The State of Security - Edition #14
?? Welcome to the 14th edition of The State of Security monthly LinkedIn newsletter.
?? As part of Fortra's Tripwire, we at the State of Security recognize the crucial role that technological solutions play in the cybersecurity strategies of many organizations. Nonetheless, we also understand that technology represents only one facet of effective security. Ultimately, it is people who protect people.
??? Our monthly LinkedIn newsletter serves to continue our mission of providing spaces for the cybersecurity community to share news, commentary, and resources.
??? This month, we take a look at the latest cyber threats, including Storm-2372's Microsoft Teams phishing attacks, and the importance of monitoring both applications and operating systems. Learn how to build a strong vulnerability management program, and check out the #TripwireBookClub review of Black Hat Bash, a must-read for security pros.
Got a Microsoft Teams invite? Storm-2372 Gang Exploit Device Codes in Global Phishing Attacks
Cybercriminals are finding new ways to bypass security defenses—this time by abusing device code authentication. The Storm-2372 group has been running a phishing campaign since August 2024, tricking victims into entering authentication codes on legitimate Microsoft login pages. This technique allows attackers to gain access to sensitive email archives and cloud-stored data without stealing passwords or MFA codes.
Cybersecurity experts warn this method could be exploited further. Are your defenses ready?
Read Graham Cluley 's blog to learn how to stay secure.
Monitoring Applications vs. Operating Systems: Why It Matters
Should you monitor applications, operating systems, or both?
Many organizations struggle with prioritizing their security monitoring efforts. Applications house critical configurations, while operating systems form the foundation of IT infrastructure. Neglecting either leaves your organization exposed to cyber threats.
Jeff Hines explains why balancing both is key to securing your IT environment.
Building a Vulnerability Management Program from Scratch
Building a vulnerability management (VM) program from scratch is no small feat.
Chris Hudson shares his journey of helping a client discard their legacy approach and start afresh.
??? Key insights include:
Building a cross-functional team and creating a detailed asset inventory are crucial steps. A risk-based approach ensures critical issues are prioritized. Start today to stay ahead of evolving threats.
Learn how: ??
#TripwireBookClub - Black Hat Bash: Creative Scripting for Hackers and Pentesters
Up next from #TripwireBookClub is Black Hat Bash: Creative Scripting for Hackers and Pentesters by Dolev Farhi and Nick Aleks.
This book serves as a fantastic introduction to Bash scripting, ethical hacking, and Linux fundamentals, making it a great resource for beginners and seasoned professionals alike.
What makes this book stand out?
This book is a solid starting point for those new to hacking or system administration. However, even experienced professionals will discover new techniques to enhance their skills.
?? Read the full review and ratings from Matthew Jerzewski, Lane Thames, Andrew Swoboda, Darlene Hibbs, Tyler Reguly and David Grajales here:
To stay up to date with all the great content on the State of Security, you can sign up for our weekly newsletter here.