Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

‍Cybersecurity has become crucial for businesses and government entities in today's ever-changing digital landscape. While various frameworks and guidelines are available, the Australian Signals Directorate's "Essential Eight" is an effective and practical approach to strengthening an organization’s security against cyber attacks and threat actors.

When organizations hear “third-party risk management,” they often consider the processes needed to mitigate risks when working with a third-party vendor. These can include procurement risks and risks associated with starting new vendor relationships, often referred to as "onboarding,”—but what about when a working relationship ends?

On Wednesday, October 18, 2023, we discovered attacks on our system that we were able to trace back to Okta – threat actors were able to leverage an authentication token compromised at Okta to pivot into Cloudflare’s Okta instance. While this was a troubling security incident, our Security Incident Response Team’s (SIRT) real-time detection and prompt response enabled containment and minimized the impact to Cloudflare systems and data.

The Kroll Detection and Response Maturity Model analyses 1,000+ security programs from organisations around the world to identify their actual maturity, the ROI of mature programs and what security leaders can do to elevate their detection and response capabilities. The report leverages data uncovered in our The State of Cyber Defense 2023: The False-Positive of Trust, which looked at responses from 1,000 global security decision-makers.

AIDS Alabama Incorporated (AAI) serves over 8,000 Alabama residents, assisting them with emotional and medical support where possible. They are a clinic of humanitarian advocates, helping community members with housing and food; AAI is also an outspoken supporter of Black Lives Matter, substance abuse help, and preventative education. Your data may be at risk if you’ve received services or assistance from AAI.

This week, we noticed increased targeting of medical information; surgeries, health centers, and clinics were all made victims by successful hacking plots. The most recent attack involved Chicago’s Cook County Health. Alabama and Virginia also had specialized assaults, resulting in three data breaches across the states. Shadow PC also suffered a breach, which may have put thousands of gamers around the globe at risk.