Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On November 14, 2023, FortiGuard published an advisory disclosing that a critical command injection vulnerability (CVE-2023-36553) had been patched in the latest updates for FortiSIEM. The vulnerability was rated with a Common Vulnerability Scoring System (CVSS) score of 9.3, as it can be exploited remotely by an unauthenticated threat actor using crafted API requests to execute unauthorized commands. This vulnerability is caused by improper neutralization of special elements in FortiSIEM report server.

Protecting sensitive data from the threat of exposure is a non-negotiable business imperative for organizations, especially those in highly regulated sectors like government and healthcare. To help organizations keep their data secure, the National Institute of Science and Technology (NIST) developed a set of requirements for the hardware and software components responsible for data encryption.

Your web server conveys a variety of information to the client when a visitor opens your website. They can access specific policies you've set and sometimes identify what kind of software you use to run your system. Sometimes, that's okay. Other times, the information exposed in your server header can lead directly to a malicious cyber attack.

From Tanium's Australian bureau, we dive into the Essential 8 baseline mitigation strategies and reveal how Tanium's unique architecture goes beyond the traditional approach of other vendors and enables organisations to overcome key challenges to help them successfully achieve automated continuous compliance.

It’s 10:30 p.m. and you’re heading to bed. Unfortunately, a threat actor has your organization in their crosshairs. While you’re brushing your teeth, they’re crafting a social engineering email to pilfer your employees’ credentials. While you’re putting on your pajamas, they’re finding a path to log in. While you’re asleep, is your organization protected?

You can tell your smart TV has been hacked if you notice unusual activity on your smart TV, strange popup windows, changed privacy and security settings, slow performance and unauthorized access to your accounts. Surprisingly, smart TVs can get hacked just like any other Internet of Things (IoT) device that connects to the internet. Cybercriminals can hack your smart TV to spy on you or infect other devices on the same network. You need to secure your smart TV to protect it from hackers.

Norton Healthcare consists of over 430 locations between Kentucky and Indiana. The clinics meet over two million a year, including adult and pediatric patients. The hospital offers one of the largest not-for-profit healthcare systems in the region and employs over 25,000 faculty members. Norton Healthcare is a community powerhouse in the region; this makes their announcement of a data breach all the more disturbing.

Cyber security pen testing can vary widely, covering applications, wireless, network services and physical assets. These could include internal and external infrastructure testing, web or mobile application testing, API testing, cloud and network configuration reviews, social engineering and even physical security testing.

The manufacturing industry has undergone a huge digital transformation in recent years. While these changes have increased productivity, the industry has also experienced new pressures from cybersecurity. In 2022, the industry has been vulnerable to 250 data violation incidents in the United States alone costing nearly 23.9 million USD. More and more industries are finding their intellectual property (IP) at risk as threat actors become more sophisticated.

Today, businesses are increasingly relying on digital technologies to streamline operations and deliver seamless service. A continuously monitored, robust network infrastructure using NPM tools, like OpManager, is critical to ensure business continuity. OpManager, with its advanced AI and ML features, is capable of offering in-depth insights into visibility, network performance, and proactively notifying you of network faults.