You can’t secure what you can’t see goes the saying in cybersecurity. That’s why holistic visibility is so crucial for organizations tasked with staying safe in the evolving threat landscape, as it gives you full visibility into your environment. But there’s another adage that matters even more, because without access to log sources and the proper ingestion of their data, you can’t see the forest for the trees. But what are log sources? What does proper ingestion look like?

Law firms are in a precarious position when it comes to cyber risk. These organizations are tasked with storing large amounts of sensitive information — from corporate finances to client data to intellectual property (IP) — and, as such, are finding themselves in the crosshairs of threat actors.

On May 6, 2024, Bishop Fox publicly disclosed a vulnerability along with a proof of concept (PoC) exploit in Citrix NetScaler ADC and Gateway, identified as an unauthenticated out-of-bounds memory read issue in the components used for Authentication, Authorization, and Auditing (AAA).

On May 8, 2024, Ascension Healthcare notified business partners of suspicious activity detected within their systems. They have launched investigations and are actively working on remediation efforts. Consequently, some systems will experience interruptions during this process, such as clinical operations. Ascension is currently working with Mandiant to investigate the compromise and whether sensitive data was affected, if at all.

K-12 schools, colleges, and universities store massive amounts of personal information for students, parents, and employees. This means that, while they may not make the news as much as other breaches, schools, colleges, and universities are under constant attack by modern threat actors.

Classrooms have never been more connected. Many students are issued laptops or tablets instead of textbooks, while teachers and administrators rely on dozens of apps and connected devices like Smartboards to provide instruction, track grades, manage bus schedules, create budgets, and orchestrate countless other school-related activities.

A law firm can only be successful if it can meet the needs of its clients, and few components put that success at risk more than the rising danger and repercussions of a cyber attack. In addition to the time, effort, and money a firm must spend responding to a successful breach, employees may find themselves unable to access the firm’s technology and, therefore, unable to bill hours.

In 2023, a quarter (25.6%) of incidents originated with a known vulnerability, according to the Arctic Wolf Labs 2024 Threat Report. And while zero-day vulnerabilities only accounted for a tiny percentage of incidents in 2023, two of them — the MOVEit Transfer Vulnerability and the GoAnywhereMFT Vulnerability — wreaked havoc around the globe.

On April 24, 2024, Cisco Talos and several government security agencies published details on a sophisticated threat campaign focused on espionage and gaining unauthorized access to sensitive information from targeted government entities and organizations in critical infrastructure. As part of that publication, Cisco disclosed CVE-2024-20353 and CVE-2024-20359, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, which were actively exploited in the documented campaign.

On April 16, 2024, Cisco Duo informed affected customers of a breach involving their SMS and VOIP multi-factor authentication (MFA) service provider. The breach occurred on April 1st due to a phishing attack, allowing unauthorized access to the provider’s systems, including SMS and VoIP MFA message logs for specific Duo accounts between March 1st and March 31st, 2024. Though the threat actor accessed message logs, they did not obtain message content.