CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog
The U.S. CISA added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including Apache Log4Shell Log4j and Fortinet FortiOS issues. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 13…
Cuba ransomware gang hacked 49 US critical infrastructure organizations
The FBI has revealed that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. A flash alert published by the FBI has reported that…
Nobelium APT targets French orgs, French ANSSI agency warns
The French cyber-security agency ANSSI said that the Russia-linked Nobelium APT group has been targeting French organizations since February 2021. The French national cybersecurity agency ANSSI (Agence Nationale de la…
How To Effectively Secure Connected Devices
By Gnanaprakasam Pandian, Chief Product Officer and Co-Founder, Ordr As connected devices, including Internet of Things (IoT), Internet of Medical Things (IoMT) and Operational Technology (OT) continue to explode in…
December 2021: Cyber Deception Month
How Bad Are The Breaches? Please take the time to visit a visual mapping of the largest breaches… http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Which I shortened for you… https://tinyurl.com/CDMG-DEC-2021 (you can trust me, I’m…
Analyzing The Security Challenge of Hybrid and Remote Working Models
By Mike East, VP EMEA, Menlo Security The pandemic has shifted the balance in many arenas, not least in relation to cybersecurity. Where COVID-19 has continued to have a drastic…
FBI training document shows lawful access to multiple encrypted messaging apps
Which are the most secure encrypted messaging apps? An FBI document shows what data can be obtained from them. The Record shared an FBI training document that reveals the surveillance…
Experts warn of attacks exploiting CVE-2021-40438 flaw in Apache HTTP Server
Threat actors are exploiting the recently patched CVE-2021-40438 flaw in Apache HTTP servers, warns German Cybersecurity Agency and Cisco. Threat actors are exploiting a recently addressed server-side request forgery (SSRF)…
SOAR Into More Integrated Cybersecurity
By Josh Magady, Section Manager, Senior Cybersecurity Consultant, and Practice Technical Lead, 1898 & Co. Why is being cybersecurity compliant not the same as preparedness for threats? Shouldn’t compliance mean full…
The rise of millionaire zero-day exploit markets
Researchers detailed the multi-millionaire market of zero-day exploits, a parallel economy that is fueling the threat landscape. Zero-day exploits are essential weapons in the arsenal of nation-state actors and cybercrime…
Multicloud Rolls In: Federal IT Professionals Share Insights and Challenges
By Rick Rosenburg, Vice President and General Manager, Rackspace Government Solutions, Rackspace Technology Federal agencies kicked into IT modernization overdrive during the pandemic and, as 2022 approaches, agencies are looking…
Overcoming the Limitations of VPN, NAC, and Firewalls with Zero Trust Access
During 2020 and 2021, we’ve seen ransomware-as-a-service wreak havoc in the IT supply chain and critical infrastructure. Below we explore how technologies and approaches to help protect organizations from these…