As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines.
On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behavior amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.
Read more…
Source: Rapid7
Related:
- CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain
November 17, 2022
Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series – Recommended Practices Guide for Customers. This publication follows the August 2022 release of guidance for developers and October 2022 ...
- CISA Releases Two Industrial Control Systems Advisories
November 17, 2022
CISA has released two (2) Industrial Control Systems (ICS) advisories on November 17, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-321-01 Red Lion Crimson ICSA-22-321-02 Cradlepoint IBR600 Read more… Source: U.S. Cybersecurity and Infrastructure Security ...
- Token tactics: How to prevent, detect, and respond to cloud token theft
November 16, 2022
As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose. By compromising and replaying ...
- Shocker: EV charging infrastructure is seriously insecure
November 15, 2022
If you’ve noticed car charging stations showing up in your area, congratulations! You’re part of a growing network of systems so poorly secured they could one day be used to destabilize entire electrical grids, and which contain enough security issues to be problematic today. That’s what scientists at Sandia National Laboratory in Albuquerque, New Mexico have ...
- Europe calls for joint cyber defense to ward off Russia
November 11, 2022
The European Commission on Thursday proposed a cyber defense policy in response to Europe’s “deteriorating security environment” since Russia illegally invaded Ukraine earlier this year. The Commission, citing recent cyber attacks on energy networks, transportation infrastructure and space assets, called on member states to “significantly increase” investments in cybersecurity capabilities. It also aims to boost defense ...
- CISA Releases SSVC Methodology to Prioritize Vulnerabilities
November 10, 2022
Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization (SSVC), a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular system. As stated in Executive Assistant Director (EAD) Eric Goldstein’s blog post Transforming the Vulnerability Management Landscape, implementing a ...

