Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When it comes to securing the manufacturing sector, the consensus is that these organizations should focus on securing their operational technology (OT) from cyberattacks, but this isn’t the full picture. Trustwave SpiderLabs researchers found that the average cybercriminal group would rather target conventional IT environments in manufacturing.

The dark web, often shrouded in mystery and intrigue, is a realm of the internet that exists beyond the reach of traditional search engines. While the Dark Web does harbor a certain notoriety for hosting illegal activities, it also contains valuable information and resources that can be beneficial for professionals involved in cybersecurity, threat intelligence, and investigations.

For starters, it’s no surprise that the findings revealed that organizations’ most prominent threats during 2023 are vulnerabilities not covered by common disclosure processes, like CVEs. Detectify CEO Rickard Carlsson has been talking about this for some time – his article on the trouble with CVEs and vulnerability management in modern tech stacks demonstrates the risks associated with an overly reliant approach to established methods.

Earlier this year, the SEC proposed a new set of rules on cybersecurity governance, which would require public companies to make appropriate disclosures of cyber risks and management procedures. Although the amendments target the financial sector, it is one more evidence of the fact that cybersecurity is no longer a backburner component of business operations. It is a critical factor that can determine the destiny of all kinds of organizations, large or small.

The Service Location Protocol (SLP), as defined in the RFCs, is vulnerable to abuse allowing attackers to use it as a powerful reflective denial-of-service amplification vector. Earlier this year, Bitsight and Curesec published a joint research regarding this flaw tracked as CVE-2023-29552, which details the issue as well as its global impact and exposure.

Applications frequently need to provide authentication credentials to gain access to cloud services and other resources. However, these credentials present a security risk because they are notoriously difficult to keep out of code. According to a GitGuardian report, 10 million credentials were publicly committed to GitHub in 2022. Leaked credentials such as these are a major cause of data breaches and account takeovers.

IT pros need local admin rights on corporate devices to install software, modify configuration settings, perform troubleshooting and so on. But all too often, business users are also routinely granted local admin rights on their computers.

A software bill of materials (SBOM) is a detailed, comprehensive list of all the components within a software application, including the use of open-source software, component dependencies, licenses, and known vulnerabilities. SBOMs provide an inventory of each individual component that comprises the application, much like a list of ingredients in a recipe.

An effective cybersecurity policy incorporates modern cryptography for secure data transmission. Encrypting data protects sensitive information during communication exchange so that only those authorized to decrypt that data can access it. Without encryption, all data transmitted over the public internet is at risk of interception and nefarious reuse. Encryption helps prevent stolen data through a variety of tools, including cryptographic ciphers like the Diffie-Hellman key exchange.

An email account takeover is a type of account takeover attack in which a cybercriminal gains unauthorized access to a user’s email account. Cybercriminals can gain access by stealing your email’s login credentials or finding them on the dark web. When a cybercriminal has gained access to your email account, they can lock you out of your account, monitor your activity, access your sensitive information, take over other accounts and impersonate you.