https://www.europesays.com/uk/37917/ Live Webinar I Mitigate Risks from Quantum Computing and Comply with the Latest Compliance Requirements for FSIWebinar. #compliance #Computing #QuantumComputing #RiskMitigation #Technology #thales #ThreatLandscape #UK #UnitedKingdom

https://www.europesays.com/1790285/ Forescout reports growth in US federal business, with 38% rise in DoD sector and NIAP certification for OT solution #america #business #CriticalInfrastructure #Cybersecurity #Forescout #OT #OTCyber #OTCybersecurity #ThreatLandscape #UnitedStates #UnitedStatesOfAmerica #US #USA

Sector Threat Profile: #Energy

Discover the energy #threatlandscape, where innovation meets risk. As the sector transitions from fossil fuels to renewable energy, it has become a prime target for cyber threats. Learn about the key motivations driving these attacks, practical steps to protect your business, and insights into past incidents like SolarWinds

Access the full report through our Member's Portal: https://www.huntandhackett.com/members/register

'The 10 biggest issues CISOs and cyber teams face today' Security leaders - What are the challenges keeping you up at night? Myself and other experts discuss the problems we're grappling with: https://bit.ly/3OFZDtb #threatlandscape #regulations #supplychainrisks #legalliability #AI #tightbudgets

https://www.europesays.com/1554912/ Cyprus critical infrastructure targeted in series of cyberattacks, as authorities stress on readiness #CriticalInfrastructure #cyberattacks #Cybersecurity #cyprus #DDoS #ransomware #security #ThreatLandscape

Did you know 66% of cybersecurity professionals are facing unprecedented stress levels due to increasingly complex threats?
As cyberattacks grow more sophisticated, it's essential to stay ahead of the curve. Tip: Prioritize continuous training to combat the complexity of today's threat landscape. It could be the difference between prevention and disaster.

How does your team handle the stress of an evolving cyber threat environment?

Read more insights in our latest post: https://guardiansofcyber.com/cybersecurity-news/66-of-cybersecurity-professionals-face-unprecedented-stress-levels-due-to-complex-threats/

Hello hive mind! I am looking for some good examples and write ups on how to complete a threat landscape assessment. Any good recommendations out there?

Happy to have contributed to the @enisa_eu Threat Landscape 2024. Explore the threats and trends observed during the latest reporting period on threat actors activity, ransomware, malware, social engineering and more. https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024 #ETL #CTI #ThreatLandscape

Unveiling the CISO Checklist for 2024: 10 Steps to Cybersecurity Success https://thecyberexpress.com/ciso-checklist-for-2024-10-steps-to-success/ #authenticationandaccessmanagement #employeetrainingincybersecurity #vulnerabilityassessments #ThreatIntelligenceNews #cybersecuritystrategy #cybersecuritysuccess #ThreatIntelligence #CybersecurityNews #VulnerabilityNews #CISOChecklist2024 #Incidentresponse #patchmanagement #threatlandscape #RiskManagement #FirewallDaily #BusinessNews #HackerNews

Extremely grateful for having the opportunity to contribute to the latest ENISA Threat Landscape for DoS Attacks. It is an important report from ENISA that gives useful insights into a cybersecurity threat that is often understudied. Read here: https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-dos-attacks

Attackers are constantly evolving to find your security vulnerabilities. Is your team equipped to defend your organization’s infrastructure, reputation, and bottom line from the next sophisticated attack? Join @corelight and @crowdstrike on December 12 at 10 a.m. GMT/ 11 a.m. CET to hear what elite incident responders use to mitigate vulnerabilities such as log4j.

Save your seat for this exclusive webinar today https://go.corelight.com/supercharge-secops-crowdstrike-emea

Our team recently attended #CYBERWARCON to discuss new laws in China that require companies to report vulnerability information. The session explored how these new terms shift the global #ThreatLandscape. Learn more: https://wapo.st/3QyuZ5H

The ENISA Threat Landscape Report 2023 was released today!

