Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Ivanti Rolls Out Pat ...

 Cyber News

Ivanti has released patches to address two significant vulnerabilities in its Ivanti Connect Secure, Policy Secure, and ZTA Gateways products. These Ivanti vulnerabilities, identified as CVE-2025-0282 and CVE-2025-0283, pose serious risks to users of affected versions, with CVE-2025-0282 being classified as critical.   show more ...

Exploitation of these vulnerabilities could lead to severe security breaches, including remote code execution and privilege escalation. Ivanti has issued a patch to address these issues, and customers are strongly encouraged to apply the update immediately. Ivanti Vulnerabilities Overview Two distinct vulnerabilities have been identified: CVE-2025-0282 (Critical) A stack-based buffer overflow vulnerability in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA Gateways before specific versions allows a remote unauthenticated attacker to execute arbitrary code on the affected systems. This vulnerability is particularly dangerous due to the ease with which an attacker can exploit it remotely, without needing authentication. CVSS Score: 9.0 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CWE: CWE-121 CVE-2025-0283 (High) This vulnerability also involves a stack-based buffer overflow in the same Ivanti products but allows a local authenticated attacker to escalate their privileges. This could allow the attacker to gain higher-level system access than initially permitted. While it does not present the same immediate risk as CVE-2025-0282, it still poses a significant threat to organizations where local access is available. CVSS Score: 7.0 (High) CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CWE: CWE-121 Impact and Exploitation At the time of disclosure, Ivanti confirmed that a limited number of Ivanti Connect Secure appliances had been compromised by CVE-2025-0282. However, no such incidents have been reported for Ivanti Policy Secure or ZTA Gateways, and no exploitation of CVE-2025-0283 has been detected as of now. Despite this, it is crucial for all users to apply the patches to mitigate any potential risks. Ivanti recommends that customers use the Integrity Checker Tool (ICT) to identify any signs of compromise related to CVE-2025-0282. This tool can help detect the presence of this vulnerability and ensure the integrity of the network infrastructure. Affected Products and Versions The vulnerabilities affect the following Ivanti products and versions: Product Affected Version(s) Resolved Version(s) Patch Availability Ivanti Connect Secure 22.7R2 through 22.7R2.4 22.7R2.5 Available Now via Ivanti Portal Ivanti Policy Secure 22.7R1 through 22.7R1.2 22.7R1.2 (fix planned) Available January 21, 2025 Ivanti Neurons for ZTA Gateways 22.7R2 through 22.7R2.3 22.7R2.5 (fix planned) Available January 21, 2025 Ivanti users should apply the relevant patches as soon as possible to secure their environments. For Ivanti Connect Secure users, the fix for CVE-2025-0282 and CVE-2025-0283 is already available for download. The fixes for Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways are expected to be released by January 21, 2025. Security Recommendations and Mitigation Ivanti Connect Secure Users Clean ICT Scan: If the Integrity Checker Tool (ICT) shows no signs of compromise, upgrade to Ivanti Connect Secure version 22.7R2.5 immediately. It is also recommended to perform a factory reset on the appliance after the upgrade to ensure that no malware persists. Continue to monitor both internal and external ICT scans to detect potential vulnerabilities. Compromised ICT Scan: If ICT results show signs of exploitation, perform a factory reset of the appliance to remove any malicious activity. Afterward, upgrade to Ivanti Connect Secure 22.7R2.5 and continue to monitor for further anomalies. Ivanti Policy Secure Users Ivanti Policy Secure is not designed to be internet-facing, which significantly reduces the risk of exploitation. However, Ivanti still recommends that users apply the forthcoming patch, expected by January 21, 2025. Ensure that the IPS appliance is properly configured according to Ivanti’s security guidelines, and avoid exposing it to the internet. Ivanti Neurons for ZTA Gateways Users ZTA Gateways cannot be exploited when in production. However, if a gateway is generated and left unconnected to the ZTA controller, exploitation risks increase. The fix for ZTA Gateways will be available by January 21, 2025, and users should apply it promptly to prevent potential exploitation. Integrity Checker Tool (ICT) Update A new version of Ivanti's Integrity Checker Tool (ICT-V22725, build 3819) was released on January 10, 2025, and is designed to work with all R2 versions of 22.X. This version of ICT resolves previous limitations and works across all relevant versions. It is an essential tool for detecting signs of exploitation and ensuring that systems are secure after applying the patches. Conclusion Ivanti's swift action in releasing patches for CVE-2025-0282 and CVE-2025-0283 marks a decisive move in safeguarding against serious security risks, such as remote code execution and privilege escalation. While Ivanti Connect Secure users are already protected, those relying on Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways can expect critical updates by January 21, 2025. However, it’s not just about waiting for patches — it’s about proactive vigilance. With these vulnerabilities exposing businesses to potential exploits, it’s crucial for users to apply updates immediately and continuously monitor their network health using tools like the Integrity Checker Tool (ICT). By combining timely patching with a strong, layered cybersecurity approach, organizations can enhace their defenses and significantly reduce the risk of a breach. Security isn't just about reacting; it's about staying ahead.

image for Netherlands’ Eindh ...

