The Cybersecurity Maturity Model Certification (CMMC) has been around for a few years. And, in its short tenure, it has, itself, matured. The current version of the CMMC is 2.0, released in November 2021. In the latest version of the model, the original five-level model hierarchy was collapsed into three distinct levels: Foundational, Advanced, and Expert.

People are one of the most common factors contributing to successful data breaches. Let’s dive in deeper into the latest Verizon Data-Breach Investigations Report (DBIR) to find out how and why users are a contributor to the problem.

The New Verizon DBIR is a treasure trove of data. As we covered here, and here, people are one of the most common factors contributing to successful data breaches. Let’s drill down a bit more in the Social Engineering section. They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill.

We occasionally learn of articles and papers that claim that security awareness training and/or simulated phishing campaigns are not effective. We don’t want to disparage what these individuals have found in their own experience, and we encourage everyone to find out how various social engineering mitigations work for themselves and their environments.

An attack exploiting CVE-2023-34362, a zero-day vulnerability in the MOVEit file transfer software, was disclosed at the start of June, with additional victims still being uncovered. The vulnerability is an SQL injection vulnerability that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. The attack was carried out by at least one threat who gained unauthorized access to the software and stole sensitive data from affected organizations.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. The Cl0p attack is all over the news here in the UK. Looks pretty dreadful for all those concerned…

Today, Fireblocks integrates with Metamask Institutional to provide the best wallet security, portfolio management, and DeFi access for institutional investors and traders. Fireblocks users will now be able to access MMI’s extensive suite of portfolio management solutions and DeFi access to invest, trade, lend, and borrow on over 17,000 dApps. The integration will enable Fireblocks users to monitor and manage their DeFi portfolio from a single platform.

The latest video in our Snyk Partner Speak Series showcases how Snyk and Dynatrace bring complementary capabilities to different parts of the DevSecOps lifecycle. Check it out and learn how the integration enables organizations to observe, investigate, fix, and govern with a single solution. The Snyk DevSecOps Lifecycle Coverage App is the newest milestone in the Snyk and Dynatrace strategic alliance.

Box is a content cloud that helps organizations securely manage their entire content lifecycle from anywhere in the world, powering over 67% of Fortune 500 businesses. As a cloud-first SaaS, the company provides customers with an all-in-one content solution within a highly secure infrastructure, where organizations can work on any content, from projects and contracts to Federal Risk and Authorization Management Program (FedRAMP)-related content.

On June 7th, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory highlighting the recent efforts of threat actors to disseminate CL0P ransomware. The various malicious indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) being leveraged by the threat actors are listed in US-CERT Alert (AA23-158A) – CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.