Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

UpGuard

Hackers Ready to Go Anywhere with Critical Vulnerability in GoAnywhere MFT (CVE-2024-0204)

CVE-2024-0204, a critical authentication bypass exploit in Fortra's GoAnywhere Managed File Transfer (MFT) software, allows unauthorized users to create admin users and bypass authentication requirements. GoAnywhere MFT was previously targeted by the Clop ransomware group with CVE-2023-0669. Fortra released a security advisory for CVE-2024-0204 in January 2024 following their December 2023 patch release. Any use of Fortra GoAnywhere MFT versions predating 7.4.1 are affected by the vulnerability.

DNS Security Extensions (DNSSEC) and Cybersecurity Risk

Industries that collect user data, such as finance, healthcare, and government, are high-profile targets for DNS attacks because the data is compelling for malicious actors. Incorporating a variety of security mitigations, including Domain Name System Security Extensions to prevent spoofing attacks, can help an organization prevent data breaches and protect its users and their data from misuse.

A Guide to the UK Modern Slavery Act 2015

Modern slavery is a pervasive global issue all businesses must be aware of to ensure fair working conditions, liveable wages, and safe labor practices exist across their supply chain. Some organizations may be surprised to find out that slavery is still a global concern, as individuals often use the term in a historical context. However, this does not change the fact that victims of modern slavery continue to suffer behind closed doors around the globe.

15 KPIs & Metrics to Measure the Success of Your TPRM Program

Tracking key performance indicators (KPIs) will allow your organization to assess and elevate its third-party risk management (TPRM) program. By monitoring specific metrics over time, your risk management team will be able to reveal your TPRM program’s overall health and particular areas where personnel can implement changes to improve localized performance. According to one 2023 study, about 98% of organizations worldwide are connected to at least one breached third-party vendor.

Industrial Control Systems Security: ISA 62443-2-1:2009

The ISA-62443 series of standards, developed by the International Society of Automation (ISA), is a comprehensive set of guidelines for ensuring the security of Industrial Automation and Control Systems (IACS). ISA 62443-2-1:2009 is one specific standard within this series that focuses on establishing an industrial automation and control systems security system.

The State of University Cybersecurity: 3 Major Problems in 2024

Cybercrime is a growing problem for higher education. Between 2020 and 2021, cyberattacks targeting the education sector increased by 75%. In line with other industries, the education sector is also experiencing a dramatic increase in ransomware attacks. According to the 2022 Verizon Data Breach Investigations Report, 30% of data breaches in the industry were attributed to ransomware attacks.

Remote Access and Cybersecurity Exposure

Between cloud storage and smart devices, remote access to various services has become a mundane fact of life. Remote access empowers software developers and system administrators to manage technical infrastructure without requiring physical access to the server, which supports cloud-based services. Remote desktop solutions can also aid remote users with troubleshooting.

Connect Secure No More: Ivanti's Zero-Day Vulnerabilities (CVE-2024-21887 and CVE-2023-46805)

Two chainable zero-day vulnerabilities face Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS): CVE-2023-46805 and CVE-2024-21887. All supported versions of the Ivanti Connect Secure and Policy Secure Gateways are currently at risk, and Ivanti has confirmed that customers have experienced active exploitation. ICS was previously known as Pulse Connect Secure. ICS offers a virtual private network (VPN) gateway, while IPS provides network access control.