Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The US Cybersecurity and Infrastructure Agency (CISA) has issued a directive to federal agencies and other public bodies requiring them to take steps to reduce their risk of exploited vulnerabilities. CISA highlights the startling finding that hackers are exploiting up to 290 different vulnerabilities in these agencies.

At our recent Data Security Summit, Bipul Sinha sat down with author and award-winning The New York Times cybersecurity journalist Nicole Perlroth to discuss learnings from her research and thousands of interviews with security leaders, government officials, hackers, spies, and more.

The real risk of business disruption, brand damage, and potential liabilities caused by ransomware attacks has elevated cybersecurity from a technical or operational issue normally handled by security teams, to a major Board level priority and discussion. Even the most sophisticated and mature organizations that once believed their cybersecurity defenses were robust are now rethinking their preparedness and response capabilities required to address the imminent threat of ransomware attacks.

Cyber Monday and the holiday shopping season are around the corner: don’t be the victim of an online shopping scam or cyber security breach. Cyber Monday is here, and the holiday shopping season is in full swing. With some of the world’s biggest brands vulnerable to a Magecart attack, you can’t be too careful with your credit card information.

An enumeration attack is when cybercriminals use brute-force methods to check if certain data exists on a web server database. For simple enumeration attacks, this data could include usernames and passwords. More sophisticated attacks could uncover hostnames, SNMP, and DNS details, and even confirm poor network setting configurations. Every web application module that communicates with a user database could potentially become an enumeration attack vector if left unsecured.

In a recent Tripwire survey, over 300 respondents from both private and public sectors said that implementing Zero Trust Architecture (ZTA) could materially improve cybersecurity outcomes. This result seems like a positive outcome since we don’t often get such a unanimously high confidence level in a specific security approach from survey data.

Organizations across various industries spend their time and resources to mitigate impending cybersecurity threats to protect their assets and sensitive data. As new technologies come into play, more comprehensive cybersecurity measures are needed to protect these organizations. We’re in a time when remote work has become the norm, thus making cybersecurity that much more of a priority for many organizations.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. The joys of electric cars, and because you have all the gizmos at your disposal does it mean you should use them at every opportunity?

Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. The warning comes from the non-profit Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) which revealed that at least two large facilities working on manufacturing bio-drugs and vaccines have been hit by the same malware this year, in what appear to be targeted attacks.

As digital transformation continues post-COVID more organizations, including those covered by HIPAA, will seek out SaaS solutions that make collaboration easier. Fortunately more and more applications like Slack are enabling HIPAA compliant use. In early 2019 as Slack filed for its IPO, the company also updated its security page to provide details on its qualifications as a HIPAA compliant messaging app.