July 17, 2024 at 04:35AM Hackers with ties to the Chinese government have gained access to US critical infrastructure, transitioning from espionage to potentially compromising or destroying infrastructure via operational technology. Recent attacks on maritime and water systems signal the need for increased OT security. Three key steps include converging IT and OT security, developing … Read more
July 15, 2024 at 10:16AM Microsoft has confirmed that recent Windows Server updates have caused issues with some Microsoft 365 Defender features, specifically affecting the Network Detection and Response (NDR) service and other Defender components. The problem only impacts Windows Server 2022 systems and related services, with Microsoft working on a fix and providing updates … Read more
July 11, 2024 at 10:48AM CrystalRay, a threat actor, has expanded their operations since the February attacks. They utilize SSH-Snake, an automated worm-like tool, for hacking purposes and have added mass scanning, open source software exploitation, and credential theft to their arsenal. Their use of open source and penetration testing tools enables them to maintain … Read more
July 11, 2024 at 07:42AM CISA and the FBI are calling for immediate action to address OS command injection vulnerabilities in network devices following recent intrusions. The agencies emphasize the need for businesses and device manufacturers to eliminate these vulnerabilities at the source. (46 words) Based on the meeting notes, the key takeaway is that … Read more
July 9, 2024 at 03:03PM Microsoft released a large set of updates to address security vulnerabilities in the Windows environment. They warned of active exploitation of a Windows Hyper-V privilege escalation bug and a Windows MSHTML Platform spoofing vulnerability. These vulnerabilities represent only a portion of the 143 documented bugs, with five rated as critical. … Read more
July 9, 2024 at 01:12PM Chinese state-sponsored actor APT40 swiftly targets and exploits newly discovered software vulnerabilities. Jointly advised by US, Australia, UK, Canada, and more, they employ techniques similar to other Chinese state-sponsored actors, prioritizing public-facing infrastructure exploitation. APT40 conducts extensive reconnaissance and continues to evolve its tactics, necessitating prompt patching by security teams … Read more
July 9, 2024 at 10:21AM SAP released 16 new and 2 updated security notes for July 2024, addressing high-severity vulnerabilities in PDCE and SAP Commerce. The PDCE bug (CVE-2024-39592) could allow unauthorized data access, while the SAP Commerce issue (CVE-2024-39597) could enable access to improperly configured sites. 15 medium-severity issues in various SAP products were … Read more
July 8, 2024 at 10:37PM Law enforcement agencies, led by Australia, have issued an advisory detailing the tradecraft of APT40, a state-sponsored cyber group aligned with China. Known for rapidly exploiting new vulnerabilities, APT40 targets unpatched networks and uses compromised devices to launch attacks. The advisory provides mitigation tactics and highlights APT40’s use of web … Read more
July 5, 2024 at 10:21AM Cybersecurity professionals face complex challenges in protecting constantly evolving technology from adversaries. Cultivating a security-conscious culture demands excellent communication skills, enabling clear articulation of technical issues to diverse stakeholders. Active listening and transparent communication with external parties are crucial, while advancements in technology have lessened some technical requirements, emphasizing the … Read more
July 5, 2024 at 07:43AM The evolving attack surface poses a significant challenge to business security. Gartner introduced Continuous Threat Exposure Management (CTEM) as a solution, predicting 3 times less breaches for organizations that prioritize it. CTEM offers a comprehensive view of the attack surface, emphasizes vulnerability management and validation, and urges organizations to adapt … Read more