CyberSecure Specialist

21 Nov

CISA Releases Insights from Red Team Assessment of a U.S. Critical Infrastructure Sector Organization

Today, CISA released Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a U.S. Critical Infrastructure Sector Organization in coordination with the assessed organization. This cybersecurity advisory details lessons learned and key findings from an assessment, including the Red Team’s tactics, techniques, and procedures (TTPs) and associated network defense activity. This advisory provides comprehensive technical details of the Red Team’s cyber threat activity, including their attack path to compromise a domain controller and human…

21 Nov

Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!

Insights

In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document…

20 Nov

2024 CWE Top 25 Most Dangerous Software Weaknesses

Attacks, Insights, Malware

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services. Organizations are strongly encouraged to review this list and use it to inform their software security strategies. Prioritizing these weaknesses…

20 Nov

USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards. USDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure…

20 Nov

CISA and Partners Release Update to BianLian Ransomware Cybersecurity Advisory

Attacks, Insights, Malware

Today, CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released updates to #StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures (TTPs) and indicators of compromise attributed to data extortion group, BianLian. The advisory, originally published May 2023, has been updated with additional TTPs obtained through FBI and ASD’s ACSC investigations and industry threat intelligence as of June 2024. BianLian is likely based in…

19 Nov

Fintech Giant Finastra Investigating Data Breach

Data Breaches, Information, Insights

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. London-based Finastra has offices in 42 countries and reported $1.9 billion in revenues last year. The company…

18 Nov

Unlocking Cybersecurity Talent: The Power of Apprenticeships

Insights

Cybersecurity is a fast-growing field, with a constant need for skilled professionals. But unlike other professions — like medicine or aviation — there’s no clear-cut pathway to qualifying for cybersecurity positions. For employers and job seekers alike, this can make the journey to building a team (or entering a successful cybersecurity career) feel uncertain. Enter the registered apprenticeship program — a proven method for developing skilled talent in cybersecurity that benefits both the employer and…

15 Nov

ESET APT Activity Report Q2 2024–Q3 2024: Key findings

Information

Video ESET Chief Security Evangelist Tony Anscombe highlights some of the most intriguing insights revealed in the latest ESET APT Activity Report 14 Nov 2024 What were some of the world’s most notorious advanced persistent threat (APT) groups up to from April to September 2024? Who did they target, and how did their tactics evolve compared to earlier campaigns? ESET researchers recently released a new issue of their APT Activity Report that answers exactly these…

14 Nov

An Interview With the Target & Home Depot Hacker

Data Breaches, Information, Insights

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes. Mikhail “Mike” Shefel’s former Facebook profile. Shefel has since…

14 Nov

ESET Research Podcast: Gamaredon

Information

ESET Research ESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocation ESET Research 13 Nov 2024 • , 1 min. read When describing state-backed threat actors, one would probably expect a super sophisticated, stealthy group capable of avoiding all alarms and defenses with surgical precision. With Gamaredon, most of that goes out the window as this…

CISA Releases Insights from Red Team Assessment of a U.S. Critical Infrastructure Sector Organization

Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!

2024 CWE Top 25 Most Dangerous Software Weaknesses

USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication

CISA and Partners Release Update to BianLian Ransomware Cybersecurity Advisory

Fintech Giant Finastra Investigating Data Breach

Unlocking Cybersecurity Talent: The Power of Apprenticeships

ESET APT Activity Report Q2 2024–Q3 2024: Key findings

An Interview With the Target & Home Depot Hacker

ESET Research Podcast: Gamaredon

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources