On December 5th, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory that confirmed the exploitation of CVE-2023-26360 at a Federal Civilian Executive Branch (FCEB) agency by unknown threat actors. Exploiting this vulnerability allowed threat actors to gain access to the FCEB agency network on two separate occasions in June 2023.
Now that endpoint detection and response (EDR) solutions have become standard, it’s time to look at what’s next. In light of the ever-increasing attack surface, rampant proliferation of ransomware, and continued remote work environments, security leaders must proactively find new and innovative tools to protect endpoints from attack.
The first deadline for compliance with the Payment Card Industry Data Security Standard (PCI DSS) Version 4.0 is March 31, 2024. If your v4.0 compliance initiative is not already underway, it should be a major priority over the next 2–3 quarters.
In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including NoEscape ransomware, AvosLocker ransomware, and Retch ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.
On November 21st, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) released an advisory highlighting the ongoing exploit of the Citrix Bleed Vulnerability (CVE-2023-4966) by Lockbit 3.0 affiliates.
From compliance with more rigorous cybersecurity regulations to navigating the shifting complexities of cyber liability insurance, CISOs and other cybersecurity leaders are gaining a growing number of non-technical responsibilities.
Since the start of Bitcoin in 2009, the popularity and prevalence of cryptocurrencies has exploded, resulting in a net worth of over $1 trillion that continues to grow. Cryptocurrency—held in virtual wallets—is obtained by users who purchase coins on a cryptocurrency exchange, receive coins as payment from someone else, or “mine” coins virtually themselves.
In the first two installments of this three-part series based on our recent white paper, The Skeptic’s Guide to Buying Security Tools, we provided an evidence-based approach to helping your organization justify a new security tool purchase and key considerations to future-proof that investment. In today’s post, we’ll discuss how to evaluate the efficacy of that tool once you’ve made the purchase and implemented it within your security ecosystem.
In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including NoEscape ransomware, AvosLocker ransomware, and Retch ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.
The MITRE ATT&CK framework is one of the most commonly used resources within the SafeBreach platform. At SafeBreach’s 2023 Validate Summit—an event that brings security experts together to discuss challenges and best practices in proactive cybersecurity—SafeBreach Co-Founder and CTO Itzik Kotler sat down with Frank Duff, the Chief Innovation Officer at Tidal Cyber, to discuss threat informed defense and MITRE ATT&CK.
