Preparing for Unknown Risks: How to Better Prepare for Risks You Can’t See Yet


As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines.

On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behavior amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.

Read more…
Source: Rapid7


Sign up for our Newsletter


Related:

  • UAE Cyber Security Council calls for stronger vigilance amid growing AI-driven cyber attacks

    January 18, 2025

    The Cyber Security Council of the UAE Government has announced that the nation’s cybersecurity systems have successfully countered malicious ransomware attacks targeting several strategic sectors, including government and private entities. The Council revealed that the country’s emergency cyber-response systems, in collaboration with relevant authorities, have proactively and professionally intercepted and neutralised approximately 200,000 cyber attacks daily ...

  • Proof-of-Concept Exploit Released for CVE-2024-53691 in QNAP QTS and QuTS NAS

    January 17, 2025

    QNAP has released a security advisory addressing three vulnerabilities in the QTS and QuTS products. QTS and QuTS are the operating system for QNAP Network-attached storage (NAS) appliances. CVE-2023-39298 is a ‘Missing authorisation’ vulnerability with a CVSSv3 score of 7.8. If exploited, a local attacker with low privileges could access data or perform actions without proper ...

  • Product Security Bad Practices

    January 17, 2025

    As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle. This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for ...

  • Threat Brief: CVE-2025-0282 and CVE-2025-0283

    January 16, 2025

    On Jan. 8, 2025, Ivanti released a security advisory for two vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in its Connect Secure, Policy Secure and ZTA gateway products. This threat brief provides attack details that we observed in a recent incident response engagement to provide actionable intelligence to the community. These details can be used to further detect current ...

  • How to Mitigate the Risk of Rogue Employees

    January 16, 2025

    Rogue employees present significant financial and cybersecurity risks to organizations. Rapid7 threat researchers and penetration testers are actively observing how malicious actors exploit hiring pipelines to infiltrate businesses. This blog highlights real-world tactics, including: Insider Reconnaissance: Rogue applicants leveraging interviews to map office layouts, identify vulnerable devices, and even plant malware during site visits. Read more… Source: Rapid7 Sign up ...

  • Multi-Vector DDoS Attacks: What They Are and How to Stay Protected

    January 15, 2025

    Multi-vector DDoS attacks have emerged as one of the biggest challenges in cybersecurity today. The number of such incidents has been growing significantly year over year. In this article, we’ll break down what multi-vector attacks are, how they work, and why they’re such a pressing threat. As DDoS attacks evolve, it becomes increasingly difficult to combat ...