As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it’s impossible to always know what’s around the corner. It’s not just about external threats and the big breaches splashed across the news headlines.
On one hand, we’re combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we’re trying to better understand employee behavior amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity. And while it certainly makes our jobs interesting, unpredictability runs contrary to how the organisations we protect prefer to operate.
Read more…
Source: Rapid7
Related:
- SolarWinds says it’s facing SEC ‘enforcement action’ over 2020 hack
November 7, 2022
The long hangover from a 2020 state-sponsored compromise still isn’t over for SolarWinds, as the software giant targeted by Russian government hackers has to pony up $26 million to shareholders and face possible enforcement action from the federal government. In a recent 8-K filing with the U.S. Securities and Exchange Commission, SolarWinds said it reached an ...
- Attack Surface Management 2022 Midyear Review – Part 3
November 3, 2022
With the rise of ransomware and other vulnerabilities, it has been an eventful year in cybersecurity. In part two, Trend Micro researchers discussed these issues at length today as well as their implications on a global scale for both businesses large (and small). In the last and final part of the series, Trend Micro researchers talk ...
- Server-side attacks, C&C in public cloud services
November 2, 2022
This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. The goal of the report is to inform our customers about techniques used by attackers. Kaspersky researchers hope that learning about the attacks that took place in the wild helps you to stay up to date on the modern ...
- CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication
October 31, 2022
CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication (MFA). CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using mobile push-notification-based MFA is unable to implement phishing-resistant MFA, CISA recommends using number ...
- Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies
October 28, 2022
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint guide to provide organizations proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks. These attacks can cost an organization time and money and may impose ...
- CISA Releases Four Industrial Control Systems Advisories
October 28, 2022
CISA has released four (4) Industrial Control Systems (ICS) advisories on October 27, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-300-01 Rockwell Automation FactoryTalk Alarm and Events Server ICSA-22-300-02 SAUTER Controls moduWeb ICSA-22-300-03 Rockwell ...

