Frequently Asked Questions about ScreenConnect Vulnerabilities
February 20, 2024Frequently asked questions about two vulnerabilities affecting ConnectWise ScreenConnect
Managed Kubernetes: Is It Right for My Organization?
February 20, 2024As an organization grows its usage of containers, managing them becomes more complex. A common response is to adopt Kubernetes for container orchestration. But how do you properly secure your Kubernetes clusters? And should your organization host its Kubernetes deployments or instead choose a managed option? Here’s what you need to know.
Cybersecurity Snapshot: ChatGPT Gets So-So Grade in Code Analysis Test, while JCDC Pledges To Focus on Protecting Critical Infrastructure
February 16, 2024Check out why ChatGPT’s code analysis skills left Carnegie Mellon researchers unimpressed. Plus, JCDC will put special focus on critical infrastructure security in 2024. Meanwhile, CISA and OpenSSF shine a spotlight on the security of software package repositories. And scammers leveraged tech tools to steal $10 billion from U.S. consumers last year. And much more!
Pig Butchering Scam: From Tinder and TikTok to WhatsApp and Telegram, How Scammers Are Stealing Millions in a Long Con
February 14, 2024In part one of a two-part series on Pig butchering, we detail the pervasive scam that has impacted thousands of victims around the world, resulting in the loss of hundreds of millions of dollars. This blog highlights the who and the how of Pig butchering scams, and details the Pig butchering playbook.
Pig Butchering Scam: How Bitcoin, Ethereum, Litecoin and Spot Gold (XAUUSD) Investments Are Used in Romance Scams to Steal Hundreds of Millions
February 14, 2024This is the second part of a two-part series based on firsthand research into pig butchering scams from the end of 2022 into early 2024. In this post, we delve into the types of investment scams perpetrated by pig butchers to steal hundreds of millions of dollars from victims, including in the form of cryptocurrency and spot gold.
Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412)
February 13, 2024Microsoft addresses 73 CVEs, including three zero-day vulnerabilities that were exploited in the wild.
How a Serverless Architecture Can Help You Secure Cloud-Native Applications
February 13, 2024Cybersecurity teams often struggle with securing cloud-native applications, which are becoming increasingly popular with developers. The good news is that deploying these applications on a serverless architecture can make it easier to protect them. Here’s why.
Unused Access Analyzer: A Leap Toward Least Privilege, Not the End of the Journey
February 12, 2024AWS IAM Access Analyzer can now detect action-level unused permissions. It’s a great enhancement in the native toolbox to achieve least privilege — but if you need comprehensive entitlements management at scale you will probably need additional tooling and work. Find out why and what you can do to complement it.
CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability
February 9, 2024Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. critical infrastructure through exploitation of known vulnerabilities
Shoring Up Water Security: Industry Leaders Testify Before Congress
February 9, 2024The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection recently brought together industry leaders and stakeholders to discuss the urgent need for protective measures, baseline cybersecurity standards and collaboration initiatives to fortify the nation’s critical water systems. Here’s what you need to know.
Cybersecurity Snapshot: Critical Infrastructure Orgs Must Beware of China-backed Volt Typhoon, Cyber Agencies Warn
February 9, 2024The Volt Typhoon hacking gang is stealthily breaching critical infrastructure IT environments so it can strike on behalf of the Chinese government, cyber agencies say. Plus, ransomware gangs netted $1 billion-plus in 2023. In addition, new group tasked with addressing the quantum computing threat draws big tech names. And enterprises go full steam ahead with generative AI, despite challenges managing its risks. And much more!
Keep the Water Flowing for the DoD: Securing Operational Technology from Cyberattacks
February 6, 2024Malicious actors are ramping up attacks against water and wastewater systems (WWS), which are not only attractive targets but also complex to protect. The U.S. Department of Defense (DoD) in particular operates a large number of WWS facilities. Read on to learn how a strong cybersecurity program can help the DoD significantly reduce the cyber risk of its WWS systems.