It is critical to have meaningful security conversations with your vendors. These conversations help figure out your true organizational risk.| SENKI
Surfing Internet Security & Resiliency as we thrive, heal, and grow in this life ....| SENKI
Beware of “blame the vendor” distractions. https://bsky.app/profile/rgblights.bsky.social/post/3ltshf3lvc22e Rob Joyce posted this on his BlueSky account as a response to Alexander Martin’s article, “Spain awards Huawei contracts to manage intelligence agency wiretaps.” Both Rob and Alex are exasperating “blame the vendor” fears when the real problem is more systemic, with nothing to do with which world Read More| SENKI
Most cybersecurity threat researchers are missing out on ways to leverage the Shadowserver Foundation’s Infrastructure. Patrick Garrity highlights an aspect of this in his post about the collaboration to identify additional CVEs. If you are a threat researcher, consider accelerating the process Patrick is highlighting. If you are a threat researcher, don’t sit on your discovery Read More| SENKI
We need to rethink our cybersecurity practices. One step is to publish your threat model for all to review, comment on, and iterate.| SENKI
Threat Actors like the Typhoon Crews from China, are using simple techniques to penetrate networks. Do not ignore.| SENKI
Do you have a customer whose printer ports are open and vulnerable and can now be used for DDoS? Is your network’s “Internet Print Protocol” (IPP) port open and ready for exploitation? Last week, the Shadowserver Foundation alerted a “large increase in queries on 631/UDP seen in our sensors due to recent CUPS RCEs disclosure. Read More| SENKI
No, most ASEAN countries are not ready for “serious cybersecurity.” Cybersecurity requires a persistent and consistent rhythm of action that fixes known security risks. Public benefit—non-profit cyber civil defense organizations like the Shadowserver Foundation, CyberGreen, and other organizations deliver actionable cyber-risk reporting as a public benefit. Yes, these reports are free to organizations seeking to Read More| SENKI
The French Government sees the massive number of PlugX infections as a national threat. PlugX is malware used by Nation State threat actors to get inside networks. Sekoia was part of a sinkholing action that uncovered thousands of locations where PlugX is deployed. Should you be concerned? How do you discover if you have a Read More| SENKI
If you follow the May 10, 2024, Black Basta “critical action” recommendations, you will most likely be exposed and potentially exploited by the threat actors. Read through the #StopRansomware: Black Basta AA-24-131A and HS-ISAC Black Basta Threat Actor Emerges as a Major Threat to the Healthcare Industry. Then take a step back and mitigate/remediate the Read More| SENKI
Key points from the 2018 industry consultation on our anti-DDoS strategy. This is the trust peer community who daily battles DDoS.| SENKI
Leverage Shadowserver's Cyber Civil Defence reporting to protect your network from risk.| SENKI
