Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat Intelligence

ThreatQuotient

Navigating the Evolving Threat Intelligence Landscape and Organizational Responsibility

Jan 21, 2025 By Guest Blog In ThreatQuotient
Cyber Rhino Threat Week (which took place from December 9 – 13, 2024) aims to inform, sharing threat intelligence insights and best practices with our customers, partners and industry ecosystem. This keynote session certainly set the stage for the week, exploring the complexities that organizations must consider when establishing and operating an effective Cyber Threat Intelligence (CTI) program.
Read Post
centripetal

Security Bulletin: CVE-2024-55591 Fortinet - Authentication Bypass

Jan 16, 2025 By Bruce Skillern In Centripetal
On January 14, 2025 Fortinet confirmed a critical zero-day vulnerability, CVE-2024-55591, in Fortinet’s FortiOS and FortiProxy systems that has been actively exploited in the wild. This authentication bypass vulnerability allows attackers to gain super-admin privileges via crafted requests to the Node.js WebSocket module, enabling unauthorized access to firewalls, rogue administrative account creation, and configuration changes.
Read Post
ThreatQuotient

3 Trends that Will Shape Cyber Threat Intelligence in 2025

Jan 14, 2025 By Leon Ward In ThreatQuotient
The growing use of AI outside and within organizations is rapidly changing the threat landscape and impacting our approach to threat detection, investigation, and response. As we kickoff 2025, the following three trends suggest that cybersecurity practitioners must continue to advance their use of threat intelligence and are making important progress on that front.
Read Post
centripetal

Security Bulletin: PowerSchool K-12 Data Breach

Jan 10, 2025 By Lauren Farrell In Centripetal
PowerSchool, a widely used cloud-based and on-premises platform, experienced a data breach reported on December 28, 2024. The platform helps K-12 schools manage student and teacher information, including Personally Identifiable Information (PII), attendance records, grades, medical information, and Social Security numbers. The breach affected both cloud and on-premises customers after a compromise of maintenance account credentials allowed the threat actor to exfiltrate sensitive data.
Read Post
centripetal

Security Bulletin: Critical Remote Code Execution Vulnerability in Apache Struts [CVE-2024-53677]

Dec 30, 2024 By Lauren Farrell In Centripetal
A newly discovered critical vulnerability, CVE-2024-53677, in Apache Struts enables remote code execution (RCE) and is actively exploited in the wild using a publicly available Proof-of-Concept (PoC). Apache Struts is an open-source framework for building Java-based web applications. It helps developers create scalable software solutions, that powers everything from e-commerce websites to financial systems and government platforms.
Read Post
Featured Post
ThreatQuotient

Navigating the Evolving Threat Intelligence Landscape and Organisational Responsibility

Dec 18, 2024 By Gigi Schumm, CRO & Shimon Modi, VP, Dataminr In ThreatQuotient
Cyber Rhino Threat Week (which took place from 9th to 13th December 2024) aims to inform, sharing threat intelligence insights and best practices with our customers, partners and industry ecosystem. This keynote session certainly set the stage for the week, exploring the complexities that organisations must consider when establishing and operating an effective Cyber Threat Intelligence (CTI) program. The panel discussion examined how diverse organisational structures, responsibilities, priorities, and desired outcomes influence the role and integration of CTI.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.