January 19, 2024 at 06:54AM The US government released new guidance for the water and wastewater sector to improve cyber resilience and incident response capabilities. The document, developed by CISA, the FBI, and the EPA, outlines federal roles and resources, encourages incident reporting, and emphasizes interaction with local cyber communities. It aims to mitigate escalating … Read more
January 19, 2024 at 06:12AM The US security agency CISA warns of increasing exploitation of two Ivanti Connect Secure VPN vulnerabilities by a Chinese cyberespionage group, compromising over 2,100 devices belonging to various organizations. Additionally, a separate Ivanti product flaw is being exploited. Patches have been released with mitigations, but widespread exploitation continues, including new … Read more
January 17, 2024 at 05:06PM ESET, a leading cybersecurity company, has launched ESET MDR, an innovative solution tailored for SMBs to address evolving cybersecurity challenges. The service combines AI-powered automation, human expertise, and comprehensive threat intelligence to provide unmatched threat detection and incident response. This offering will help SMBs enhance their security postures and meet … Read more
January 16, 2024 at 07:10PM Security teams increasingly collaborate with internal and external partners for incident response, recognizing the importance of coordination. 63% coordinate with internal communications, 44% know whom to contact in HR, and 39% have dedicated resources for external communications. Cross-functional collaboration is crucial due to the wide-reaching impact of security breaches. Also, … Read more
January 16, 2024 at 04:34PM Ivanti VPNs globally compromised due to two unpatched zero-day vulnerabilities, allowing attackers to gain network access. Thousands infected, primarily by group UTA0178, with no available patches until Jan. 22 and Feb. 19. Ivanti released a mitigation and Integrity Checker Tool for existing compromises. Customers advised to follow incident response playbook … Read more
January 9, 2024 at 10:12AM At Blackhat 2004, the founder of Red Cliff Consulting presented on “The Evolution of Incident Response,” addressing challenges like increasing attack complexity, evolving response methodologies, and the need for pre-incident preparation. Despite technological advancements, core incident response principles remain the same. Issues like email, patching, and human error persist. Three … Read more
January 8, 2024 at 08:36AM Security professionals are prioritizing use cases such as incident response, alert triage, vulnerability management, spear phishing, and threat intelligence for technology investments. Automation adoption is driven by the need for efficiency, with top use cases varying by industry. A standardized, data-driven and extensible platform is key for successful security automation … Read more
January 4, 2024 at 03:11PM On Wednesday, miscreants seized control of security firm Mandiant’s Twitter account to attempt cryptocurrency theft. After being renamed as a phony crypto wallet service account, the hijackers lured users to a fraudulent website for free tokens, prompting concerns of financial losses. The incident highlights Twitter’s ongoing security concerns and risks … Read more
January 3, 2024 at 05:19PM Xerox Business Solutions, a subsidiary of Xerox, has contained a cyber security incident in the US, revealed in a press release. Although XBS and Xerox corporate data were unaffected, personal information may have been accessed. Third-party cybersecurity findings indicate this breach, but ransomware group INC Ransom’s involvement raises concerns over … Read more
December 29, 2023 at 09:05AM Cybersecurity leaders have outlined New Year’s resolutions for 2024. These include bolstering defenses through proactive measures, operational enhancements, and reactive capabilities. Emphasizing the importance of assessing and updating business continuity and incident response plans is coupled with a strong focus on fundamental detection, prevention, and response capabilities. New technologies, evolving … Read more