Security Bulletin

Today, I noticed the following URL showing up in our "First Seen" list:

Brand-new vulnerabilities from both vendors this week — one exploited in the wild — add to a steady stream of critical security issues in the security platforms.

Breach Protection Premier defends your organization from the most sophisticated threats while helping you operate with confidence.

Whether they are motivated by financial gain, nefariously hired to breach a certain target, or perhaps an activist’s cause, active adversaries will keep on trying.

Today, CISA—on behalf of the collective group of industry and government partners that comprise the Joint Cyber Defense Collaborative (JCDC)—released JCDC’s 2024 Priorities. Similar to the 2023 JCDC Planning Agenda, JCDC’s 2024 Priorities will help...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-43770 Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are...

The most promising passwordless technology isn't enterprise-ready. Focus on feasible IAM upgrades that will strengthen your security posture until passwordless solutions mature.

A new survey finds that zero-trust efforts frequently go off the rails. We look at what it takes to establish a successful ZT-forward strategy.

Automated patching, scheduling, and reporting can help water utilities offset the challenges presented by legacy OT and ICS systems.

After the US and its allies formally accused China of irresponsible and malicious behavior in cyberspace back in 2021, the government there has been on a mission to cast the US in the same light.

Attackers are breaching cloud environments and playing games with corporate Microsoft 365 apps, and further victims are likely to come.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.