On October 16, 2023, Kroll Cyber Threat Intelligence (CTI) analysts were made aware of an ongoing exploitation of a recently discovered vulnerability within the web user interface (UI) functionality of Cisco IOS XE (CVE-2023-20198). This security flaw is critical with a CVSS score of 10.
Ingesting data in the security world is only half of the battle. The second half is fought over insight generation. As security professionals, we understand that every second we spend creating dashboards, alerts, or parsing rules is a potential window of vulnerability, assuming this capability even exists within the organization.
Ransomware works by exploiting vulnerabilities in a computer system's security. Criminals typically use email phishing or other deceptive tactics to install malicious software on the victim's computer. Once the ransomware has infiltrated the system, it will begin to lock down files and encrypt them using advanced cryptography techniques, making them inaccessible. The cybercriminal will then demand payment for a decryption key that will allow the victim to regain access to their files.
Whether internally developed or purchased, your applications can be exposed to a host of vulnerabilities, especially via open source components that are widely used in today’s software. A recent survey found that 60% of data breach victims were compromised due to a known but unpatched vulnerability. Effective prevention and risk management requires being able to understand the vulnerability risk profile for each component of your Software Supply Chain.
The world of digital technology is perpetually evolving, positioning cybersecurity as a frontline defense in safeguarding essential digital assets. A primary challenge in this sector, accentuated by the Wallarm API ThreatStats™ report Q3’2023, is ensuring robust API security. This in-depth report emphasizes the urgent need for immediate, strategic actions from business leaders and cybersecurity practitioners alike to combat the sophisticated emerging threats.
You’ve probably encountered them. Self-reported ‘supplier security assessments’ – documents where fact and fiction can easily overlap if the requisite information cannot be readily validated. In reality, supplier questionnaires do offer an (albeit limited) indication of an organisation’s level of cyber maturity and are a necessary process.
The Entertainment and Gaming industries are thriving economies that cater to the enjoyment needs of millions worldwide. However, these sectors are far from immune to the growing threat of cyberattacks. In fact, they’re increasingly becoming a prime target for malicious cyber threat actors due to its widespread visibility and the perception that gamers and media consumers may be less vigilant about cybersecurity.
In the ever-evolving landscape of cybersecurity, the concept of a ”single pane of glass” has long been the Holy Grail for many organisations. The idea is simple: consolidate all your cybersecurity tools and data onto a single dashboard for improved visibility and control.
As customers adopt a digital lifestyle, the financial services required to support their online purchases are growing at an unprecedented pace. To match these challenges IT organizations are frequently turning to the cloud and replacing traditional services. Cloud services are already well-rooted in virtually every aspect of the financial services industry and all signs point to this continuing into the future.
In the dynamic world of software development, Application Programming Interfaces (APIs) serve as essential conduits, facilitating seamless interaction between software components. This intermediary interface not only streamlines development but also empowers software teams to reuse code. However, the increasing prevalence of APIs in modern business comes with security challenges.
