The increasing frequency of identity-based attacks highlights the necessity of ensuring your Single Sign-On (SSO) and Multi-Factor Authentication (MFA) systems are functioning as intended. Simply implementing these technologies isn’t sufficient; ongoing verification of their effectiveness is crucial. Savvy provides real-time visibility for performing audits and implementing automated controls, guiding users at scale to address issues before threat actors can exploit them. Discover how Savvy can help you put policy into practice. Learn more.
We're always looking for ways to improve the N2K CyberWire network to give you an intelligence-driven news experience. Please take a few minutes to tell us about your network experience and share your feedback by completing our 2024 Audience Survey, and you will have a chance to win a $100 Amazon gift card. Take the survey.
The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that its Chemical Security Assessment Tool (CSAT) environment was breached via a vulnerable Ivanti Connect Secure appliance on January 23rd, 2024, BleepingComputer reports. The agency stated, "While CISA’s investigation found no evidence of exfiltration of data, this intrusion may have resulted in the potential unauthorized access of Top-Screen surveys, Security Vulnerability Assessments, Site Security Plans, Personnel Surety Program (PSP) submissions, and CSAT user accounts."
CISA hasn't specified which vulnerability was exploited, but the agency references a CISA advisory outlining three actively exploited Ivanti vulnerabilities that were disclosed before the breach. BleepingComputer notes that one of the vulnerabilities (CVE-2024-21888) was disclosed the day before CISA's Ivanti appliance was breached.
Mark your calendar for mWISE™, the unique cybersecurity conference from Mandiant, now part of Google Cloud. Built by practitioners for practitioners, it runs from September 18–19, 2024 in Denver, Colorado.
What makes mWISE different from other cybersecurity conferences? It’s a targeted event with hands-on learning for frontline practitioners. The intimate setting allows you to make one-on-one connections with leaders in the field. And best of all, it’s focused on learning without the sales pitches.
WikiLeaks founder Julian Assange has been freed in the UK after agreeing to plead guilty to one US charge of conspiracy to obtain and disclose national defense information, the Register reports. Assange is headed to court in the Northern Mariana Islands, a US territory, to enter the plea. The US Justice Department is seeking a 62-month sentence, equal to the amount of time Assange has been imprisoned in the UK. The plea deal will credit that time served, and Assange is expected to return to Australia following the proceedings.
NBC News quotes Australian Prime Minister Anthony Albanese as saying, "[T]he case has dragged on for too long, there is nothing to be gained by his continued incarceration and we want him brought home to Australia."
Sign up for Scout Insight's free trial today! Get immediate insights into threats, search any IP with no training required, and enjoy intuitive graphical results. Whether you need to identify compromised hosts or enrich Splunk queries, Scout Insight has you covered. Don’t wait – accelerate your threat response now. Visit team-cymru.com/cyberwire to start your free trial!
Reuters reports that the US government is investigating China Mobile, China Telecom, and China Unicom over concerns that they could provide information on Americans to the Chinese government. The companies have been barred from providing telephone and retail internet services in the US, but still maintain a small presence "providing cloud services and routing wholesale U.S. internet traffic."
Recorded Future's Insikt Group describes a cyberespionage campaign by the China-aligned threat actor "RedJuliett" that targeted "government, academic, technology, and diplomatic organizations in Taiwan" between November 2023 and April 2024. The group also compromised government organizations in Laos, Kenya, and Rwanda. The threat actor gained initial access via known vulnerabilities in network edge devices, and deployed SQL injection and directory traversal exploits against web and SQL applications.
Insikt Group notes, "RedJuliett's activities align with Beijing's objectives to gather intelligence on Taiwan’s economic policy, trade, and diplomatic relations. The group also targeted multiple critical technology companies, highlighting the strategic importance of this sector for Chinese state-sponsored threat actors."
Modernize your identity infrastructure and get rid of technical debt without sacrificing your complex access policies. Use Strata to integrate non-standard apps with any identity service while using any vendor, standard, or app architecture. Or use it to migrate away from outdated identity providers and consolidate IDPs. It’s seamless, simple and code-free. Share your top identity security priorities, and receive a pair of complimentary AirPods Pro.
Today's issue includes events affecting Australia, China, Kenya, Laos, Rwanda, Taiwan, the United Kingdom, and the United States.
P2PInfect botnet targets REdis servers with new ransomware module (BleepingComputer) P2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on Redis servers.
Indonesian government datacenter locked down by ransomware (The Register) Variant of Lockbit 3.0 said to be weapon of choice for attack
New security loophole allows spying on internet users' online activity (Help Net Security) Researchers were able to spy on users' online activities simply by monitoring fluctuations in the speed of their internet connection.
CHERI Backers Form Alliance to Promote Memory Safety Chip (GovInfoSecurity) Developers of a computer hardware project for stopping memory-based cyberattacks will soon release standards in a bid to overcome commercial hurdles to its
UK and US cops put Qilin ransomware crims in the crosshairs (The Register) Attacking the NHS is a very bad move
For a complete running list of events, please visit the Event Tracker.
Insider Threat Program Development, Management & Optimization Live Web Based Training Course (Virtual, Jun 24 - 25, 2024) This highly sought after and very comprehensive training course, will ensure that the Insider Threat Program (ITP) Manager and other key stakeholders that support the ITP (Insider Threat Analyst, FSO, CSO, CISO, Human Resources, CIO - IT, Network Security, Counterintelligence Investigators, Behavioral Science Professionals, Legal Etc.), have the Core / Advanced Knowledge, Blueprint, Resources needed for developing, managing or optimizing an ITP. Students will be provided with an ITP Management Toolkit that provides an abundance of educational resources, templates and checklists for ITP development, management and optimization. All materials will be provided to the student in electronic format (Via Download) before the training. Our student satisfaction levels are in the exceptional range. Over 1000+ individuals have attended this training course and received ITP Manager Certificates. The Insider Threat Defense Group is so confident about our training courses that they come with a money back training guarantee.
SANSFIRE Washington, DC 2024 (Washington (or virtual), DC, USA, Jul 15 - 20, 2024) At SANSFIRE Washington, DC 2024, choose from 48 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
