#ThreatLandscape

4 Ways Organizations Can Drive Demand for Software Security Training

by

February 27, 2024 at 01:06PM Summary: The cybersecurity landscape for organizations creating their own software is increasingly risky due to various forces. There is a shortage of skilled cybersecurity personnel, a worsening threat landscape, and potential legislative changes. Companies can address this by empowering their developers through secure coding, security training, identifying champions, offering incentives, … Read more

BumbleBee Malware Buzzes Back on the Scene After 4-Month Hiatus

by

February 14, 2024 at 11:59AM The Bumblebee loader, known for delivering various malware, has reappeared in the US targeting organizations after a four-month hiatus. The recent campaign uses email with OneDrive URLs to initiate attacks, signaling a surge in cybercriminal activity. Interestingly, the attackers have employed VBA macro-enabled documents, a tactic rarely used since Microsoft’s … Read more

With Attacks on the Upswing, Cyber-Insurance Premiums Poised to Rise Too

by

January 18, 2024 at 12:04PM The cyber-insurance market is expected to see rising claim volumes due to increasing threat activities, potentially leading to higher premiums in the next 12 to 24 months. Despite recent declines in average prices, industry experts anticipate a shift towards increased costs as the threat landscape evolves. While costs temporarily eased … Read more

Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet

by

January 16, 2024 at 04:34PM Ivanti VPNs globally compromised due to two unpatched zero-day vulnerabilities, allowing attackers to gain network access. Thousands infected, primarily by group UTA0178, with no available patches until Jan. 22 and Feb. 19. Ivanti released a mitigation and Integrity Checker Tool for existing compromises. Customers advised to follow incident response playbook … Read more

As Enterprise Cloud Grows, So Do Challenges

by

January 15, 2024 at 11:31PM As children grow, their problems become more complex, resembling the challenges faced by maturing enterprises. The evolving technology landscape necessitates a strategic distributed cloud platform partner to manage complexity, facilitate vendor consolidation, handle mergers/acquisitions, cope with innovation pressure, and combat the evolving threat landscape for improved security and simplified management. … Read more

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

by

December 22, 2023 at 08:00AM A recent phishing campaign employs decoy Microsoft Word documents to distribute Nim-based malware. The backdoor lures victims to enable macros, then establishes a connection with a remote server disguised as a Nepali government entity. This comes amidst increased distribution of various malware strains and social engineering campaigns leveraging new tactics. … Read more

Humans Are Notoriously Bad at Assessing Risk

by

November 22, 2023 at 07:12AM Risk assessment can be subjective and biased due to human emotions, which can lead to an inaccurate representation of reality and a weaker security posture. To remove subjectivity, security professionals should follow seven steps: identify critical resources and data, understand potential financial impact, enumerate relevant threats, map risks to resources, … Read more

Steps CISOs Should Take Before, During & After a Cyberattack

by

November 14, 2023 at 10:05AM In today’s complex threat landscape, organizations must have a detailed cyber playbook outlining actions to take in the event of an attack. CISOs should educate stakeholders, build a comprehensive framework, and test plans regularly. During an attack, effective and empathetic communication is crucial. Afterward, reflection without blame should occur to … Read more

Securing Modern Enterprises in a Borderless Landscape

by

October 30, 2023 at 03:08AM The COVID-19 pandemic led to a surge in remote work, prompting organizations to quickly adopt remote collaboration tools. However, ensuring robust security for remote access has been a challenge. To address this, Cisco partnered with Forgepoint Capital, NightDragon, and Team8 to create the 2023 CISO Survival Guide, a framework for … Read more

CISA, HHS Release Cybersecurity Healthcare Toolkit

by

October 26, 2023 at 12:21PM The US cybersecurity agency CISA and the Department of Health and Human Services (HHS) have released a cybersecurity toolkit for healthcare and public health organizations. The toolkit provides guidance on cyber hygiene, threat landscape, best practices, and offers risk assessment tools and recommended resources. It also suggests accessing grants and … Read more