You are here

Home » Cybersecurity

Cybersecurity

Ransomware Resilience – Strategies for Improving Attack Outcomes

Ransomware continues to be a significant threat to organizations of all sizes. While the Sophos State of Ransomware 2024 report shows ransomware attacks across the board are down from its 2023 report (which is thought to be because of law enforcement action), a report from Mandiant published yesterday indicates that despite global law enforcement coordination, the number of incidents continue to rise unabated.

(TLP:CLEAR) MS-ISAC Advisory: A Vulnerability in Check Point Security Gateways Could Allow for Credential Access

WaterISAC is passing through this MS-ISAC Cybersecurity Advisory shared yesterday regarding a recently discovered vulnerability in Check Point Security Gateways, which has the potential to allow credential access. The advisory includes an overview, threat intelligence briefing, a technical summary, and recommended mitigations. WaterISAC encourages members who use Check Point Security Gateways to review the advisory and apply proper mitigations as recommended.

CISA: Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access

CISA sent an alert yesterday regarding recent statements from data cloud company Snowflake. This comes following the data breaches of Santander and Ticketmaster, both Snowflake customers, potentially affecting over 590 million accounts. Snowflake stated it recently observed and is investigating an increase in cyber threat activity targeting some of its customers’ accounts.

NSA Cybersecurity Information Sheet: Advancing Zero Trust Maturity Throughout the Visibility and Analytics Pillar

The NSA recently published a Cybersecurity Information Sheet (CSI) continuing its focus on zero-trust security, this time looking at the Visibility and Analytics Pillar of the Zero Trust (ZT) framework. The NSA urges organizations to utilize the guidance in the report to systematically mitigate risks and rapidly identify, detect, and respond to emerging cyber threats. The NSA recommends the following actions:

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 4, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Four Industrial Control Systems Advisories

Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.

Threat Awareness – Microsoft Office365 Suite of Threats

As Office365 software applications continue to be used regularly by the majority of users in virtually all industries, the threats that lurk in the software suite affect practically all who use a computer, including systems administrators and users alike. While these threats are nothing new, certain developments have made them more dangerous – like how Microsoft started allowing the use of python scripts within Excel since September 2023 for instance, increasing the potential for malicious use.

Pages

Subscribe to Cybersecurity