Security Bulletin

State-sponsored groups are targeting critical vulnerabilities in virtual private network (VPN) gateways, firewall appliances, and other edge devices to make life difficult for incident responders, who rarely have visibility into the devices.

Security pros must always remember that we are custodians of the digital realm and it’s our job to keep people safe.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms — and in some cases, individual consultants — to obtain licenses to do business, but concerns remain.

Cisco Defense Orchestrator (CDO) provides a powerful REST API to automate and simplify security management tasks. Learn how to get started, and about integrations with Ansible and Terraform.

The threat actor is deploying multiple connections into victim environments to maintain persistence and steal data.

Solutions exist that let organizations adjust the volume of data being processed by their SIEM system.

Proof-of-concept exploits for CVE-2024-3400 are now publicly available.

An open direct vulnerability in the Nespresso Web domain lets attackers bypass detection as they attempt to steal victims' Microsoft credentials.

Security pros say while the target was an unclassified network, the research it manages on emerging technologies could be of interest to adversaries.

The irony is lost on few, as a nation-state threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.

Though organizations are increasingly incorporating zero-trust strategies, for many, these strategies fail to address the entirety of an operation, according to Gartner.