Month: December 2024
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-45727 North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability CVE-2024-11680 ProjectSend Improper Authentication Vulnerability CVE-2024-11667 Zyxel Multiple Firewalls Path Traversal Vulnerability Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…
Read More
Security leaders continue to be under intense pressure. Increasingly, they are turning toward third parties for support and expertise as their cybersecurity woes become more dire and it becomes harder to recruit and retain talent. This is reflected in the projected growth for cybersecurity services through 20281 (managed security services, managed detection and response, security…
Read More
Tenable®, the exposure management company, today announced the release of Tenable Patch Management, an autonomous patch solution built to quickly and effectively close vulnerability exposures in a unified solution. A strategic partnership and integration with Adaptiva, a global leader in autonomous endpoint management, provides the foundation of the solution. Vulnerability remediation remains a critical challenge…
Read More
From a new Amazon Q offering to help customers get off Microsoft Windows to new Amazon Aurora database service that bests Google Spanner, here are AWS CEO Matt Garman’s boldest statements during his keynote at AWS re:Invent 2024 today. Amazon Web Services CEO Matt Garman took the stage at AWS re:Invent 2024 today to tout…
Read More
One year after Broadcom’s blockbuster acquisition of virtualization giant VMware, CEO Rajiv Ramaswami told investors that Nutanix partnerships with the likes of AWS, Cisco, Dell, and Nvidia are filling a niche as the market looks for the best platform to host data and workloads. In a post-VMware acquisition virtualization landscape, the biggest vendors in the…
Read More
2024 Cyber Resilience Research Unveils US SLED Sector Challenges New data illuminates how US SLED leaders can prioritize resilience. US SLED (State, Local, and Higher Education) organizations find themselves at the intersection of progress and peril in the rapidly evolving digital landscape. The latest data underscores that the trade-offs are significant and pose substantial risks…
Read More
Executive Summary Establishing persistence on a system allows a threat actor continued access or process execution across system restarts or other changes. For this reason, monitoring for and investigating persistence indicators are key components of any robust cybersecurity platform. Two common persistence techniques are using AutoStart Execution of programs during system boot or logon (T1547)…
Read More
It’s becoming increasingly challenging to secure sensitive data. Cybercriminals are becoming more sophisticated, IT infrastructure is becoming more complex, and attack surfaces are increasing. With so much data now stored off-premises, organizations must protect not only their sensitive information but also the platforms that house it. This is where data security posture management (DPSM) and…
Read MoreToday, CISA—in partnership with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners—released joint guidance, Enhanced Visibility and Hardening Guidance for Communications Infrastructure. Partners of this guidance include: Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) Canadian Centre for Cyber Security (CCCS) New Zealand’s National Cyber Security Centre (NCSC-NZ)…
Read More