As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines.
On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behavior amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.
Read more…
Source: Rapid7
Related:
- Germany unveils plan to tackle cyberattacks on satellites
July 5, 2022
The German Federal Office for Information Security (BSI) has put out an IT baseline protection profile for space infrastructure amid concerns that attackers could turn their gaze skywards. The document, published last week, is the result of a year of work by Airbus Defence and Space, the German Space Agency at the German Aerospace Center (DLR), ...
- What to do about inherent security flaws in critical infrastructure?
July 3, 2022
The latest threat security research into operational technology (OT) and industrial systems identified a bunch of issues — 56 to be exact — that criminals could use to launch cyberattacks against critical infrastructure. But many of them are unfixable, due to insecure protocols and architectural designs. And this highlights a larger security problem with devices that ...
- Cyberattack shuts down unemployment, labor websites across the US
July 1, 2022
A cyberattack on a software company almost a week ago continues to ripple through labor and workforce agencies in a number of US states, cutting off people from such services as unemployment benefits and job-seeking programs. Labor departments and related agencies in at least nine states have been impacted. According to the Louisiana Workforce Commission in ...
- CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1
June 28, 2022
CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication (“Modern Auth”) before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does not support multifactor authentication (MFA), which is a requirement for Federal Civilian Executive Branch (FCEB) ...
- Cyberattack forces Iran steel company to halt production
June 27, 2022
One of Iran’s major steel companies said Monday it was forced to halt production after being hit by a cyberattack, apparently marking one of the biggest such assaults on the country’s strategic industrial sector in recent memory. The Iranian government did not acknowledge the disruption or blame any specific group for the assault on the state-owned ...
- CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
June 22, 2022
CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality. CISA has released six corresponding ...