 Cyber News

Eindhoven University of Technology (TU/e) has been hit by a cyberattack, prompting the institution to suspend all lectures and educational activities. Due to the Eindhoven University cyberattack, the computer network was shut down as a precautionary measure. The university, located just five miles from ASML Holding   show more ...

NV’s global headquarters, is a key partner for the chip-making giant, making the impact of this breach even more significant. On Sunday, January 12, 2025, the Univerity announced that it had shut down its network in response to the cyberattack on Eindhoven University. The university’s statement explained that, due to the cyberattack, the network-bound systems were rendered inaccessible, which meant that systems like email, Wi-Fi, Canvas, and Teams were unavailable for students and staff. The closure affected all educational activities, including lectures, and will remain in place at least until Monday, January 13, 2025. The university assured the public that efforts to restore normalcy were underway. “We realize that switching off the network has serious consequences for our students, employees, but also for other parties on campus. This necessary intervention was done to prevent worse outcomes,” said Patrick Groothuis, vice president of TU/e. He added that the team of ICT experts was actively investigating the nature and extent of the attack while working to restore the network as quickly as possible. Details of the Eindhoven University Cyberattack TU/e’s ICT department first noticed suspicious activity on its servers around 9:00 PM on January 12, which strongly suggested a cyberattack. In response, the university swiftly took action, shutting down its network to prevent further damage. Although investigations are ongoing, there has been no indication as of yet that data was stolen, according to the university. The cyberattack on Eindhoven University has raised concerns about the possible consequences, not just for the university, but also for ASML, given the close proximity of TU/e to the chip manufacturing giant’s headquarters. While there is no official confirmation yet regarding the specific nature of the cyberattack on Eindhoven University, the timing and scale suggest that it could have significant implications for both institutions. Campus Operations During the Cyberattack on Eindhoven University Although the university’s network has been compromised, TU/e has made it clear that the physical campus remains operational. The buildings are still accessible, and staff and students can enter the campus, but they will not have access to network-bound services like email or online learning platforms. Card readers for building access and the campus's physical infrastructure remain functional. However, some services are being affected. The university has announced that the parking system will be offline, although barriers will remain open for the duration of the incident. Additionally, while the coffee machines on campus are still working, the cash registers in the canteens have been disabled, meaning that most canteens will be closed, except for the one in building Atlas, where alternative payment arrangements will be made. Impact on Upcoming Activities The timing of the cyberattack is particularly challenging as Eindhoven University is nearing the end of its teaching term. The last week of the second quarter is typically dedicated to limited educational activities, such as catch-up sessions and preparation for exams. Although the university intends to resume limited teaching activities, the inability to access online platforms and systems may disrupt the learning experience for students. In response to this, the university will continue to provide updates on the situation, with further information expected by Monday, January 13, 2025. TU/e's ICT team is hopeful that the network will be fully operational by Tuesday, January 14, although this is subject to change based on the investigation's findings. Precautionary Measures and Alerts As the investigation continues, TU/e has urged all members of the university community to be extra vigilant about potential phishing attempts, especially in the wake of the cyberattack. The university has warned against clicking on suspicious links, particularly those that may take advantage of the current situation. Users are advised to avoid logging into unfamiliar websites or entering their credentials into untrusted environments. The university has also emphasized that internal communication channels will be used to keep everyone informed. For any urgent inquiries, TU/e has set up a dedicated emergency contact number for those calling from outside the campus. Future Updates and Investigations The Cyber Express team has reached out to the Eindhoven University officials for additional information regarding the cyberattack. While details about the perpetrators or the method of the attack have not yet been disclosed, the incident serves as a reminder of the ongoing cybersecurity risks faced by educational institutions. This cyberattack on Eindhoven University highlights the growing importance of strong cybersecurity measures in the academic sector, where the value of data makes institutions like TU/e and their partners, such as ASML, prime targets for cybercriminals.

image for Four Years of CISA: ...

 Cyber News

Over the past four years, the Cybersecurity and Infrastructure Security Agency (CISA) has emerged as a vital force in shaping the nation’s cybersecurity landscape. Established to safeguard critical infrastructure and mitigate emerging cyber threats, CISA has steadily evolved to meet the ever-changing demands of   show more ...

