Security Bulletin

Hackers are constantly evolving, and so too should our security protocols.

ICIT says the key to resilience is in the four Rs: resourcing, recovery, rehearsals, and response -- all essential to mitigate the risks posed by digital consolidation and ensure the security of critical infrastructure.

China appears to be merging its government and malware operations to create a new surveillance platform for Android devices.

Tying GRC activities to real-world financial outcomes allows risk professionals to bridge the communications gap with business leaders.

Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[This is a Guest Diary by Jean-Luc Hurier, an ISC intern as part of the SANS.edu BACS program]

Sectors like water and energy face disproportional risks due to their unique role and IT/OT environments.

As part of the commitment to CISA's Secure by Design pledge, Snowflake will begin blocking sign-ins using single-factor authentication next year.

Sixteen critical flaws and 54 bugs designated as important priorities fixed for Windows, Office and Edge.

FCC Chairwoman Jessica Rosenworcel recommended "urgent action" to safeguard the nation's communications systems from real and present cybersecurity threats.

The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.