FBI: ALPHV ransomware raked in $300 million from over 1,000 victims

December 19, 2023 at 02:35PM The ALPHV/BlackCat ransomware group has earned more than $300 million from 1,000+ victims worldwide by September 2023, per FBI. Affiliates have extensive networks and experience in ransomware and data extortion. Additionally, FBI and CISA have issued mitigation measures, including patching vulnerabilities and enforcing multifactor authentication. FBI has recently disrupted the … Read more

Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment

December 15, 2023 at 11:49AM In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) for a Healthcare and Public Health (HPH) organization. The RVA included web application, phishing, penetration, database, and wireless assessments. While no significant external vulnerabilities were identified, the internal testing revealed multiple misconfigurations and … Read more

Reimagining Network Pentesting With Automation

December 14, 2023 at 12:54PM Network penetration testing is vital in cybersecurity, yet misconceptions impact its role. This blog serves as a guide, explaining the process, debunking myths, and highlighting its significance. It encompasses internal and external testing differences, process stages, common misconceptions, and the comparison between manual and automated testing. It emphasizes the importance … Read more

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

December 6, 2023 at 04:54AM Atlassian patched four critical vulnerabilities in its software, addressing remote code execution risks. CVEs 2022-1471, 2023-22522, 2023-22523, and 2023-22524, with CVSS scores up to 9.8, affect various products including Confluence and Jira. Prior critical flaw in Bamboo also mentioned. Urgent updates recommended. Meeting Takeaways from Dec 06, 2023 – Software … Read more

FIRST Announces CVSS 4.0 – New Vulnerability Scoring System

November 2, 2023 at 05:30AM The Forum of Incident Response and Security Teams (FIRST) has announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard. This update aims to provide a more accurate assessment of vulnerabilities and introduces new metrics for assessment. It also emphasizes that CVSS should not be the sole … Read more