national security. As the U.S. heads into 2025 and beyond, a review of the agency’s most significant policy actions offers a window into its growing influence in ensuring the security and resilience of both the nation’s digital and physical infrastructures. 2024: A Renewed Focus on Critical Infrastructure Resilience The most recent development came in April 2024, when the National Security Memorandum on Critical Infrastructure Security and Resilience (NSM-22) reinforced CISA’s leadership role. This memorandum formalized the agency’s position as the National Coordinator for the Security and Resilience of U.S. Critical Infrastructure, allowing CISA to implement a biennial risk management cycle aimed at reducing vulnerabilities within the nation's infrastructure. A critical part of this initiative is prioritizing collaboration with partners from both public and private sectors to assess risks across various industries. By actively engaging stakeholders, CISA aims to better understand sector-specific threats while mitigating risks at a national level. One of the program’s most notable outcomes will be the creation of the 2025 National Infrastructure Risk Management Plan, which will guide federal efforts to safeguard critical infrastructure over the coming years. 2023: Strengthening Cybersecurity Strategies and AI Initiatives The year 2023 marked a key moment in the country’s cybersecurity strategy with the release of the National Cybersecurity Strategy (NCS). This document, which outlines a comprehensive approach to cybersecurity, emphasizes the importance of strengthening collaboration between government agencies and industry leaders. Among the many actions highlighted, CISA played a central role in the following: Updating the National Cyber Incident Response Plan: This plan aims to streamline coordinated efforts during cyber incidents, ensuring a more efficient and cohesive response. Expanding Anti-Ransomware Efforts: CISA further solidified its commitment to combating ransomware through its leadership in the Joint Ransomware Task Force (JRTF), which continued its mission to reduce the impact of ransomware attacks through coordinated national efforts. Enhancing Collaboration with Industry Stakeholders: Through industry partnerships, CISA sought to improve operational security, ensuring that both public and private entities are well-equipped to face evolving threats. As the nation grapples with the rise of artificial intelligence (AI), Executive Order 14110 in late 2023 emphasized CISA’s role in securing the development and use of AI systems. The order tasked CISA with helping stakeholders protect critical infrastructure from AI-related risks while also exploring the technology’s potential to enhance cybersecurity defenses. This shift in focus highlights both the risks and opportunities AI presents for the cybersecurity ecosystem, positioning CISA at the intersection of innovation and security. 2022: Advancing Incident Reporting and Strengthening Ransomware Defense 2022 saw the enactment of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), a key law that requires critical infrastructure entities to report cyber incidents and ransomware payments to CISA within 24 hours. This legislation gave the agency a more direct role in responding to incidents and disseminating actionable intelligence to strengthen defenses across sectors. Timely reports enabled CISA to: Offer rapid assistance to victims of cyberattacks. Analyze incoming reports to spot emerging trends and threats. Share findings with network defenders to prevent further attacks. The passage of CIRCIA also resulted in two vital programs aimed at addressing ransomware risks. The Joint Ransomware Task Force (JRTF), co-chaired by CISA and the FBI, coordinated a nationwide initiative to tackle ransomware head-on. This task force connected federal, state, local, tribal, and territorial (SLTT) agencies with private companies to form a united front against these attacks. The Ransomware Vulnerability Warning Pilot (RVWP) was another milestone under CIRCIA. This program sought to identify common vulnerabilities that ransomware actors exploit and issued warnings to organizations with susceptible systems. In 2023 alone, the RVWP issued over 1,700 vulnerability notifications, leading to significant improvements in cybersecurity practices, including patches and compensating controls for nearly half of the identified devices. 2021: Strengthening Cybersecurity Foundations in Response to SolarWinds CISA’s pivotal role in strengthening U.S. cybersecurity foundations was most evident in the wake of the SolarWinds supply chain attack in late 2020. This attack, which compromised numerous federal agencies, led to the issuance of Executive Order 14028 in May 2021. The order tasked CISA with several high-priority actions: Improving Threat Information Sharing: By facilitating better communication between federal agencies and private organizations, CISA worked to improve the nation’s ability to detect and respond to cyber threats. Modernizing Federal Cybersecurity Standards: The order called for a modernization of cybersecurity practices across federal networks, an effort that would increase defenses against evolving cyber threats. Securing the Software Supply Chain: Given the vulnerabilities exposed by the SolarWinds attack, CISA worked to implement stronger security measures in software development and deployment, seeking to mitigate future risks. In the same year, CISA also introduced the Cybersecurity Performance Goals (CPGs), a set of best practices designed to help smaller organizations strengthen their cybersecurity. These guidelines were developed through extensive consultations with industry experts and aimed to provide organizations with a clear, actionable framework to prioritize security measures. Looking Ahead CISA, with its bold approach and growing influence, is not just keeping pace but actively shaping the future of national cybersecurity. As we move into 2025, the agency’s strategic partnerships with federal and state governments, private companies, and international allies will be the cornerstone of a new era in defense against cyber threats. With AI at the helm of next-gen cybersecurity innovations, CISA is poised to lead the charge, harnessing the power of technology to outsmart and outpace cyber adversaries. Yet, the journey ahead will be anything but easy—new threats will emerge, old ones will evolve, and the demand for resilience will only grow. What will the next chapter look like? As CISA continues to redefine the landscape, only one thing is certain: The battle for cybersecurity is far from over, and the coming years will be pivotal in determining whether the U.S. can stay one step ahead.

image for Trusted-relationship ...

