CyberSecure Specialist

09 Feb

The buck stops here: Why the stakes are high for CISOs

Information

Business Security Heavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses? Phil Muncaster 08 Feb 2024  •  , 5 min. read Cybersecurity is finally becoming a board-level issue. That’s as it should be, given the increasingly important role cyber-risk management plays in strategic decision making. Cyber-risk is fundamentally a core…

Read More
09 Feb

Juniper Support Portal Exposed Customer Device Info

Information, Insights

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal. Sunnyvale, Calif. based Juniper Networks makes high-powered Internet routers and switches, and its…

Read More
09 Feb

JetBrains Releases Security Advisory for TeamCity On-Premises

Attacks, Insights, Malware

JetBrains released a security advisory to address a vulnerability (CVE-2024-23917) in TeamCity On-Premises. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Critical Security Issue Affecting TeamCity On-Premises-CVE-2024-23917 and apply the necessary update or workarounds.

Read More
09 Feb

Fortinet Releases Security Advisories for FortiOS

Attacks, Insights, Malware

Fortinet released security updates to address critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313). A cyber threat actor could exploit these vulnerabilities to take control of an affected system. Note: According to Fortinet, CVE-2024-21762 is potentially being exploited in the wild.  CISA encourages users and administrators to review the following advisories and apply necessary updates: FG-IR-24-015 FortiOS FG-IR-24-029 FortiOS

Read More
08 Feb

Left to their own devices: Security for employees using personal devices for work

Information

Business Security As personal devices within corporate networks make for a potentially combustible mix, a cavalier approach to BYOD security won’t cut it Christian Ali Bravo 06 Feb 2024  •  , 6 min. read Since it helped organizations ride out the disruption wrought by the pandemic, remote work (that later often morphed into hybrid work) has cemented its staying power. With the boundaries between work and home becoming blurrier than ever, many people want, or indeed need, to access…

Read More
08 Feb

CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security

Attacks, Insights, Malware

Today, CISA partnered with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish the Principles for Package Repository Security framework. Recognizing the critical role package repositories play in securing open source software ecosystems, this framework lays out voluntary security maturity levels for package repositories. This publication supports Objective 1.2 of CISA’s Open Source Software Security Roadmap, which states the goal of “working collaboratively [with relevant working groups] to develop security principles…

Read More
08 Feb

NIST’s International Cybersecurity and Privacy Engagement Update – International Dialogues, Workshops, and Translations

Insights

Credit: Shutterstock/Michael Traitov With the new year under way, NIST is continuing to engage with our international partners to enhance cybersecurity.  Here are some updates on our international work from the end of 2023 into the beginning of 2024: Conversations have continued with our partners throughout the world on the update to the NIST Cybersecurity Framework (CSF) 2.0.  The current Draft CSF 2.0 has been shared in a public comment period that ended in November 2023.  Stay…

Read More
07 Feb

From Cybercrime Saul Goodman to the Russian GRU

Information, Insights

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU, the foreign military intelligence agency…

Read More
07 Feb

CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance

Attacks, Insights, Malware

Today, CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques. The following federal agencies and international organizations are additional co-authors on the joint advisory and guidance: U.S. Department of Energy (DOE) U.S. Environmental Protection Agency (EPA) U.S. Transportation Security Administration (TSA) Australian…

Read More