%term

The SEC, the SolarWinds Complaint, and the Lack of Transparency

Dec 6, 2023 By Kovrr In Kovrr

‍ The US Securities and Exchange Commission's complaint against SolarWinds and its Chief Information Security Officer (CISO) Tim Brown has sent shockwaves through the cybersecurity community. Solarwinds and Brown have been accused of fraud, the details of which can be found in an extensive 68-page document. ‍ This complaint, in itself a bold move, has been particularly jolting to cyber professionals given the SEC’s July 2023 regulations.

Read Post

Kovrr

Read more about The SEC, the SolarWinds Complaint, and the Lack of Transparency

New York Unit of Worlds Largest Bank Becomes Ransomware Victim

Dec 6, 2023 By Stu Sjouwerman In KnowBe4

The ransomware attack on ICBC Financial Services caused disruption of trading of U.S. Treasuries and marked a new level of breach that could have massive repercussions. When we saw the attack on the Colonial Pipeline back in 2021, the impact was felt throughout the Southeast United States. Any attack on key businesses that keeps an economy running will have some form of impact should the attack be successful.

Read Post

KnowBe4

Read more about New York Unit of Worlds Largest Bank Becomes Ransomware Victim

CTI Roundup: Multiple Cyber Threats from North Korean Groups and a Telegram Bot Phishing Scam

Dec 6, 2023 By Tanium In Tanium

North Korean hackers pose as job seekers and recruiters, the Telekopye Telegram bot enables large-scale phishing scams, and DPRK-aligned threat actors target macOS in two campaigns.

Read Post

Tanium

Read more about CTI Roundup: Multiple Cyber Threats from North Korean Groups and a Telegram Bot Phishing Scam

Don't Be Fooled By This Sneaky Disney+ Scam

Dec 6, 2023 By Stu Sjouwerman In KnowBe4

A phishing campaign is impersonating Disney+ with phony invoices, according to researchers at Abnormal Security. The phishing emails targeted individuals at 22 organizations in September. “The first step in this multi-stage attack is a seemingly auto-generated notification email informing the target of a pending charge for their new Disney+ subscription,” the researchers explain.

Read Post

KnowBe4

Read more about Don't Be Fooled By This Sneaky Disney+ Scam

Request smuggling and HTTP/2 downgrading: exploit walkthrough

Dec 6, 2023 By Love Andrén In Outpost 24

During a recent penetration test on a customer application, I noticed weird interactions between the web front-end and back-end. This would eventually turn out to be a vulnerability called HTTP request smuggling, enabled by the fact that the front-end was configured to downgrade HTTP/2 requests to HTTP/1.1. With the help from my colleague Thomas Stacey, we were able to construct an exploit chain with response queue desynchronization along with traditional HTTP/1.1 request smuggling techniques.

Read Post

Outpost 24

Read more about Request smuggling and HTTP/2 downgrading: exploit walkthrough

90% of Energy Companies Experienced a Third-Party Breach

Dec 6, 2023 By SecurityScorecard In SecurityScorecard

More than two years after the major U.S. pipeline ransomware incident, the SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has released a new report revealing that 90% of the largest global energy companies have experienced a third-party breach in the past 12 months. This research highlights the uphill battle faced by the energy industry in combating emerging threats across the supply chain.

Read Post

SecurityScorecard

Read more about 90% of Energy Companies Experienced a Third-Party Breach

Coffee Talk with SURGe: The Interview Series featuring Eric McGinnis

Dec 6, 2023 By Splunk In Splunk

Join Audra Streetman and special guest Eric McGinnis, Senior Threat Researcher at Splunk, for a conversation about Detection as Code and how it helps to streamline the threat detection process, especially at scale.

View Video

Splunk

Read more about Coffee Talk with SURGe: The Interview Series featuring Eric McGinnis

Third-Party Data Breach Response Playbook

Dec 6, 2023 By SecurityScorecard In SecurityScorecard

The risk of data breaches has become an omnipresent concern for businesses and organizations. And as technology continues to evolve, so do the tactics of cybercriminals. One critical aspect of cybersecurity strategy involves preparing for and responding to third-party data breaches. A well-constructed response playbook is indispensable in mitigating the potential damages and ensuring a swift recovery.

Read Post

SecurityScorecard

Read more about Third-Party Data Breach Response Playbook

Securing your cloud infrastructure with Tines & Wiz

Dec 6, 2023 By Tines In Tines

Wiz and Tines offer a powerful solution to remediate any cloud risks detected in minutes. Wiz scans your entire cloud infrastructure and gives you complete visibility into anything that runs in it - raising vulnerabilities and bringing them to the forefront. Tines’ no-code platform then transforms, analyzes, and prioritizes information from Wiz to handle cloud remediation alerts automatically without needing to engage developers or write a single line of code.

View Video

Tines

Read more about Securing your cloud infrastructure with Tines & Wiz

Centripetal Partners With Tiger to Provide Cutting-Edge Cybersecurity Innovation to the UK Market for the First Time

Dec 5, 2023 By Centripetal In Centripetal

Centripetal announces that its award winning, patented cybersecurity threat solution is available for the first time ever across the UK as a result of its strategic partnership with Tiger. With this partnership, Tiger and its customers will have a stronger approach to cybersecurity, putting operationalised threat intelligence at the forefront, moving from a reactive to proactive defence, and helping security teams be more efficient and effective.

Read Post