 Business

The old saying, A chain is only as strong as its weakest link, directly applies to enterprise cybersecurity. Businesses these days often rely on dozens or even hundreds of suppliers and contractors, who, in turn, use the services and products of yet more contractors and suppliers. And when these chains involve not raw   show more ...

materials but complex IT products, ensuring their security becomes significantly more challenging. This fact is exploited by attackers, who compromise a link in the chain to reach its end — their main target. Accordingly, its essential for business leaders and the heads of IT and information security to understand the risks of supply-chain attacks in order to manage them effectively. What is a supply-chain attack? A supply-chain attack involves a malicious actor infiltrating an organizations systems by compromising a trusted third-party software vendor or service provider. Types of this attack include the following: Compromising well-known software developed by a supplier and used by the target organization (or multiple organizations). The software is modified to perform malicious tasks for the attacker. Once the next update is installed, the software will contain undeclared functionality that allows the organization to be compromised. Well-known examples of such attacks include the compromise of the SolarWinds Orion and 3CX Last year, the to-date largest attempt at such an attack was discovered — XZ Utils. Fortunately, it was unsuccessful. Attackers find corporate accounts used by a service provider to work within the target organizations systems. The attackers use these accounts to infiltrate the organization and carry out an attack. For example, the American retail giant Target was hacked through an account issued to an HVAC provider. Attackers compromise a cloud provider or exploit the features of a cloud providers infrastructure to access the targeted organizations data. The most high-profile case last year involved the compromise of more than 150 clients of the Snowflake cloud service, leading to the data leak of hundreds of millions of users of Ticketmaster, Santander Bank, AT&T, and others. Another large-scale, big-impact attack was the hack of the authentication service provider Okta. Attackers exploit permissions delegated to a contractor in cloud systems, such as Office 365, to gain control over the target organizations documents and correspondence. Attackers compromise specialized devices belonging to or administered by a contractor, but connected to the target organizations network. Examples include smart-office air-conditioning systems, and video surveillance systems. For example, building automation systems became a foothold for a cyberattack on telecom providers in Pakistan. Attackers modify IT equipment purchased by the target organization, either by infecting pre-installed software or embedding hidden functionality into the devices firmware. Despite their complexity, such attacks have actually occurred in practice. Proven cases include Android device infections, and widely discussed server infections at the chip level. All variations of this technique in the MITRE ATT&CK framework come under the name Trusted Relationship (T1199). Benefits of supply-chain attacks for criminals Supply-chain attacks offer several advantages for attackers. Firstly, compromising a supplier creates a uniquely stealthy and effective access channel — as demonstrated by the attack on SolarWinds Orion software, widely used in major U.S. corporations, and the compromise of Microsoft cloud systems, which led to email leaks from several U.S. government departments. For this reason, this type of attack is especially favored by criminals hunting for information. Secondly, the successful compromise of a single popular application or service instantly provides access to dozens, hundreds, or even thousands of organizations. Thus, this kind of attack also appeals to those motivated by financial gain, such as ransomware groups. One of the most high-profile breaches of this type was the attack on IT supplier Kaseya by the REvil group. A tactical advantage (to criminals) of attacks exploiting trusted relationships lies in the practical consequences of this trust: the applications and IP addresses of the compromised supplier are more likely to be on allowlists, actions performed using accounts issued to the supplier are less frequently flagged as suspicious by monitoring centers, and so on. Damage from supply-chain attacks Contractors are usually compromised in targeted attacks carried out by highly motivated and skilled attackers. Such attackers are typically aiming to obtain either a large ransom or valuable information — and in either case, the victim will inevitably face long-term negative consequences. These include the direct costs of investigating the incident and mitigating its impact, fines and expenses related to working with regulators, reputational damage, and potential compensation to clients. Operational disruptions caused by such