Blog

Maximizing the defender’s advantage: Five steps cyber leaders can take today

Dan VanBelleghem, a senior director, cybersecurity programs, at General Dynamics Information Technology (GDIT), explains how agencies can stay ahead of cyber attackers.
http://news.poseidon-us.com/SqZ98k

Regular business, like your agency’s budget, is coming back to life in Congress

Committees in the House will take up two important issues this week: Agency budgets for 2024 and the next National Defense Authorization Act (NDAA). This will transpire as Congress recovers from its exertions over the debt ceiling.
http://news.poseidon-us.com/SqYmhw

Threat intelligence programs poised for growth

In my last CSO article, I detailed cybersecurity professionals’ opinions on the characteristics of a mature cyber-threat intelligence (CTI) program. According to ESG research, the top attributes of a mature CTI program include dissemination of reports to a broad audience, analysis of massive amounts of threat data, and CTI integration with lots of security technologies. Alas, most CTI programs are far from mature, but this may change over the next few years as most enterprise organizations bolster CTI program investment. Sixty-three percent of enterprises plan to increase CTI program spending “significantly” over the next 12 to 18 months, while another 34% plan to increase CTI program spending “somewhat.” To read this article in full, please click here
http://news.poseidon-us.com/SqXhYy

Lack of adequate investments hinders identity security efforts

Organizations are still grappling with identity-related incidents, with an alarming 90% reporting one in the last 12 months, a 6% increase from last year, according to The Identity Defined Security Alliance (IDSA). Protecting digital identities As identities continue to significantly grow, identity stakeholders are faced with an increasing number of barriers without the needed support from leadership. A staggering 49% report that their leadership teams understand identity and security risks and proactively invest in protection … More → The post Lack of adequate investments hinders identity security efforts appeared first on Help Net Security.
http://news.poseidon-us.com/SqX5fB

ISC Stormcast For Monday, June 12th, 2023 https://isc.sans.edu/podcastdetail/8534, (Mon, Jun 12th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/SqX3NC

Fortinet patches pre-auth RCE, update your Fortigate firewalls ASAP! (CVE-2023-27997)

Fortinet has released several versions of FortiOS, the OS/firmware powering its Fortigate firewalls, without mentioning that they include a fix for CVE-2023-27997, a remote code execution (RCE) flaw that does not require the attacker to be logged in to exploit it. The vulnerability has been fixed in FortiOS versions 7.2.5, 7.0.12, 6.4.13, 6.2.15 and, apparently also in v6.0.17 (even though Fortinet officially stopped supporting the 6.0 branch last year). Enterprise admins are advised to upgrade … More → The post Fortinet patches pre-auth RCE, update your Fortigate firewalls ASAP! (CVE-2023-27997) appeared first on Help Net Security.
http://news.poseidon-us.com/SqWSRl

DShield Honeypot Activity for May 2023 , (Sun, Jun 11th)

It is always interesting to review what my DShield honeypot has stored the previous month, what is also interesting is how the activity vary from week to week. Beside the graph, it is the Top 10 IPs for May.
http://news.poseidon-us.com/SqW9SC

Week in review: 9 free cybersecurity whitepapers, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cl0p announces rules for extortion negotiation after MOVEit hack The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 to get in contact with them – or they will post their name on their dedicated leak page. 0mega ransomware gang changes tactics … More → The post Week in review: 9 free cybersecurity whitepapers, Patch Tuesday forecast appeared first on Help Net Security.
http://news.poseidon-us.com/SqVVn2

Agencies finding DEIA programs an ‘incredibly important retention strategy’

As the federal government struggles to find ways to recruit new talent and retain current employees, some agencies are finding success through diversity, equity, inclusion and accessibility (DEIA) working groups.
http://news.poseidon-us.com/SqRPC0

South Korean Government Agencies, NIST Sign MOU to Cooperate on Automated Vehicle R&D

On April 24, 2023, representatives of NIST and the Republic of Korea’s government agencies – the Korea Institute for Advancement of Technology and Korea Automotive Technology Institute – signed a memorandum of understanding to cooperate on research
http://news.poseidon-us.com/SqRHWw