Author: nlqip
As Covid-19 drives a higher volume of transactions online, the dance between cyber-criminals and security professionals has stepped up a beat. Enterprises are re-assessing the robustness of their systems, while bad actors are on the look-out for vulnerabilities to exploit. Under lockdown measures, organisations have been forced to reassess their physical environments. Now they must…
Read MoreA wide variety of organizations fall under financial services, including banks of varying sizes, credit unions, insurance companies, government-sponsored financial institutions, stock exchanges, investment funds, payment processors, consumer finance lenders, brokerages, and companies that service the financial sector. We’ll look at all of these and note the differences in the data, starting with the largest…
Read MoreIntroduction F5 Labs attack series articles help you understand common attacks, how they work, and how to guard against them. What Is Cross-Site Scripting? Cross-site scripting, commonly referred to as XSS, is one of many types of insertion attacks that affect web-based applications and, by extension, their users. It occurs when a vulnerability in an…
Read More
Two vulnerabilities with publicly available exploit code in JetBrains TeamCity on-premises software could result in attackers bypassing authentication and achieving code execution. Update March 7: The blog has been updated to include information in-the-wild exploitation of CVE-2024-27198. View Change Log Background On March 4, JetBrains published a blog post regarding two security issues affecting TeamCity…
Read More
The importance of fostering a cybersecurity culture within organizations cannot be overstated. While technical security measures are crucial, employee behaviour plays a significant role in cyber defense. Leadership commitment is paramount, and executives should set the tone by actively promoting cybersecurity awareness. Tailored security awareness programs, engaging both employees and executives, are essential for keeping…
Read MoreEvery day, we hear about the new “innovative” ways that hackers use to infiltrate devices to inject ransomware or steal invaluable date. But hackers are also using data manipulation to make subtle modifications to data sets, which is particularly insidious and could potentially have a greater crippling effect on organizations than a data breach. As…
Read MoreCyberattack Incidents at Financial Services Companies Like payment processors, financial services companies are private companies that serve the financial sector by providing data processing for banks, credit unions, and other financial institutions. They can perform loan analyses, credit ratings, check printing, data storage, or analytics. Basically, they provide any outsourced service except payment processing (the…
Read MoreApply appropriate updates provided by WordPress to vulnerable systems immediately after appropriate testing. (M1051: Update Software) Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard. Safeguard 7.2:…
Read More
Microsoft addresses 59 CVEs in its March 2024 Patch Tuesday release with no zero-day or publicly disclosed vulnerabilities. Microsoft patched 59 CVEs in its March 2024 Patch Tuesday release, with 2 rated critical and 57 rated as important. Elevation of privilege (EoP) vulnerabilities accounted for 40.7% of the vulnerabilities patched this month, followed by Remote…
Read MoreThe sector with the largest single attack in 2021, however, was ISP/Hosting, which saw attacks peak at 1.4 Tbps. Where DDoS Attacks Come From Denial-of-service attacks are most frequently launched from compromised servers or consumer devices, such as Internet-of-Thing (IoT) products and broadband routers. In producing this report, we made use of data not only…
Read More