attacks can also result in significant productivity losses, and threaten business continuity. There are also cases that dont technically qualify as supply-chain attacks — attacks on key technology providers within a specific industry — that nevertheless disrupt the supply chain. There were several examples of this in 2024 alone, the most striking being the cyberattack on Change Healthcare, a major company responsible for processing financial and insurance documents in the U.S. healthcare industry. Clients of Change Healthcare were not hacked, but while the compromised company spent a month restoring its systems, medical services in the U.S. were partially paralyzed, and it was recently revealed that confidential medical records of 100 million patients were exposed as a result of this attack. In this case, mass client dissatisfaction became a factor pressuring the company to pay the ransom. Returning to the previously mentioned examples: Ticketmaster, which suffered a major data breach, faces several multi-billion-dollar lawsuits; criminals demanded $70 million to decrypt the data of victims of the Kaseya attack; and damage estimates from the SolarWinds attack range from $12 million per affected company to $100 billion in total. Which teams and departments should be responsible for supply-chain-attack prevention? While all the above may suggest that dealing with supply-chain attacks is entirely the responsibility of information security teams, in practice, minimizing these risks requires the coordinated efforts of multiple teams within the organization. Key departments that should be involved in this work include: Information security: responsible for implementing security measures and monitoring compliance with them, conducting vulnerability assessments, and responding to incidents. IT: ensures that the procedures and measures required by information security are followed when organizing contractors access to the organizations infrastructure, uses monitoring tools to oversee compliance with these measures, and prevents the emergence of shadow or abandoned accounts and IT services. Procurement and vendor management: should work with information security and other departments to include trust and corporate information-security compliance criteria in supplier selection processes. Should also regularly check that supplier evaluations meet these criteria and ensure ongoing compliance with security standards throughout the contract period. Legal departments and risk management: ensure regulatory compliance and manage contractual obligations related to cybersecurity. Board of directors: should promote a security culture within the organization, and allocate resources for implementing the above measures. Measures for minimizing the risk of supply-chain attacks Organizations should take comprehensive measures to reduce the risks associated with supply-chain attacks: Thoroughly evaluate suppliers. Its crucial to assess the security level of potential suppliers before beginning collaboration. This includes requesting a review of their cybersecurity policies, information about past incidents, and compliance with industry security standards. For software products and cloud services, its also recommended to collect data on vulnerabilities and pentests, and sometimes its advised to conduct dynamic application security testing (DAST). Implement contractual security requirements. Contracts with suppliers should include specific information security requirements, such as regular security audits, compliance with your organizations relevant security policies, and incident notification protocols. Adopt preventive technological measures. The risk of serious damage from supplier compromise is significantly reduced if your organization implements security practices such as the principle of least privilege, zero trust, and mature identity management. Organize monitoring. We recommend using XDR or MDR solutions for real-time infrastructure monitoring and detecting anomalies in software and network traffic. Develop an incident response plan. Its important to create a response plan that includes supply-chain attacks. The plan should ensure that breaches are quickly identified and contained — for example by disconnecting the supplier from company systems. Collaborate with suppliers on security issues. Its vital to work closely with suppliers to improve their security measures — such collaboration strengthens mutual trust and makes mutual protection a shared priority. Deep technological integration throughout the supply chain affords companies unique competitive advantages, but simultaneously creates systemic risks. Understanding these risks is critically important for business leaders: attacks on trusted relationships and supply chains are a growing threat, entailing significant damage. Only by implementing preventive measures across the organization and approaching partnerships with suppliers and contractors strategically can companies reduce these risks and ensure the resilience of their business.

