debates on the best response. While a US-led coalition to reject ransom payments is symbolic, it ignores practical aspects and lacks a preemptive approach. For some companies, paying ransoms may be the most efficient way to minimize damage. However, the real solution … Read more
January 15, 2024 at 08:07PM Volexity discovered mass exploitation of two zero-day vulnerabilities affecting Ivanti’s Connect Secure VPN and Policy Secure NAC appliances. The attacks by multiple threat groups have targeted organizations worldwide, including Fortune 500 companies and government departments. Mitigation measures and a list of malicious tools used in the attacks have been provided. … Read more
January 15, 2024 at 06:12AM Security solutions provider Netscout has observed a significant increase in botnet scanning activity, with peak numbers reaching 43,000 devices on December 20. The use of free cloud and hosting servers by attackers to create botnet launch pads has risen, allowing for anonymity and low overhead. The scanning represents reconnaissance activity … Read more