A selection of this week’s more interesting vulnerability disclosures and cyber security news. A rather cunning and slippery (see what I did there?) shell script to watch out for…

This blog post delves into a critical yet often neglected aspect of cyber risk analysis —adding organizational context by understanding and prioritizing the importance of assets. Without considering the unique business context of an organization, security teams cannot effectively prioritize and remediate what matters most to their organization.

On February 20, 2024, we published a security bulletin detailing newly disclosed authentication bypass and path traversal vulnerabilities in ConnectWise ScreenConnect. Shortly after the bulletin was sent, ConnectWise updated their security bulletin with IOCs from observed active exploitation of these vulnerabilities. On February 21, 2024, the vulnerabilities were assigned the following CVE numbers.

On February 20, 2024, the National Crime Agency (NCA) of Britain and the Federal Bureau of Investigation (FBI) announced the successful disruption of the Lockbit ransomware gang, marking a significant milestone in the fight against cybercrime. This operation, known as Operation Cronos, was a collaborative effort involving law enforcement agencies from the UK, the US, and several other countries, with support from private sector partners.

No, it is not safe to text a password because text messages are not encrypted. This means anyone can intercept the data being sent through texts, including passwords, placing your accounts at risk of becoming compromised. Continue reading to learn more about password-sharing practices to avoid and how you can share passwords safely with friends, family and colleagues.

In an era where artificial intelligence (AI) crafts indistinguishably realistic deepfakes, India stands at a critical juncture, facing the formidable task of defending its digital domain. These AI-generated forgeries, capable of impersonating individuals with frightening accuracy, pose not just a threat to personal privacy but also to national security, misinformation control, and the integrity of digital transactions.

In the dawn of 2024, the digital landscape is undergoing a profound transformation as digital identity solutions redefine the way we perceive and interact with our identities. This revolution promises a future where our smartphones serve as gateways to our entire identities, offering unparalleled convenience and security.

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber weaknesses, especially when it comes to ransomware.

A cybersecurity vendor questionnaire is vital in assessing the competency and reliability of potential partners. It serves as a comprehensive tool to evaluate various aspects crucial for safeguarding sensitive data and infrastructure. Through detailed inquiries about security protocols, compliance measures, incident response plans, and past breach incidents, the questionnaire helps gauge the vendor’s commitment to robust cybersecurity practices.

After a years-long investigation, this week the FBI and law enforcement agencies in the UK and Europe took over the main website of the cybercrime group known as LockBit. Law enforcement additionally arrested LockBit associates in Poland, Ukraine, and the U.S. and the U.S. Treasury imposed sanctions on Russian nationals affiliated with the group. The joint operation re-engineered LockBit’s online system to mimic the countdown clock used by the group in its extortion attempts.