Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On July 26, the U.S. Security & Exchange Commission (SEC) announced several new cybersecurity rules, taking affect mid-December 2023, that will significantly impact all U.S. organizations (and foreign entities doing business in the U.S.) that must follow SEC regulations. Although the announcement did not generate a ton of fanfare off the normal business and cybersecurity sites, the rules will greatly increase resource requirements and actions.

New data shows how the overwhelming majority of phishing attacks on financial institutions dwarf every other industry sector by as much as a factor of 30-to-1. It’s no secret that banks and other types of financial institutions hold all the money, so it should be no surprise that's where cybercriminals focused their malicious activities last year, according to Group IB’s Digital Risk Trends 2023 report.

Researchers at McAfee warn that attackers are increasingly utilizing PDF attachments in email phishing campaigns. “Over the last four months, McAfee Labs has observed a rising trend in the utilization of PDF documents for conducting a succession of phishing campaigns,” the researchers write. “These PDFs were delivered as email attachments. Attackers favor using PDFs for phishing due to the file format’s widespread trustworthiness.".

East River Medical Imaging (ERMI) has three locations in New York City and Westchester County. ERMI is a “multi-modality radiology center,” including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays. They have served New York since 1970 and have a long history of high-quality patient care. At the end of August, an unauthorized actor accessed their network—exposing sensitive information from employees and patients.

Forescout Vedere Labs has identified a total of 21 new vulnerabilities affecting Sierra Wireless AirLink cellular routers and some of its open source components such as TinyXML and OpenNDS, which are used in a variety of other products.

In today’s interconnected business environment, third-party partnerships are essential for growth and operational efficiency. However, these collaborations bring inherent risks, especially in the realm of cybersecurity. Effective third-party risk management is crucial for safeguarding sensitive data and maintaining business continuity.

In an era where businesses are increasingly reliant on third-party vendors for essential services, the significance of a resilient third-party risk management program cannot be overstated. Third-party partnerships can expose organizations to various risks, especially in the domain of cybersecurity. This guide aims to help businesses in building a robust third-party risk management program that is adaptable to the ever-evolving landscape of cyber threats and dynamic business needs.

The landscape of cybersecurity is ever-evolving, and staying one step ahead of cyber threats has become imperative for organizations. Traditionally, many businesses have adopted a reactive approach to cybersecurity, responding to threats and breaches as they occur. However, this approach is no longer sufficient in today’s digital world. Shifting to a proactive stance, powered by threat intelligence, is crucial for enhancing an organization’s security posture.

In the rapidly evolving digital landscape, the approach to cybersecurity has shifted significantly. Proactive cybersecurity has become a necessity rather than a choice, with threat intelligence playing a pivotal role in this paradigm shift. This post explores how threat intelligence forms the cornerstone of a proactive cybersecurity strategy, focusing on its role in predicting and preventing cyber attacks, thereby enhancing an organization’s security posture.

On November 20, the Idaho National Laboratory (INL) confirmed that it had suffered a data breach. The confirmation followed the SiegedSec threat actor group’s circulation of claims that it had “accessed hundreds of thousands of user, employee and citizen data” on social media and hacking forums.