 Cybercrime

The government initially warned residents of the ransomware attack on December 19 and said it was working with U.K. government officials to address the attack. The attackers gained access to the government’s revenue collection and payment systems, impacting numerous business operations on the islands.

 Feed

Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS). "This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment

 Feed

No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain. Cybersecurity company watchTowr Labs said it pulled off the operation by registering over 40 domain names that the backdoors had been designed to use for command-and-control (C2). In partnership with the

 Feed

The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure. Let’s turn awareness into action and keep one step ahead

 Feed

In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound. Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants of the

 Feed

A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in

 Threat Lab

In today’s cyber threat landscape, good enough is no longer good enough. Cyberattacks don’t clock out at 5 PM, and neither can your security strategy. For Managed Service Providers (MSPs), offering customers 24/7 cybersecurity protection and response isn’t just a competitive advantage—it’s an essential   show more ...

service for business continuity, customer trust, and staying ahead of attackers. But delivering round-the-clock security coverage is easier said than done. It requires the right tools, expertise, and scale. This is why partnering with OpenText for offering managed detection and response (MDR) can help MSPs deliver on this critical need without overburdening their resources. The case for 24/7 cybersecurity protection Let’s face it: the cyber threat landscape is relentless, and the game is changing fast. Small and medium-sized businesses (SMBs) make up the core customer base for MSPs and are often top targets for cyberattacks. Cybercriminals see SMBs as easier to exploit—with fewer resources for advanced defenses and treasure troves of valuable data. But what makes the modern threat landscape even more dangerous is the speed and sophistication with which cybercriminals operate. Attackers are no longer lone actors poking at vulnerabilities. They are part of well-funded by rogue nations, highly organized operations using advanced techniques, automation, and artificial intelligence to breach systems faster than ever. The numbers don’t lie: SMBs are the victims of 43% of cyberattacks. And many of these attacks happen outside of business hours. Cybercrime costs are skyrocketing: Global cybercrime damages are expected to hit $10.5 trillion annually by 2025, and businesses without adequate security measures face steep financial and reputational losses. Compliance mandates are tightening: Regulations like GDPR, CCPA, and PCI DSS mean SMBs are under growing pressure to protect their sensitive data 24/7. For MSPs, this means your customers need more than basic firewalls and endpoint protection. They need real-time monitoring, proactive threat hunting, and rapid incident response—all delivered 24/7. Anything less, and you risk leaving customers vulnerable to costly breaches. The challenge for MSPs: Scaling 24/7 coverage For MSPs, managing a large number of customers, the question becomes: How do you respond in real-time to stop these lightning-fast threats before they cause irreparable damage? Providing 24/7 cybersecurity protection is no easy task for MSPs. Building an in-house security operations center (SOC) to handle threats around the clock is both costly and resource-intensive. Some common challenges include: Talent shortages: The cybersecurity industry faces a well-documented skills gap, making it hard for MSPs to find and keep experienced analysts. This challenge is so widespread that 43% of MSPs cite it as their biggest obstacle to delivering security services. High costs: The expense of creating an in-house SOC can be astronomical, often reaching millions. In fact, 33% of MSPs identify the overwhelming cost of needing numerous cybersecurity tools as a major barrier to offering security services. Evolving threats: Cybercriminals are constantly adapting and refining their attack strategies, making it essential for MSPs to stay ahead. This ongoing evolution demands continuous investment in both training for an MSP’s security team and the latest technologies to effectively detect and mitigate new types of threats. This is where OpenText MDR comes in, empowering MSPs to deliver enterprise-grade protection without the heavy lifting of building your own in-house SOC. Why MSPs should partner with OpenText MDR OpenText MDR combines cutting-edge technology, human expertise, and 24/7 monitoring to help MSPs meet their customers’ growing cybersecurity demands. Here’s why OpenText MDR is the ideal solution: 24/7/365 threat monitoring and responseOpenText MDR provides constant vigilance, ensuring your customers are protected day and night. With advanced threat detection and remediation powered by SIEM and SOAR technology, it quickly spots and shuts down threats before they can do any damage. Access to cybersecurity expertsYou don’t need to recruit, train, or retain a team of highly skilled security analysts. OpenText MDR’s team of experts, including threat hunters, incident responders, and forensic analysts, acts as an extension of your team, empowering you to provide your customers with a proactive defense without the burden of recruiting an in-house team. Scalability without complexityAs your customer base grows, OpenText’s Secure Cloud Platform scales effortlessly to meet demand. OpenText MDR simplifies security management with automation that processes vast amounts of data quickly and integrates seamlessly with over 500 tools and services. Its lightweight agent ensures effortless deployment across multiple environments, providing end-to-end data visibility in a single dashboard, while leveraging existing investments and guided by expert human analysts Proven threat intelligenceLeverage OpenText’s global network and AI-driven threat intelligence and over 35 different threat intel feeds to stay ahead of emerging attack vectors. With automated and customizable workflows, continuous threat prioritization, containment, and remediation, you gain a proactive and collaborative approach to securing endpoints, networks, and cloud—reducing the likelihood of breaches and minimizing downtime. Why MSPs can’t afford to wait In a world where attackers can compromise a network in under an hour, every second counts. Without the ability to detect, analyze, and respond to security threats in real time, your customers face serious risks: Downtime from a successful attack, leading to lost revenue. Loss of sensitive data, with potential regulatory fines to follow. Reputational damage that’s hard to repair. MSPs that partner with OpenText MDR gain the speed, expertise, and oversight needed to combat these threats head-on. By combining advanced technology with human expertise, OpenText MDR delivers the constant vigilance your customers need to stay secure in the face of ever-evolving cyber threats. Let’s work together to give your customers the 24/7 protection they deserve.Contact us today to learn more. The post Why MSPs must offer 24/7 cybersecurity protection and response — and how OpenText MDR can help appeared first on Webroot Blog.

 Threat Lab

In today’s cyber threat landscape, good enough is no longer good enough. Cyberattacks don’t clock out at 5 PM, and neither can your security strategy. For Managed Service Providers (MSPs), offering customers 24/7 cybersecurity protection and response isn’t just a competitive advantage—it’s an essential   show more ...

