Microsoft의 February 2024 Patch Tuesday에서 73개 CVE를 처리(CVE-2024-21351, CVE-2024-21412)
Microsoft addresses 73 CVEs, including three zero-day vulnerabilities that were exploited in the wild....
How a Serverless Architecture Can Help You Secure Cloud-Native Applications
Cybersecurity teams often struggle with securing cloud-native applications, which are becoming increasingly popular with developers. The good news is that deploying these applications on a serverless architecture can make it easier to protect them. Here’s why....
Unused Access Analyzer: A Leap Toward Least Privilege, Not the End of the Journey
AWS IAM Access Analyzer can now detect action-level unused permissions. It’s a great enhancement in the native toolbox to achieve least privilege — but if you need comprehensive entitlements management at scale you will probably need additional tooling and work. Find out why and what you can do to c...
CVE-2024-21762: 중요 Fortinet FortiOS 아웃오브밴드 쓰기 SSL VPN 취약성
Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. critical infrastructure through exploitation of known vulnerabilities...
Shoring Up Water Security: Industry Leaders Testify Before Congress
The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection recently brought together industry leaders and stakeholders to discuss the urgent need for protective measures, baseline cybersecurity standards and collaboration initiatives to fortify the nation’s critical wate...
사이버 보안 스냅샷: Critical Infrastructure Orgs Must Beware of China-backed Volt Typhoon, Cyber Agencies Warn
The Volt Typhoon hacking gang is stealthily breaching critical infrastructure IT environments so it can strike on behalf of the Chinese government, cyber agencies say. Plus, ransomware gangs netted $1 billion-plus in 2023. In addition, new group tasked with addressing the quantum computing threat dr...
Keep the Water Flowing for the DoD: Securing Operational Technology from Cyberattacks
Malicious actors are ramping up attacks against water and wastewater systems (WWS), which are not only attractive targets but also complex to protect. 미국의 Department of Defense (DoD) in particular operates a large number of WWS facilities. Read on to learn how a strong cybersecurity program can...
AnyDesk에 보안 인시던트에 대해 자주 묻는 질문
Frequently asked questions relating to a security incident at AnyDesk that was publicly disclosed on February 2....
사이버 보안 스냅샷: Attackers Hack Routers To Hit Critical Infrastructure, as CISA Calls for More Secure Router Design
CISA is calling on router makers to improve security, because attackers like Volt Typhoon compromise routers to breach critical infrastructure systems. Meanwhile, data breaches hit an all-time high in the U.S. Plus, Italy says ChatGPT violates EU privacy laws. And a cyber expert calls on universitie...
허술한 ID 하이진이 Microsoft에 국가 정부가 주도하는 공격의 근본 원인
The latest breach suffered by Microsoft shows once again that detection and response are not enough. Because the source of an attack almost always boils down to a single overlooked user and permission, it’s critical for organizations to have strong preventive security....
CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently Asked Questions for Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
Frequently asked questions for five CVEs affecting Ivanti Connect Secure and Policy Secure Gateways, with three of the vulnerabilities having been exploited in the wild as zero-days....
주요 도전 과제에 대한 클라우드 리더들의 의견
Too many identities, systems and cooks in the kitchen cloud an already complex mandate....