Security Bulletin

The grants are intended to help states, tribes, and localities enhance their cybersecurity resilience by providing them with monetary resources to reduce risks and implement new procedures.

Not only are attacks against macOS users ramping up, but threat actors have proved to be advanced with deepfake technology. Security awareness training may be the best defense.

From "eCrime" actors to fake IT tech workers, CrowdStrike researchers found that adversaries are using AI to enhance their offensive cyber operations.

I implemented a new report today, the "Daily Trends" report. It summarizes noteworthy data received from our honeypot. As with everything, it will improve if you provide feedback :)

Learn how updating to Cisco SD-WAN, Cisco ThousandEyes, and Cisco Secure Routers helped Nestlé manage its global network with greater efficiency and resilience.

An uptick of ransomware activity by the group in late July that uses the vendor's SSL VPN devices for initial intrusion shows evidence of an as-yet-undisclosed flaw under exploitation.

Investing in building a human-centric defense involves a combination of adaptive security awareness training, a vigilant and skeptical culture, and the deployment of layered technical controls.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Just saw something that I thought was long gone. The username "pop3user" is showing up in our telnet/ssh logs. I don't know how long ago it was that I used POP3 to retrieve e-mail from one of my mail servers. IMAP and various webmail systems...

Random numbers are the cornerstone of cryptographic security — cryptography depends on generating random keys. As organizations adopt quantum-resistant algorithms, it's equally important to examine the randomness underpinning them