Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This week, many institutions were targeted for attacks, impacting thousands differently. In the northeast of the US, New York’s gambling scene suffered an attack, downing casinos across the state. In the South, hackers attacked Florida’s Akumin clinics, exposing patient data. In Pennsylvania, the City of Philadelphia suffered from leaking the information of city email owners.

The University of Michigan (UM) hosts more than 55,000 students, 35,000 staff members, and 640,000 alums. Unfortunately, following a recent cybersecurity breach, students, applicants, alums, employees, contractors, and donors may now have information at risk. The extent of the exposure is unknown, but the outcome could impact anyone. Those in association with UM must take steps to guard themselves before the assailants can misuse their information.

Several months ago, Netskope Threat Labs uncovered a surge in PDF phishing attachments infiltrating Microsoft Live Outlook. These attacks were part of a larger series of phishing campaigns aimed to trick unsuspecting users. Upon closer examination, it's now apparent that the majority of these campaigns centered around Amazon-themed scams, with occasional diversions into Apple and IRS-themed phishing attempts.

It’s not unlikely that your team has a sufficient amount of vulnerability data that they must assess, prioritize, and remediate. Whether that’s a newly discovered vulnerability, an expired SSL certificate, or even a security policy breach – security teams need to get all this data into one place. For AppSec and ProdSec teams to be successful, they need to know which of their assets are exposed and vulnerable so they can take action to enable faster remediation.

On October 26, 2023, F5 released security hotfixes for a critical unauthenticated RCE vulnerability (CVE-2023-46747) in BIG-IP’s Traffic Management User Interface (TMUI). If successfully exploited a threat actor with network access to the vulnerable system could bypass the configuration utility authentication and execute arbitrary system commands. CVE-2023-46747 is exploitable if the Traffic Management User Interface is exposed to the Internet.

Whether you’re in the market for a new password manager or looking to try a password management platform for the first time, you’ve likely come across both 1Password and Dashlane in your research.

A SOC analyst role is equal parts fulfilling and overwhelming. On one hand, the landscape is dynamic and the work is critical to protecting organizations. On the other, the weight of continual responsibility can lead to stress, anxiety, and cybersecurity burnout. Understanding the importance of your mental health is crucial to maintaining productivity and preventing cybersecurity burnout.

Three security issues were reported on October 27th by the Kubernetes security community, all of them related to the popular NGINX ingress component.

Ekran System is partnering with Hideez to enhance the authentication process and improve user experience. As an alternative to two-factor authentication, our customers can now use a straightforward passwordless authentication method developed by Hideez. Thanks to this integration, you can streamline and consolidate logins for local desktops, remote desktop connections, virtual environments, and cloud infrastructures, while boosting your team’s efficiency and satisfaction.