It includes the top threats, major trends observed with respect to threats, threat actors & attack techniques, impact and motivation analysis.

It also describes relevant mitigation measures.

The top 3 threats that were identified and analyzed were:

Ransomware
Malware
Social Engineering

The report is a very insightful resource, especially for those who seek to make informed decisions for their cybersecurity strategy the coming year.

#cybersecurity #threatlandscape #cybersecurityawareness #cybersecuritynews #socialengineering #infosec #informationsecurity #ransomware #malware #enisa

https://www.enisa.europa.eu/topics/cyber-threats/threats-and-trends

Mandiant's latest M-Trends report reveals that 63% of organizations were notified of breaches by external entities.

Staying ahead of the bad guys requires understanding the threat landscape. It was great to be in Seattle with Mandiant to speak with cybersecurity leaders about the latest trends and what they're doing to protect their organizations.

What new threats are you seeing? What are you doing to keep your organization safe today?
#cybersecurity #threatlandscape #incidentresponse

" Juniper Firewalls Under Siege: Over 12,000 Vulnerable Devices Exposed! "

New research reveals nearly 12,000 internet-facing Juniper firewall devices are susceptible to a recently disclosed remote code execution flaw. The vulnerability, identified as CVE-2023-36845, allows an unauthenticated remote attacker to execute arbitrary code without creating a file on the system. This medium-severity flaw in the J-Web component of Junos OS can be weaponized by adversaries to control certain environment variables. Juniper Networks patched this alongside other vulnerabilities last month. A proof-of-concept (PoC) exploit by watchTowr combined CVE-2023-36846 and CVE-2023-36845 to upload malicious PHP files and achieve code execution. Jacob Baines points out, "Firewalls are interesting targets to APT as they help bridge into the protected network and can serve as useful hosts for C2 infrastructure." Juniper has acknowledged the vulnerability but is unaware of any successful exploits against its customers. However, they've detected exploitation attempts in the wild, urging users to apply necessary patches.

Source: The Hacker News

Tags: #Juniper #Firewall #Cybersecurity #Vulnerability #CVE202336845 #RemoteCodeExecution #JunosOS #APT #ThreatLandscape

Seattle friends and cybersecurity leaders: I'll be in the #Seattle area to host an iSMG #cybersecurity roundtable next Tuesday, September 19th.

We'll be discussing the Mandiant M-Trends report and learning from each other about the most pressing cybersecurity risks today.

If you are a cybersecurity leader in the Seattle area join me for great food and great conversation at El Gaucho restaurant in Bellevue, WA. :
https://ismg.events/roundtable-event/seattle-state-of-cybersecurity/
#threatlandscape #events #community

I am reading a few threat landscape and semi annual security recap reports and came across a section in one that mentioned that GandCrab was starting to become active again.
I've personally had to deal with GandCrab during an IR event in the past, so this naturally peaked my interest. In the rabbit hole that ensued, I found this awesome analysis that I wish I had 4 years ago. Happy hacking!

https://www.taintedbits.com/2018/10/18/gandcrab-detail-analysis-of-js-delivery-payload/

The macro issues shaping the threat landscape can help security pros reset their priorities and reformulate strategy.. https://www.darkreading.com/microsoft/cisos-are-focused-on-these-3-trends-are-you- #ThreatLandscape #SecurityStrategy

Happy Turkey Day!
Yesterday I utilized some good practices for AzureAD sync. I was in the process of enforcing MFA in an Office365 tenant when I discovered service and admin OUs getting sync'd from their on premise domain. We will be cleaning this up!

Also any account with administrator privileges in Office365 should be cloud only. You don't want to be syncing your on premise admin accounts in the event of an on premise compromise. If so, your cloud tenant will then also be compromised without any effort from the TA. I have a cool map somewhere that shows zero trust in Office365 utilized in a way that makes sense. If I find it I'll make sure to post it here.