Guidance to help cyber threat intelligence analysts apply MITRE ATT&CK
CISA has partnered with the Homeland Security Systems Engineering and Development Institute (HSSEDI), which worked with the MITRE ATT&CK team, to issue guidance to help …
New TSA security directive is a needed shock to the system
The Department of Homeland Security’s Transportation Security Administration (TSA) announced a Security Directive that will enable the Department to better identify, protect …
Enhancing cyber resilience in the oil and gas industry
The World Economic Forum (WEF) has brought together industry and cybersecurity experts from companies and organizations such as Siemens Corp, Saudi Aramco, Royal Dutch Shell, …
Security must become frictionless for companies to fully secure themselves
Ensuring adequate security in the face of a rapid increase in the quantity and sophistication of cyberattacks requires more effort and resources than most organizations are …
Attackers are exploiting zero-day in Pulse Secure VPNs to breach orgs (CVE-2021-22893)
Attackers have been exploiting several old and one zero-day vulnerability (CVE-2021-22893) affecting Pulse Connect Secure (PCS) VPN devices to breach a variety of defense, …
FBI removes web shells from hacked Microsoft Exchange servers
Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable on-premises versions of Microsoft Exchange Server …
4 things you can do to minimize cyberattacks on supply and value chains
Supply chain attacks target the weakest spot in most every enterprise’s security program: third-party access. The SolarWinds hack was a classic supply chain attack, …
SAP partners with Onapsis to mitigate active threats against unprotected SAP applications
SAP and Onapsis jointly released a cyber threat intelligence report providing actionable information on how malicious threat actors are targeting and potentially exploiting …
Vulnerabilities in ICS-specific backup solution open industrial facilities to attack
Claroty researchers have found and privately disclosed nine vulnerabilities affecting Rockwell Automation’s FactoryTalk AssetCentre, an ICS-specific backup solution. All of …
CMMC Accreditation Body appoints Matthew Travis as CEO
The CMMC Accreditation Body (CMMC-AB) Board of Directors announced the appointment of Matthew Travis as the CMMC-AB’s first CEO effective April 1, 2021. In this role, Mr. …
Automatically mitigate ProxyLogon, detect IoCs associated with SolarWinds attackers’ activities
Microsoft has updated its Defender Antivirus to mitigate the ProxyLogon flaw on vulnerable Exchange Servers automatically, while the Cybersecurity and Infrastructure Security …
Ransomware provides the perfect cover
Look at any list of security challenges that CISOs are most concerned about and you’ll consistently find ransomware on them. It’s no wonder: ransomware attacks cripple …