service for business continuity, customer trust, and staying ahead of attackers. But delivering round-the-clock security coverage is easier said than done. It requires the right tools, expertise, and scale. This is why partnering with OpenText for offering managed detection and response (MDR) can help MSPs deliver on this critical need without overburdening their resources. The case for 24/7 cybersecurity protection Let’s face it: the cyber threat landscape is relentless, and the game is changing fast. Small and medium-sized businesses (SMBs) make up the core customer base for MSPs and are often top targets for cyberattacks. Cybercriminals see SMBs as easier to exploit—with fewer resources for advanced defenses and treasure troves of valuable data. But what makes the modern threat landscape even more dangerous is the speed and sophistication with which cybercriminals operate. Attackers are no longer lone actors poking at vulnerabilities. They are part of well-funded by rogue nations, highly organized operations using advanced techniques, automation, and artificial intelligence to breach systems faster than ever. The numbers don’t lie: SMBs are the victims of 43% of cyberattacks. And many of these attacks happen outside of business hours. Cybercrime costs are skyrocketing: Global cybercrime damages are expected to hit $10.5 trillion annually by 2025, and businesses without adequate security measures face steep financial and reputational losses. Compliance mandates are tightening: Regulations like GDPR, CCPA, and PCI DSS mean SMBs are under growing pressure to protect their sensitive data 24/7. For MSPs, this means your customers need more than basic firewalls and endpoint protection. They need real-time monitoring, proactive threat hunting, and rapid incident response—all delivered 24/7. Anything less, and you risk leaving customers vulnerable to costly breaches. The challenge for MSPs: Scaling 24/7 coverage For MSPs, managing a large number of customers, the question becomes: How do you respond in real-time to stop these lightning-fast threats before they cause irreparable damage? Providing 24/7 cybersecurity protection is no easy task for MSPs. Building an in-house security operations center (SOC) to handle threats around the clock is both costly and resource-intensive. Some common challenges include: Talent shortages: The cybersecurity industry faces a well-documented skills gap, making it hard for MSPs to find and keep experienced analysts. This challenge is so widespread that 43% of MSPs cite it as their biggest obstacle to delivering security services. High costs: The expense of creating an in-house SOC can be astronomical, often reaching millions. In fact, 33% of MSPs identify the overwhelming cost of needing numerous cybersecurity tools as a major barrier to offering security services. Evolving threats: Cybercriminals are constantly adapting and refining their attack strategies, making it essential for MSPs to stay ahead. This ongoing evolution demands continuous investment in both training for an MSP’s security team and the latest technologies to effectively detect and mitigate new types of threats. This is where OpenText MDR comes in, empowering MSPs to deliver enterprise-grade protection without the heavy lifting of building your own in-house SOC. Why MSPs should partner with OpenText MDR OpenText MDR combines cutting-edge technology, human expertise, and 24/7 monitoring to help MSPs meet their customers’ growing cybersecurity demands. Here’s why OpenText MDR is the ideal solution: 24/7/365 threat monitoring and responseOpenText MDR provides constant vigilance, ensuring your customers are protected day and night. With advanced threat detection and remediation powered by SIEM and SOAR technology, it quickly spots and shuts down threats before they can do any damage. Access to cybersecurity expertsYou don’t need to recruit, train, or retain a team of highly skilled security analysts. OpenText MDR’s team of experts, including threat hunters, incident responders, and forensic analysts, acts as an extension of your team, empowering you to provide your customers with a proactive defense without the burden of recruiting an in-house team. Scalability without complexityAs your customer base grows, OpenText’s Secure Cloud Platform scales effortlessly to meet demand. OpenText MDR simplifies security management with automation that processes vast amounts of data quickly and integrates seamlessly with over 500 tools and services. Its lightweight agent ensures effortless deployment across multiple environments, providing end-to-end data visibility in a single dashboard, while leveraging existing investments and guided by expert human analysts Proven threat intelligenceLeverage OpenText’s global network and AI-driven threat intelligence and over 35 different threat intel feeds to stay ahead of emerging attack vectors. With automated and customizable workflows, continuous threat prioritization, containment, and remediation, you gain a proactive and collaborative approach to securing endpoints, networks, and cloud—reducing the likelihood of breaches and minimizing downtime. Why MSPs can’t afford to wait In a world where attackers can compromise a network in under an hour, every second counts. Without the ability to detect, analyze, and respond to security threats in real time, your customers face serious risks: Downtime from a successful attack, leading to lost revenue. Loss of sensitive data, with potential regulatory fines to follow. Reputational damage that’s hard to repair. MSPs that partner with OpenText MDR gain the speed, expertise, and oversight needed to combat these threats head-on. By combining advanced technology with human expertise, OpenText MDR delivers the constant vigilance your customers need to stay secure in the face of ever-evolving cyber threats. Let’s work together to give your customers the 24/7 protection they deserve.Contact us today to learn more. The post Why MSPs must offer 24/7 cybersecurity protection and response — and how OpenText MDR can help appeared first on Webroot Blog.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team In 2024, phishing remains one of the most prevalent and dangerous cybersecurity threats. Despite advancements in technology and increased awareness, cybercriminals continue to exploit human vulnerabilities, adapting their tactics to evade detection and   show more ...

maximize impact. This article delves into the reasons why phishing remains a top threat and explores […] La entrada Phishing in 2024: Navigating the Persistent Threat and AI’s Double-Edged Sword – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team In today’s digital landscape, the increasing reliance on Application Programming Interfaces (APIs) brings significant security challenges that organizations must address. The Salt Labs State of API Security Report, 2024, reveals that 95% of surveyed IT   show more ...

and security professionals have encountered issues with production APIs, and 23% have suffered breaches due […] La entrada Elevating Security: The Crucial Role of Effective API Management in Today’s Digital Landscape – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 academic papers

Source: securityboulevard.com – Author: David Harley I’ve never been a regular resident of the ivory halls of academia, but Mich Kabay recently made me aware of an article about legitimate scientific journals driven to distraction by being flooded with commentary apparently reflecting a surge in the use of   show more ...

artificial intelligence rather than legitimate research and […] La entrada The Vanity Press in Academia – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Home » Security Bloggers Network » DEF CON 32 – Open Source Hacker V. Government Lawyer Authors/Presenters: Rebecca Lively, Eddie Zaneski Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content.   show more ...

Originating from the conference’s events located at the Las Vegas Convention […] La entrada DEF CON 32 – Open Source Hacker V. Government Lawyer – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Compliance and Regulations

Source: securityboulevard.com – Author: Harman Singh PCI DSS refers to the Payment Card Industry Data Security Standard created by the PCI Security Standards Council (PCI SSC), an independent entity founded by major payment card brands, including Visa, JCB International, MasterCard, American Express, and   show more ...

