Sumo Logic Breach Shows Leaked Credentials Still a Persistent Threat
Sumo Logic reported a security breach on November 3, 2023, due to a compromised credential that allowed unauthorized AWS account access.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Lessons Learned From 50+ MOVEit Exploit (CVE-2023-34362) Investigations - Full Webinar
In Q2 2023, Kroll reported a notable shift towards increased supply chain risk, largely driven by the CLOP ransomware gang’s exploitation of the MOVEit transfer vulnerability. The MOVEit exploitation rendered even organizations with mature cybersecurity controls helpless and vulnerable to financial and reputational damage. Only a handful were able to detect the exfiltration, and even fewer could handle the consequences once a trusted partner fell victim.
Improper Authorization in Confluence Data Center and Server (CVE-2023-22518)
In early November, the cybersecurity community witnessed the exploitation of a zero-day vulnerability in Confluence Data Center and Server. This critical vulnerability was related to Improper Authorization and assigned CVE-2023-22518 identifier. In this blog, we delve into the details of these vulnerabilities, their implications, and the necessary mitigation steps to protect your digital assets.
Supply Chain Resilience: Creating an Effective Risk Management Plan
Organizations focus on building resilience in their global supply chain through effective supply chain risk management strategies. The planning process involves identifying potential high-risk factors, analyzing their impact, and developing strategic measures for mitigating risk. In addition, organizations perform due diligence when creating incident response and recovery plans to ensure business continuity and avoid supply chain disruptions.
ChatGPT Allegedly Targeted by Anonymous Sudan DDoS Attack
OpenAI has suffered a successful DDoS attack following the first-ever DevDay—where OpenAI announced ChatGPT-4 Turbo and the GPT Store. OpenAI’s ChatGPT launch was nearly a year ago and has since become the mainstream solution for AI tasks. The software hosts a hearty 180.5 million users, many of whom use the software for professional tasks. The DDoS attack is alarming, not because it happened, but because of who claims the event—Russian-backed Anonymous Sudan.
Weekly Cybersecurity Recap November 10
This week, a variety of cyberattacks and victims have appeared. The pilot union Allied Pilots Association (APA), representing American Airlines pilots, disclosed a ransomware attack early in the week. An active ransomware attack unfolded by Tuesday, targeting LEGO fanatic website BrickLink. Sand LifeStyle members also had exposed data following a breach in Singapore’s Marina Bay Sands resort network.
Unlocking the Power of Enterprise Data Security
By the year 2025, an estimated 463 exabytes will be created daily. For reference, one exabyte is 8,000,000,000,000,000,000 bits. That’s a lot of data. And even though cyber-attacks will increase as the attack surface expands, with cybercrime costing the world $10.5 trillion annually by 2025, data will remain the most valuable resource for today’s global enterprise.
Forward Networks Digital Twin Prevents Misconfigurations Identified by CISA and NSA
In a recently released Cybersecurity Advisory, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) highlighted the most common cybersecurity misconfigurations in large organizations identified through blue team and red team assessments. The advisory stated that these misconfigurations illustrate systemic weakness in many large organizations, including those with mature cyber postures.
