Collaborate Disseminate
The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical infrastructure organizations. A botnet for probing critical infrastructure organizations … Continue reading FBI disrupts Chinese botnet used for targeting US critical infrastructure
82% of cybersecurity professionals have been working on implementing zero trust last year, and 16% should be on it by the end of this year. The challenges of zero trust implementation You’ve probably heard it before: zero trust is not a single pr… Continue reading Zero trust implementation: Plan, then execute, one step at a time
According to a recent Dynatrace report, only 50% of CISOs believe that development teams have thoroughly tested the software for vulnerabilities before deploying it into the production environment. This is a statistic that needs to change and the only … Continue reading How to make developers accept DevSecOps
Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins have been made public and there’s evidence of exploitation in the wild. About CVE-2024-23897 Jenkins is a widely used Java-based ope… Continue reading Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)
With organizations increasingly relying on third-party vendors, upping the third-party risk management (TPRM) game has become imperative to prevent the fallout of third-party compromises. Third-party risks SecurityScorecard recently found that 98% of o… Continue reading Third-party risk management best practices and why they matter
Cozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microso… Continue reading Russian hackers breached Microsoft, HPE corporate maliboxes
All types of cyber threat actor are already using artificial intelligence (AI) to varying degrees, UK National Cyber Security Centre’s analysts say, and predict that AI “will almost certainly increase the volume and heighten the impact of c… Continue reading AI expected to increase volume, impact of cyberattacks
Business executives are worried about accidental internal staff error (71%) almost as much as they are worried about external threats (75%). But which of the two is a bigger threat to a company? External vs insider threats External threats can cause gr… Continue reading Fighting insider threats is tricky but essential work
Apple has fixed an actively exploited zero-day vulnerability (CVE-2024-23222) that affects Macs, iPhones, iPads and AppleTVs. About CVE-2024-23222 CVE-2024-23222 is a type confusion issue that affects WebKit – Apple’s browser engine used in… Continue reading Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)
Finnish IT software and service company Tietoevry has suffered a ransomware attack that affected several customers of one of its datacenters in Sweden. The attack The ransomware attack took place during the night of January 19-20. “The attack was… Continue reading Tietoevry ransomware attack halts Swedish organizations