Discover. PCI DSS is designed to protect cardholder data and ensure security […] La entrada PCI DSS Requirements With v4.0.1 Updates For 2024 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Compliance and Regulations

Source: securityboulevard.com – Author: Harman Singh In a time when cyber threats continuously evolve, a security standard or framework is essential for protecting digital assets. The Payment Card Industry Data Security Standard (PCI DSS), developed by the PCI Security Standards Council, empowers organisations   show more ...

to safeguard cardholder data globally. PCI DSS offers technical guidance and practical […] La entrada What is PCI DSS 4.0: Is This Still Applicable For 2024? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: johnk. When Andrew Dunbar started at Shopify in 2012, he was the only security team member. Now, in his role as Director of Risk & Compliance, he oversees a team of people, all focused on protecting the 500,000+ Shopify merchants who have done over $40B in sales to date.   show more ...

Dark Reading’s […] La entrada Shopify Shares How Hackers Help to Secure $40B+ in Transactions – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Jobert Abma. HackerOne has always been interested in giving back as much as possible. We strive to make it easy to help contribute to others who have been influential in your bug hunting. As a hacker myself, I know there is no way I would be where I’m at without the   show more ...

[…] La entrada $20,000,000: Time to split bounties! – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.hackerone.com – Author: johnk. Over 50,000 vulnerabilities found and fixed. Over 100,000 hackers strong in the HackerOne community. Over $20 million paid in bounties to those who help make the connected world more secure. Hacker-powered security is emerging as the most potent cure to the sorry state   show more ...

of software security. The vulnerabilities that go […] La entrada $20M in Bounties Paid and $100M In Sight – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Owais Sultan. With the advent of virtual reality, everyone got scared that the life we ​​know will disappear, and only those who understand new technologies will be able to find work. Remember what they said about newspapers. And about television. Radio. It seems likely that   show more ...

the same will play out in […] La entrada The Metaverse Will Become More Popular Than the Real World: Will Reality Disappear? – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: johnk. Hacktivity is one of the most popular pages on hackerone.com. And for good reason as it’s a veritable treasure trove of learning for hackers and a wonderful way for companies to practice transparency and showcase their security efforts. In honor of our $20M in   show more ...

bounties paid out to hackers (yay!), […] La entrada Celebrating $20M in Bounties with a Recap of Our Top 20 Up Voted Reports on Hacktivity – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: johnk. For many HackerOne customers, Slack is the place where team collaboration happens and where work gets done. Originally, we built our integration to maximize information sharing for teams that preferred a steady stream of alerts on HackerOne reports. But with more than   show more ...

800 active customers, we found that this approach […] La entrada Slack Integration 2.0: Notification Filters, Multiple Channels, & Username Mentions – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.hackerone.com – Author: johnk. Have you ever watched the Las Vegas sunrise after 12-hours of hacking through the night? The 50-hackers at H1-702 have. Hacking achievement, unlocked. H1-702 was HackerOne’s second annual live-hacking event held in Las Vegas during DEF CON. Live-hacking events like   show more ...

H1-702 bring together the world’s top hackers into the same […] La entrada What Happens in Vegas…Stays on Hacktivity – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.hackerone.com – Author: luke. Everyone should be focused on the security of their data and systems, from the mom-and-pop store down the street to the biggest multinational enterprises with security budgets in the tens of millions of dollars. All organizations have vulnerabilities, known or unknown,   show more ...

that put their data, revenue, brand, and products at […] La entrada Key Findings From The Hacker-Powered Security Report: Security Vulnerabilities Worry Companies the Most (6 of 6) – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Over the weekend, Italy faced new waves of DDoS attacks carried out by pro-Russia group NoName057(16). Pro-Russia hackers Noname057(16) targeted Italian ministries, institutions, critical infrastructure’s websites and private organizations over the   show more ...

weekend. The new wave of attacks coincides with the visit of Ukrainian President Volodymyr Zelensky to Italy. The […] La entrada Pro-Russia hackers NoName057 targets Italy again after Zelensky’s visit to the country – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Pro-Russia hackers NoName057 targets Italy again after Zelensky’s visit to the country  |  Security Affairs newsletter Round 506 by Pierluigi Paganini – INTERNATIONAL EDITION  |  How a researcher earned $100,000 hacking a Facebook   show more ...

server  |  DoJ charged three Russian citizens with operating crypto-mixing services  |  U.S. cannabis dispensary STIIIZY […] La entrada SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 28 – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. DoJ   show more ...

charged three Russian citizens with operating crypto-mixing services U.S. cannabis dispensary […] La entrada Security Affairs newsletter Round 506 by Pierluigi Paganini – INTERNATIONAL EDITION – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Facebook paid $100,000 to a researcher for discovering a bug that granted him command access to an internal server in October 2024. TechCrunch first reported that Facebook awarded security researcher Ben Sadeghipour (@NahamSec) $100,000 for reporting a   show more ...

vulnerability that granted him access to an internal server. The researcher emphasized the vulnerability […] La entrada How a researcher earned $100,000 hacking a Facebook server – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-01
Aggregator history
Monday, January 13
WED
THU
FRI
SAT
SUN
MON
TUE
JanuaryFebruaryMarch