The publication of the final program rule for the Cybersecurity Maturity Model Certification (CMMC) Program, 32 CFR Part 170, in the Federal Register on October 15, 2024, was an important milestone toward ensuring the confidentiality of sensitive defense information and stemming the theft of that information by foreign adversaries. The rule becomes effective and the CMMC Program comes into existence on December 16, 2024.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from October.

Each October, the cybersecurity industry recognizes Cybersecurity Awareness Month, an international initiative first launched by the National Cybersecurity Alliance in 2004 to provide education about online safety and empower individuals and businesses to protect their data from cybercrime. This October, Keeper Security took this important commemorative month one step further. We decided that it’s time to move from knowing digital risks to taking decisive action to prevent damaging cyber attacks.

Where are your credentials and secrets, and how are you protecting them? These are fair questions, considering the pervasiveness of secrets sprawl. We recently conducted research over 12 months to determine where enterprises’ secrets were residing within their systems, like GitHub, Confluence, Zendesk and Slack. In addition to API keys and passwords, secrets like SSL certificates, usernames and others are spilling into enterprises’ cloud environments and increasing the risk of a breach.

It's more important than ever to protect network assets as cyber threats keep changing. Encrypting Ethernet IP addresses is one way to make a network safer. This helps keep private data from being intercepted and accessed by people who aren't supposed to be there. For businesses that want to make their network interactions safer, they need to know how to encrypt Ethernet IP address. Encrypting network addresses makes data sent over Ethernet less vulnerable to attacks.

Since data breaches are becoming more common and online threats are always changing, strong encryption methods are needed to keep private data safe. NSA Suite B Encryption is one of these standards. It was made by the National Security Agency (NSA) to provide a group of safe cryptographic methods. These algorithms are very important for keeping private information safe in many areas, such as the government, the military, and the private industry.

Today's digital world is always at risk from malware, so it's more important than ever to have good safety habits. Most of the time, the first thing a company does when they find a disease is isolate the threat. This process comes up with the idea of "quarantined malware," which is malicious software that has been found and put somewhere else so it can't do more damage. For a company, this is a very important part of their security plan because it keeps systems safe from attacks.

Protecting your business-critical data and applications requires understanding two essential strategies: high availability and disaster recovery. While both aim to keep systems operational, they serve distinct purposes and operate on different timelines. This article explains these key differences, provides implementation best practices, and showcases advanced solutions that combine these crucial strategies.

Phishing remains a top initial access vector for cyberattacks, according to researchers at Cisco Talos. The researchers have published a report on threat trends in the third quarter of 2024, finding that attackers are increasingly targeting valid accounts to gain footholds within organizations.

Cybercriminals are offering tools to help phishing pages avoid detection by security tools, according to researchers at SlashNext. “Anti-bot services, like Otus Anti-Bot, Remove Red, and Limitless Anti-Bot, have become a cornerstone of complex phishing operations,” the researchers write. “These services aim to prevent security crawlers from identifying phishing pages and blocklisting them.