Continuous Monitoring and Protection
Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure Analytics. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper advisory JSA74298 and apply the necessary updates.
Read MoreToday, CISA released the Mitigation Guide: Healthcare and Public Health (HPH) Sector as a supplemental companion to the HPH Cyber Risk Summary, published July 19, 2023. This guide provides defensive mitigation strategy recommendations and best practices to combat pervasive cyber threats affecting this critical infrastructure sector. It also identifies known vulnerabilities for organizations to assess their networks and minimize risks before intrusions occur. For more information and resources, HPH entities are encouraged to visit CISA’s…
Read MoreProsecutors in Finland this week commenced their criminal trial against Julius Kivimäki, a 26-year-old Finnish man charged with extorting a once popular and now-bankrupt online psychotherapy practice and thousands of its patients. In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb…
Read MoreThe Biden for President campaign is searching for a Chief Information Security Officer (CISO) to lead its IT and security division. The campaign said the incoming cybersecurity chief will work to “define the organization’s risk appetite” and direct the formulation and execution of strategic cybersecurity and IT initiatives across the campaign. Back in 2020, the campaign hired former White House cybersecurity adviser Chris DeRusha as its first CISO amidst reports that hackers linked to foreign…
Read MoreCitrix has released security updates addressing vulnerabilities in Citrix Hypervisor 8.2 CU1 LTSR. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Hypervisor Security Bulletin for CVE-2023-23583 and CVE-2023-46835 and apply the necessary updates.
Read MoreCISA has opened a 30-day Federal Register notice to receive public comment on the draft Secure Software Development Attestation Form. CISA developed this form in coordination with the Office of Management and Budget. With the Secure Software Development Attestation Form, federal departments and agencies will be able to obtain attestation of product security from a software producer before using the software on government systems. This form will establish a standardized process for the federal government…
Read MoreToday, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Scattered Spider—a cybercriminal group targeting commercial facilities sectors and subsectors. The advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023. Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their usual TTPs.…
Read MoreSecure Coding Through engaging hacking challenges and competitions, CTFs offer an excellent opportunity to test and enhance your security and problem-solving skills Christian Ali Bravo 13 Nov 2023 • , 3 min. read Cybersecurity is not only an ever-evolving and increasingly important concern in our digital age, but it can also be a lot of fun. Capture The Flag competitions, also known as CTFs, have a lot to do with that. Through hacking challenges of…
Read MoreWe Live Progress Discover six games that will provide valuable knowledge while turning learning about digital security into an enjoyable and rewarding adventure Luiza Pires 14 Nov 2023 • , 4 min. read In this day and age, knowing your way around the digital world is not merely a valuable asset – it is a crucial life skill. With the internet permeating many aspects of our lives, cyberthreats have also proliferated and continue to evolve,…
Read MoreIt’s been said “you cannot control the outcome, but you can control the process.” In today’s world of the “assume-breach” security posture, this has never been more true. Especially when it comes to third-party privilege, one of the most significant attack vectors organizations face. Watch this webinar from Saviynt and SecurityWeek for advice on how to create more trust in your third party relationships by adding sustainable processes and tools that enable you to control…
Read More