Security teams should prepare for what researchers say will be a challenging environment through 2023, with increased pressure from government regulators, partners, and threat actors. Gartner kicked off its Security & Risk Management Summit with the release of its analysts’ assessments of the work ahead, which Richard Addiscott, the company’s senior director analyst, discussed during…

Motorola described the Public Safety Threat Alliance (PSTA) as an information sharing and analysis organization (ISAO) and noted that it’s recognized by the US Cybersecurity and Infrastructure Security Agency (CISA), which serves as its National Coordinator for Critical Infrastructure Security and Resilience. The PSTA is open to all public safety agencies. Its role is to…

Kovrr and SANS Institute released their joint survey that reveals enterprise motivation and impact of cyber risk quantification (CRQ) in the modern cybersecurity landscape. CRQ helps businesses evaluate the potential financial impact of cyber events on an organization and is becoming an increasingly critical part of risk management programs. The survey found that over 75%…

CISA and the FBI have made a series of recommendations to help SATCOM network providers and customers strengthen cybersecurity. Network providers have been advised to implement additional monitoring capabilities for anomalous traffic related to SATCOM equipment. They have also been advised to read a recent threat assessment report from the Office of the Director of…

SecurityWeek will host its 2022 Attack Surface Management Summit, Presented by Randori, as a fully immersive virtual event today. With the pandemic-induced digital transformation underway, security teams are turning to Attack Surface Management (ASM) tools to continuously discover, inventory, classify, prioritize, and monitor digital assets for signs of weaknesses. In this special virtual summit and…

The nonprofit cybersecurity organization is scanning the web for exposed services that use the Modbus industrial communications protocol on TCP port 502, but Shadowserver’s Piotr Kijewski told SecurityWeek that they plan on introducing many other ICS and operational technology (OT) protocol scans in the near future. Shadowserver has been working with national cybersecurity agencies, law…

One of these is CVE-2022-24086, a critical-severity (CVSS score 9.8) vulnerability in Adobe Commerce and Magento. Described as an improper input validation bug, the security hole can be exploited to achieve remote code execution, without authentication. On Sunday, Adobe released an emergency advisory to warn that it had observed very limited attacks targeting CVE-2022-24086. The…

This is a result of basic mechanics: “When one object exerts a force on a second object, the second one exerts a force on the first that is equal in magnitude and opposite in direction.” In cyber, it means that when defenses get stronger, attackers get more sophisticated; and when attackers get more sophisticated, defenses…