Continuous Monitoring and Protection
Oracle released its Critical Patch Update Advisory for January 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s January 2024 Critical Patch Update Advisory and apply the necessary updates.
Read MoreCitrix released security updates to address vulnerabilities (CVE-2023-6548 and CVE-2023-6549) in NetScaler ADC and NetScaler Gateway. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Citrix CTX584986 Security Bulletin and apply the necessary updates.
Read MoreToday, CISA, the Federal Bureau of Investigation (FBI), and the Environmental Protection Agency released a joint Incident Response Guide for the Water and Wastewater Systems (WWS) Sector. The guide includes contributions from over 25 WWS Sector organizations spanning private industry, nonprofit, and government entities. This coordination enabled CISA, FBI, and EPA to develop a guide with meaningful value to WWS Sector organizations. Specifically, the guide provides information about the federal support available at each stage…
Read MoreAtlassian released a security advisory to address a vulnerability (CVE-2023-22527) in out-of-date versions of Confluence Data Center and Server as well as its January 2024 security bulletin to address vulnerabilities in multiple products. A malicious cyber actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Atlassian Confluence Vulnerability advisory and Atlassian’s January 2024 Security Bulletin and apply the necessary updates.
Read MoreScams, Digital Security Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible deal Phil Muncaster 17 Jan 2024 • , 5 min. read If you’re on social media or use Google Shopping, the chances are you’ve been bombarded with adverts for Temu, a Chinese e-commerce marketplace that offers rock-bottom prices compared to equivalents in the West.…
Read MoreThe rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as “Internet Swiping” and “Million Dollar Criminal” earning millions of views, Punchmade has leveraged his considerable following to peddle tutorials on how to commit financial crimes online. But until recently, there wasn’t much to support a conclusion that Punchmade was actually doing the cybercrime things he promotes in…
Read MoreVMware released a security advisory to address a vulnerability (CVE-2023-34063) in Aria Operations. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2024-0001 and apply the necessary update.
Read MoreBusiness Security By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk Phil Muncaster 16 Jan 2024 • , 5 min. read Cloud computing is an essential component of today’s digital landscape. IT infrastructure, platforms and software are more likely to be delivered today as a service (hence the acronyms IaaS, PaaS and SaaS, respectively) than in a traditional on-premises configuration.…
Read MoreToday, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Known Indicators of Compromise Associated with Androxgh0st Malware, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Androxgh0st malware establishes a botnet for victim identification and exploitation in vulnerable networks, and targets files that contain confidential information, such as credentials, for various high profile applications. Threat actors deploying Androxgh0st…
Read MoreBusiness Security How wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risks Mario Micucci 11 Jan 2024 • , 4 min. read In the untold expanse of online information and communication, the ability to find the signal in the noise and discern the authenticity of data and its sources becomes increasingly critical. We’ve previously looked at the mechanics of open source intelligence (OSINT), the practice of…
Read More