Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The disparities in some key areas in our 2022 Devo SOC Performance ReportTM provide clear evidence that the issues facing organizations since the start of the global pandemic in early 2020 continue to affect SOC performance, especially in the areas of hiring and retaining SOC talent.

On the internet, we’re all Hansel and Gretel. But the trail of breadcrumbs we leave behind when searching, posting on social media or shopping online aren’t designed to help us find our way back home. Instead, they’re designed to help the companies we interact with provide a richer, more customized and useful online experience.

Have you ever watched a scary movie where a young couple comes home to find the front door cracked open or windows thrown wide, curtains billowing in the autumn evening breeze? As the couple approaches the house, the tense music swells and we grip our armrests, struck by the terrifying realization that anyone — or anything — could be awaiting them inside.

Torq is extremely proud to have Jason Chan on our advisory board. Jason has more than 20 years of experience working in cybersecurity. He’s one of the world’s leading experts in adopting security automation, cloud security, and enhancing security in modern software development practices. Jason’s most recent career experience was leading the information security organization at Netflix for more than a decade.

It’s no secret that cyber attacks — especially ransomware attacks — are increasing across industries and organizations. Attack methods are evolving and rapid digitization, along with the rise of cloud computing and a remote workforce, are creating new threat vectors and exposing new vulnerabilities. One industry that has become a major target for attacks is the automotive industry.

Previously published blog post: Recently, Arctic Wolf observed threat actors begin exploiting CVE-2022-40684, a critical remote authentication bypass vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager.

On Tuesday, October 11th, 2022, Aruba disclosed three critical vulnerabilities impacting EdgeConnect Enterprise Orchestrator. The vulnerabilities, CVE-2022-37913, CVE-2022-37914, CVE-2022-37915, are remote code execution and authentication bypass vulnerabilities that could enable remote threat actors to compromise a host. In order for a threat actor to exploit these vulnerabilities, WAN access would need to be available for the CLI and/or web-based management interfaces.