Cybersecurity Snapshot: Critical Infrastructure Orgs Must Beware of China-backed Volt Typhoon, Cyber Agencies Warn
February 9, 2024The Volt Typhoon hacking gang is stealthily breaching critical infrastructure IT environments so it can strike on behalf of the Chinese government, cyber agencies say. Plus, ransomware gangs netted $1 billion-plus in 2023. In addition, new group tasked with addressing the quantum computing threat draws big tech names. And enterprises go full steam ahead with generative AI, despite challenges managing its risks. And much more!
Keep the Water Flowing for the DoD: Securing Operational Technology from Cyberattacks
February 6, 2024Malicious actors are ramping up attacks against water and wastewater systems (WWS), which are not only attractive targets but also complex to protect. The U.S. Department of Defense (DoD) in particular operates a large number of WWS facilities. Read on to learn how a strong cybersecurity program can help the DoD significantly reduce the cyber risk of its WWS systems.
Frequently Asked Questions on Security Incident at AnyDesk
February 2, 2024Frequently asked questions relating to a security incident at AnyDesk that was publicly disclosed on February 2.
Cybersecurity Snapshot: Attackers Hack Routers To Hit Critical Infrastructure, as CISA Calls for More Secure Router Design
February 2, 2024CISA is calling on router makers to improve security, because attackers like Volt Typhoon compromise routers to breach critical infrastructure systems. Meanwhile, data breaches hit an all-time high in the U.S. Plus, Italy says ChatGPT violates EU privacy laws. And a cyber expert calls on universities to beef up security instruction in computer science programs. And much more!
Poor Identity Hygiene at Root of Nation-State Attack Against Microsoft
February 1, 2024The latest breach suffered by Microsoft shows once again that detection and response are not enough. Because the source of an attack almost always boils down to a single overlooked user and permission, it’s critical for organizations to have strong preventive security.
CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently Asked Questions for Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
January 31, 2024Frequently asked questions for five CVEs affecting Ivanti Connect Secure and Policy Secure Gateways, with three of the vulnerabilities having been exploited in the wild as zero-days.
Cloud Leaders Sound Off on Key Challenges
January 31, 2024Too many identities, systems and cooks in the kitchen cloud an already complex mandate.
Not a Blackbelt in Attack Path Analysis? Tenable ExposureAI Helps You Achieve Proactive Security
January 30, 2024With attacks becoming more sophisticated, security teams must spend more time analyzing different entry points into the organization, as well as numerous tactics, techniques and procedures. Find out how Tenable ExposureAI helps you overcome these challenges and enhances your efficiency and productivity for stronger proactive security.
Cybersecurity Snapshot: New Guide Details How To Use AI Securely, as CERT Honcho Tells CISOs To Sharpen AI Security Skills Pronto
January 26, 2024Cyber agencies from multiple countries published a joint guide on using artificial intelligence safely. Meanwhile, CERT’s director says AI is the top skill for CISOs to have in 2024. Plus, the UK’s NCSC forecasts how AI will supercharge cyberattacks. And a global survey shows cyber pros weighing pros and cons of AI. And much more!
Strengthening Cyber Protections in the DoD's OT Systems
January 24, 2024Operational technology plays a major role in many aspects of the U.S. Department of Defense — including in military operations, in the infrastructure on bases and throughout the supply chain. Strengthening the cyber defenses of these systems is imperative. Here’s what you need to know.
CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Vulnerability
January 23, 2024Proof-of-concept exploit details are available for a newly disclosed critical vulnerability in Fortra GoAnywhere Managed File Transfer (MFT), a product historically targeted by ransomware
CVE-2023-22527: Atlassian Confluence Data Center and Server Template Injection Exploited in the Wild
January 23, 2024In the wild exploitation has begun for a recently disclosed, critical severity flaw in Atlassian Confluence Data Center and Server