Recently published blogs
In this ‘Suppy chain – Business as usual?’ episode of Threat Talks, Lieuwe Jan Koning and Luca Cipriano dive into the escalating risk of supply chain attacks amid growing reliance on third-party and open-source software. Featuring insights from Matthijs Zwart, CIO and CISO of Vitens, the discussion explores the implications of these threats in critical sectors like water supply.
Adopting a transformative cybersecurity strategy can redefine business success. While the current adoption rate or Zero Trust – a transformative cybersecurity strategy – among large enterprises is just 1% as of January 2023, Gartner projects a growth to 10% by 2026.
DDoS attacks are orchestrated efforts where malicious actors aim to disrupt the normal flow of traffic to a specific server, service, or entire network. They flood the target with a torrent of internet traffic—much like those empty boxes in our scenario—making it impossible for legitimate traffic to get through. These attacks can cripple websites, slow down services, or even bring them to a complete halt, affecting businesses and users alike.
With cybersecurity still a hot topic, news alerts about the latest data breach or security incident are hard to miss. Yet, even whilst being bombarded with these types of news items, many companies still think that they’re somehow immune to such threats.
This optimism bias tends to come in three different flavors.
Integrating various network functions within a single device, such as combining VPN (Virtual Private Network) capabilities with firewalls, has become a common practice over the past few years. This consolidation offers benefits in terms of platform security features (i.e. user-based policies and Layer 7 inspection), simplicity and cost-effectiveness.
Let’s shed some light on this new vulnerability published by Palo Alto Networks. First off, what exactly is CVE-2024-3400? It’s a vulnerability in the GlobalProtect feature of Palo Alto Networks’ PAN-OS software, with the highest severity score of 10.
Palo Alto Networks published vulnerability CVE-2024-3400 that allows unauthenticated command injection (RCE) in the GlobalProtect feature of Palo Alto Networks PAN-OS software. Specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
For enterprises large and small, remote access is no longer a luxury; it’s an imperative. The once-crystal-clear boundaries between “work” and “home” have blurred, creating a tapestry of workspaces as diverse as the people who populate them.
Let’s assume for a moment that, one day, perhaps sooner, perhaps later, you will face the reality of a ransomware attack. Chances are that, in the moment, your cybersecurity team will turn to you as the decision maker.
Hollywood has a knack for dramatizing the digital battlefield. Let’s peel back the Hollywood façade and shine a light on what cybersecurity really looks like in the command centers of SOCs and CSIRTS.
A Cyber Security Incident Response Team is the emergency room of cybersecurity. You don’t want to need one, but once something bad happens, the ER doctors might just save your life. You don’t want to need critical incident response, but once a cyber incident occurs, you’ll be glad you have a team ready.
Prevention should be the holy grail of any cybersecurity strategy, but we know that 100% prevention is not realistic. So, what exactly happens when a serious threat is detected? Using a recent incident as an example, it is enlightening to follow the chain of events that starts when human SOC analysts decide that CSIRT action is required.
NIS2 has been in effect since January 2023, with a deadline of October 2024 for EU member states to publish and implement policy. Not only does NIS2 dictate new, stricter cybersecurity guidelines, but if European legislators can prove gross negligence, fines for both your company and you as the CEO of the company will be quite significant.
Multiplying these factors gives a numerical depiction of risk, aiding in its prioritization and management. For instance, a high-impact but low-likelihood event might be deemed acceptable. Yet, an event with moderate impact and high likelihood could be perceived as riskier. Real-world risk assessment is, of course, more intricate than this … Read more
One of the most notable data breaches this year was the MGM Resorts attack, which not only caused serious disruptions to MGM’s business, but also had far-reaching implications for their supply chain.
KEEP UP WITH
OUR LATEST RESEARCH
Want to stay in the loop on our latest cybersecurity research?
Sign up and get cybersecurity updates delivered straight to your inbox.
