Ringing in the New Year with a Look Back
Welcome to the January Edition of The Watch, featuring cyber intel from Deepwatch Labs, information security news, industry insights, and upcoming Deepwatch events. Hit the Subscribe button to stay in the know!
?? IN THIS ISSUE:
Deepwatch SecOps Pulse Report
Get a fresh read on what SecOps leaders are doing to prepare for 2023.
In the report, we discuss?
?? Insights Blog: 24/7/365 Security Coverage – Choose Your Own Adventure
Written by: Deepwatch CISO, David Stoicescu
Deepwatch found that 38% of companies do not have around the clock security coverage. And as we all know, attackers don’t respect business hours. The worry of whether or not an attack will occur at a time when your SOC isn't staffed is what keeps many security professionals up at night.?
So, how do you address this? In this Insights Blog?post, we dive into the various paths businesses can take to achieve 24/7/365 security coverage and what to consider when making that decision.
?? Deepwatch Cyber Threat Intelligence
Deepwatch provides curated cybersecurity threat intelligence to keep your organization and SOC ahead of the latest security threats and zero-day vulnerabilities. Below are a few top cyber threats from the past month.
?? Citrix ADC and Citrix Gateway Critical Vulnerability (CVE-2022-27518) Actively Exploited
What Happened??
On 13 December, Citrix released a security bulletin for a vulnerability in Citrix Gateway and Citrix ADC devices, acknowledging in a blog post that they are “aware of a small number of targeted attacks in the wild.” On the same day, the National Security Agency (NSA) released a Cybersecurity Advisory (CSA), “APT5: Citrix ADC Threat Hunting Guidance,” due to APT5 demonstrating capabilities to target and exploit Citrix ADC deployments.
?? FortiOS SSL-VPN Vulnerability (CVE-2022-42475) Exploited in the Wild
What Happened??
A heap-based buffer overflow vulnerability [CVE-2022-42475 / CVSSv3 9.3] in FortiOS SSL-VPN was discovered, and Fortinet is aware of one instance where the vulnerability has been exploited in the wild. This vulnerability may allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
?? CISA Publishes Advisory for Cuba Ransomware Affiliates
What You Need to Know:?
The FBI and CISA released a joint Cybersecurity Advisory (CSA) to disseminate known Cuba ransomware TTPs and observables identified through FBI investigations, third-party reporting, and open-source reporting. The advisory updates the FBI’s December 2021 Flash: Indicators of Compromise Associated with Cuba Ransomware.
?? Rise in Exploitation Attempts Against RDP
What You Need to Know:?
Cyble’s global sensor network data identified almost 5 million RDP exploitation attempts between September and November, primarily targeting the United States and Russia. The most prevalent vulnerability threat actors attempted to exploit was the BlueKeep vulnerability (CVE-2019-0708). Cyble hypothesizes that most exposed RDP ports over the internet still contain the BlueKeep vulnerability, identifying over 50,000 internet-exposed instances still affected by the BlueKeep vulnerability.
Subscribe to Deepwatch Labs to stay up-to-date on the latest cyber threat intelligence, advisories, and recommendations.
?? Deepwatch December Events
Deepwatch, along with partners and guests, took a ride in the fast lane during the Xccelerate Roadshow event where guests were able to drive a supercar and network with like-minded Information Security peers.?
领英推荐
Drybar Women in Tech Event with Drybar , SHI International Corp. , and Splunk .
Deepwatch and partners, SHI International and Splunk hosted an event at Drybar where industry peers gathered to collaborate and enjoy a relaxing afternoon at the salon.
?? Three Keys to Reducing Ransomware
While we hope for a far less ransomware-filled 2023, organizations need to quickly advance their security profile using three key steps to ensure they are prepared to prevent and remediate attacks:
Download the Full Infographic for more.
?? Find Your Career With Deepwatch!
Our unique, fully remote work environment is developed with employee needs in mind, giving you the flexibility and benefits to make your career what you want. Explore current opportunities and learn how it feels to be part of the team.?
?
Join a dedicated team of professionals who are passionate about driving positive change in the cybersecurity industry.
View all open positions on our website here.
?? Trending Infosec News
?? Employee Spotlight
For this month's Employee Spotlight, we asked Security Analyst III, Patrick Sweeney , what true leadership looks like.
?? ICYMI...
How we help our customers prepare for tighter budgets with Deepwatch as an extension of their team.
?? UPCOMING EVENTS...
2023 Technology United CIO Forum | February 17, 2023
The CIO Forum is hosted by Technology United’s CIO Advisory Board members and benefits United Way of Greater Milwaukee & Waukesha County.
This half-day event brings together CIOs and CISOs from major companies in the Milwaukee area. Register today and View more Deepwatch Events!
About Deepwatch
Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by its cloud security platform, Deepwatch provides detection and automated response to cyber threats with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business. Visit www.deepwatch.com to learn more.
Student at Stetson University
2 年A great read. I'm a recent cybersecurity grad and I'm looking for any positions in the central Florida area.