Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cisco has released a Product Security Incident Response Team (PSIRT) advisory regarding a zero-day vulnerability in the web UI feature of Cisco IOS XE software. Cisco has stated that the web-based user interface should never be accessible through the public internet, yet research indicates that more than 10,000 Cisco devices have been exploited by an unknown threat actor. This critical vulnerability is being tracked as CVE-2023-20198 and is currently undergoing investigation for active exploitation.

Remote work has increased the usage of Remote Desktop Protocol. However, Remote Desktop Protocol connections can have many vulnerabilities if not properly secured. The best way to secure Remote Desktop Protocol connections is by creating strong login credentials and using a secure network. This will help protect your company from cyberattacks that could compromise sensitive data.

Chicago’s health providers are prime targets for opportunistic hackers; Cook County Health is the most recently discovered victim of a cyber assault. Assailants took advantage of a third-party medical transcription service Perry Johnson & Associates, Inc. (PJ&A) provided. The attack targeted PJ&A’s systems, resulting in the exposure of numerous patient records. If hackers accessed your information during the breach, there’s still time to protect yourself.

If you’re part of a startup or small company and haven’t thought about procurement just yet, chances are that you should. Procurement is the method by which businesses discover, review, and purchase goods or services from an external source. While larger companies may have dedicated procurement teams, it’s important for small businesses to understand the process and consider their approach to avoid challenges down the line. ‍

With the average cost of a data breach now at $4.35 million, it’s time for organizations to take proactive measures to protect themselves against cyber threats. By conducting thorough security testing, organizations can gain a deeper understanding of their security posture and make informed decisions about where to allocate their resources to improve their overall cybersecurity readiness.

Amazon’s Elastic Kubernetes Service (EKS) is a popular managed Kubernetes option that allows customers to benefit from both an offloaded Kubernetes management plane, and the wide range of services that AWS offers. Managed or unmanaged, securing cluster traffic is always critical and, although AWS Security Groups can secure the cluster nodes, securing pod traffic requires something closer to the application data-path.

If your organization has complied with the PCI DSS (Payment Card Industry Data Security Standard) for any length of time, the most recent release (PCI 4.0) is probably not news to you. In fact, despite the new version PCI compliance may feel like business as usual for you. ASV scanning, penetration testing, and a comprehensive compilation of documentation are probably well under way – and you may even have scheduled your next audit with a QSA. Easy, right?

This article was originally published in Cybersecurity Insiders. In our increasingly digitally connected world, cybersecurity risks are at an all time high and only growing. With this in mind, businesses are beginning to embrace and understand, if they didn’t before, just how essential a healthy governance, risk, and compliance (GRC) program is to their organization’s overall success.

Security Magazine reported more than 2,200 daily cyberattacks, which translates to roughly one cyberattack occurring every 39 seconds! As these stakes in cybersecurity continue to reach higher and higher levels, it becomes even more crucial to emphasize securing the very bedrock of elements upon which our digital existence is built.