Held in Breda, Netherlands, this year’s Cyber Resilience Day convened industry leaders and cybersecurity experts to address the topic of supply chain attacks and the latest digital threats. The event showcased a series of keynote speeches, panel discussions, and interactive workshops, equipping attendees with valuable insights and actionable strategies to strengthen their organizations’ cyber resilience.

The Digital Operational Resilience Act (DORA) comes into full effect on January 17, 2025, and aims to prevent and mitigate cyber threats by establishing a comprehensive ICT risk management framework for the EU financial industry. The new EU regulation seeks to ensure that financial institutions and critical ICT providers advance their cybersecurity and operational processes to safeguard their key systems, enhancing the industry’s operational resilience.

A recent cyberattack on Lurie Children's Hospital in Chicago has resulted in a significant data breach, exposing the personal information of 791,000 patients. Despite the hospital's refusal to pay a ransom, a vast amount of sensitive medical data is now at risk. Details of the Attack The cybercriminals infiltrated the hospital's systems, causing severe disruptions to its patient portal, communications, and access to medical records.

A newly discovered spyware tool named MerkSpy is targeting users in Canada, India, Poland, and the U.S., exploiting a patched security flaw in Microsoft MSHTML. This campaign, identified by Foresiet researchers, highlights the critical need for vigilant cybersecurity practices, including stolen credentials detection, darknet monitoring services, and digital footprint analysis. Attack Overview The attack begins with a Microsoft Word document disguised as a job description for a software engineer.

A critical chained vulnerability (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177) has been detected within the open-source printing system CUPS (present in most Linux distributions). Attackers can achieve remote code execution, potentially leading to complete control of the vulnerable system. Detectify customers can assess whether their systems are running affected versions of CUPS.

Modern cybercriminals aren’t just after your average employee. They’re targeting DevOps engineers – the gatekeepers of critical infrastructure and valuable data. 90% of data breaches start with phishing. Traditional awareness training often needs more technical depth. These programs tend to focus on generic red flags (e.g., suspicious links and requests for sensitive information) that are easily recognized by most.

SASE is all about strategically solving business problems. The systematic removal of technology barriers standing in the way of business outcomes. It is a brand new “how” (platform) for a well-known “what” (features). When we started Cato in 2015, we were immersed in skepticism. Can you actually build a cloud network that will replace MPLS circuits with decades of proven reliability?

Following the kick-off of the UEFA EUROs 2024 in Germany, Egress’ Threat Intelligence team has observed a massive spike in Euros-related phishing attacks, recording 7,000 unique campaigns with over 24,000 individual attacks since June 17th, 2024. These attacks are more sophisticated than you might expect, with many attackers choosing to impersonate businesses associated with the tournament rather than impersonating UEFA directly.

As the NIS2 Directive reshapes the cybersecurity landscape across Europe, a key focus for organisations is understanding and managing their critical suppliers. The directive mandates heightened scrutiny and tighter controls around these essential entities, underscoring their importance in your overall cybersecurity strategy. But the pivotal question remains: How do you determine who qualifies as a 'critical supplier'?

1. Limited Scope of Security Metrics Microsoft Secure Score assesses security configurations and behaviors within the Microsoft 365 ecosystem but does not account for external threats. MSPs need a holistic security approach that includes network security, endpoint protection, and third-party integrations, which Secure Score does not cover (S:1).