On-demand cyber risk quantification (CRQ) models have the power to assess an organization’s unique risk profile and, subsequently, generate data-driven insights that facilitate informed risk management decisions. The basis of these insights is grounded on a probabilistic approach to event forecasting, which involves simulating thousands of potential cyber scenarios a business may experience over a given period, typically the upcoming year.

The Zenity Labs team has discovered that non-administrator users can modify existing flows that were connected to Einstein by an administrator, influencing Einstein without having the necessary permissions to edit it directly. In doing so, bad actors can easily insert malicious actions into flows that are triggered by business users throughout the enterprise, including phishing attacks, data exfiltration, and more.

Security practices in DevOps have evolved from being a minor concern to one of the main focus points, which resulted in the DevSecOps movement. It’s about “shifting security to the left” in the software development lifecycle – so the security measures are a fundamental component. Traditionally, security management was moved to the final stages of developing software, and it has proven its ineffectiveness in dealing with the challenges of modern software projects.

In a sophisticated cyber espionage campaign, a group of Chinese hackers has exploited a critical vulnerability in GeoServer to target government organizations across the Asia-Pacific (APAC) region. This operation, linked to the advanced persistent threat (APT) group known as Earth Baxia, highlights the evolving landscape of cyber threats facing sensitive sectors, including government and energy.

A high severity OS command injection vulnerability, CVE-2024-8190, has been found in Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 518 and earlier. This flaw allows attackers with admin access to remotely execute malicious commands, potentially taking full control of the system. Ivanti has already released updates, but this command injection vulnerability is actively exploited in the wild, making immediate action critical.

HTML smuggling techniques have been around for quite some time. A previous Trustwave SpiderLabs’ blog discussed its use in distributing malware by storing binaries in immutable blob data within JavaScript code that gets decoded on the client-side browser, eventually delivering the payload.

London, UK, September 24th, 2024 – We are thrilled to announce that The Cyber Helpline has emerged victorious at this year’s National Cyber Awards, securing three prestigious awards! For the fourth year in a row, we have been honored as the Not-for-Profit Cyber Award winner, alongside recognition for individual achievements, including the Alan Turing Award (Rory Innes) and the Cyber Student of the Year Award (Alex Hardy).

Industrial Control Systems (ICS) have become a ubiquitous part of modern critical infrastructure. Automatic Tank Gauge (ATG) systems play a role in this infrastructure by monitoring and managing fuel storage tanks, such as those found in everyday gas stations. These systems ensure that fuel levels are accurately tracked, leaks are detected early, and inventory is managed efficiently.

Financial institutions must adhere to stringent regulations set forth by the Federal Deposit Insurance Corporation (FDIC) to ensure the security and confidentiality of customer information. Title 12, Chapter 3, Subchapter B, Part 364 of the Code of Federal Regulations is particularly important, outlining the standards for information security that these institutions must follow, especially regarding the handling of customer information and data.

Every step you take, every move you make, some company will be watching you. While user activity monitoring may sound invasive at first, the growing number of insider and external threats makes it compulsory for companies to understand how users interact with their systems. 43% of workers report their employer monitors their online activity, and this percentage rises to 48% for hybrid employees.