CYBER THIS WEEK – JULY 23, 2023
The top 10 API security risks OWASP list for 2023
Recognized for its comprehensiveness and accuracy, the Open Web Application Security Project (OWASP) Top 10 is a detailed list, updated every one to two years, highlighting critical web application security risks businesses should know
Cloudflare reports surge in sophisticated DDoS attacks
Cloudflare said there are several factors contributing to the increase in DDoS attacks globally, including pro-Russia hacktivists targeting Western nations amid the war in Ukraine, the rise of virtual machine botnets, and the exploitation of a zero-day vulnerability in the Mitel business phone system, which has made some attacks more powerful.
The Rising Importance of PLC Cybersecurity
As we stride towards a more data-driven future, PLC cybersecurity isn’t just an essential precaution; it’s a vital element in ensuring the resilience, integrity and longevity of our increasingly interconnected industrial systems.
How Will the New National Cybersecurity Strategy Be Implemented?
Balancing the need for cybersecurity without impeding innovation, privacy concerns, or stifling digital economic growth can … be a challenge. Overcoming these challenges requires a multi-faceted approach, collaboration across sectors, continued adaption to new threats, and a commitment of resources and expertise to ensure effective implementation of the national cybersecurity strategy.
The tail of the MOVEit hack may be longer than we realize
Much of the public discussion around the impact of the hacks has focused on direct Progress Software’s customers, or entities that purchased or used its file transfer service. But cybersecurity experts who have sorted through the wreckage, as well as companies that specialize in scrutinizing software supply chain vulnerabilities, believe the universe of potential exposure could reach well beyond that group.
Why and how CISOs should work with lawyers to address regulatory burdens
As the scope of cybersecurity related regulations grows, CISOs may need to partner more closely with legal teams to understand the changing requirements.
What Do We Do Now? The Immediate Aftermath of Declining Ransomware Demands
If your organization is struck by ransomware and the decision is rendered not to pay the ransom, it is advised to stall the threat actor before informing them of this decision so that you can pull expertise into the room as quickly as possible to make the best, next-step decisions (“Stall and Call”) so you can be prepared for any additional actions, such as DDoS attacks or data publication
The rise of AI in SASE applications will fend off cyber threats
As the threat landscape continues to evolve and organizations become increasingly reliant on cloud services, AI will likely co-evolve and its participatory role in SASE applications will improve threat detection and prevention, prioritize incidents, and improve asset visibility and risk assessment.
How AI-Enabled Threat Intelligence Is Becoming Our Future
The prospects of an AI-driven threat intelligence industry are both exhilarating and inevitable. What’s often perceived as a threat to jobs—AI—actually augments human capabilities and amplifies their efforts in combating ever-evolving cyber threats.
The Strategic Advantage of a Multi-Layered Cybersecurity Approach
A multi-layered cybersecurity approach, often referred to as ‘defense in depth,’ involves using various security controls across multiple layers of an organization’s IT infrastructure. This defense strategy can be likened to a castle’s defenses, which include moats, walls, towers, and internal fortifications— each serving as a line of defense to slow down, deter, or defeat attackers.