It’s hard to comprehend living in a world where flawed or buggy code can take down so many critical systems and drain $5 billion in direct losses from Fortune 500 companies. And, it’s true that there’s no easy fix to this kind of problem.
But whether it’s preventing bad software updates or maintaining compliance among constant requirements and changes, organizations can implement several practical measures to improve their cybersecurity hygiene and reduce their risk exposure.
Read more…
Source: TechRadar
Related:
- An In-Depth Look at ICS Vulnerabilities Part 2
April 4, 2022
In part one, Trend Micro researchers discussed ICS-CERT advisories from 2010 to 2021. Using MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS, determined the number of identified CVEs that affect the ICS environment. For this blog entry, Trend Micro look into the sectors affected, especially during 2021: Read more… Source: Trend Micro Related story: An In-Depth Look ...
- SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965
April 4, 2022
On March 31, 2022, vulnerabilities in the Spring Framework for Java were publicly disclosed. Microsoft is currently assessing the impact associated with these vulnerabilities. This blog is for customers looking for protection against exploitation and ways to detect vulnerable installations on their network of the critical remote code execution (RCE) vulnerability CVE-2022-22965 (also known as ...
- Australia’s SkyGuardian drones shot down by spicy cybers
April 1, 2022
The Australian government has cancelled the SkyGuardian armed drone program for the Royal Australian Air Force. The funding is being redirected to the newly-announced REDSPICE cybersecurity and intelligence program. REDSPICE, the Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers program, is a flagship component of the federal Budget announced on Tuesday. The program aims to double the ...
- CISA Releases Security Advisories for Rockwell Automation Products
March 31, 2022
CISA has released two Industrial Controls Systems Advisories (ICSAs) detailing vulnerabilities in Rockwell Automation products. An attacker could exploit these vulnerabilities to inject code on affected system. CISA encourages users and administrators to review ICSA-22-090-05: Rockwell Automation Logix Controllers and ICSA-22-090-07: Rockwell Automation Studio 5000 Logix Designer for more information and to apply the necessary mitigations ...
- FBI: Ransomware Attacks Straining Local US Governments and Public Services
March 30, 2022
The FBI is informing Government Facilities Sector (GFS) partners of cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses. Ransomware attacks against local government entities and the subsequent impacts are especially significant due to the public’s dependency on critical utilities, emergency ...
- FBI: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
March 24, 2022
This joint Cybersecurity Advisory (CSA)—coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE)—provides information on multiple intrusion campaigns conducted by statesponsored Russian cyber actors from 2011 to 2018 and targeted U.S. and international Energy Sector organizations. CISA, the FBI, and DOE responded to ...