Month: May 2024

  • Royal Tiger – The First Officially Designated Robocall Threat Actor

    Andrea Tipton

    On Monday, May 13th, the Federal Communications Commission (FCC) officially named its first robocall threat actor group,’ Royal Tiger’. This move goes along with the FCC’s new robocall bad actor classification system, Consumer Communications Information Services Threat (C-CIST). This system aims to assist law enforcement and industry partners with tracking threat actors behind robocall campaigns.  Royal Tiger is comprised of members operating… Read more

  • Fortinet Partner

    Fortinet Partner

    DEFENDEDGE

    Security Products & Solutions Our teams deploy Fortinet’s cutting-edge technologies around the globe When you need reliable technical support, we are your choice for scalable and secure services. “Having so many standalone firewalls out in the field we have to know they are built securely and reliably. As the health care industry remains a high… Read more

  • CISA and Partners Release Guidance for Civil Society Organizations on Mitigating Cyber Threats with Limited Resources

    DEFENDEDGE

    CISA, in partnership with the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and international partners, released Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society. The joint guidance provides civil society organizations and individuals with recommended actions and mitigations to reduce the risk of cyber intrusions. Additionally, the guide encourages… Read more

  • Vulnerability Summary for the Week of May 6, 2024

    DEFENDEDGE

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info academy_lms — academy_lms Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. 2024-05-06 7.1 CVE-2024-33912audit@patchstack.com brevo_for_woocommerce — sendinblue_for_woocommerce Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Brevo for WooCommerce Sendinblue for WooCommerce.This… Read more

  • Guarding Against Android Cyber Threats  

    Katherine Waszkiewicz

    When thinking about security measures to fight against malicious activity, rarely do people consider cellular security on the same level as network security. Social engineering techniques used by threat actors including phishing, vishing, and smishing should not be the end of where protection for mobile devices stops at. Identity theft and other types of exploits… Read more

  • CISA and Partners Release Advisory on Black Basta Ransomware

    DEFENDEDGE

    Today, CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint Cybersecurity Advisory (CSA) #StopRansomware: Black Basta to provide cybersecurity defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) used by known Black Basta… Read more

  • #StopRansomware: Black Basta

    DEFENDEDGE

    SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to… Read more

  • ASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies

    DEFENDEDGE

    Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), together with CISA, the Canadian Centre for Cyber Security (CCCS), the United Kingdom’s National Cyber Security Centre (NCSC-UK), and the New Zealand National Cyber Security Centre (NCSC-NZ) are releasing the following guidance: Secure by Design Choosing Secure and Verifiable Technologies. This guidance was crafted… Read more

  • Vulnerability Summary for the Week of April 29, 2024

    DEFENDEDGE

    Read more

  • CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities

    DEFENDEDGE

    Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare… Read more