š Welcome to the 37th edition Cyber Weekly DigestĀ of 2024
š“ó §ó ¢ó ³ó £ó “ó æ That's a wrap for Scot Secure West... and my word, it was a good one! A huge heartfelt THANK YOU to every single person that joined us in Glasgow, from our vendor partners and comedians that supported the event to our customers and new faces that took time out to engage with the team.
After a day of fantastic conversation and unmissable break out sessions (Automox and Egress) there were a lot of laughs, a bit of Irish dancing, plenty of karaoke, new and interesting phrases learnt and a few sore heads the following day. Roll on the next one!
Massive shout out to Katie for organising the event and Martyn Wallace (who obvs toned it down for the corporate environment) for being a fantastic host.
š Also a special mention for #MegaBus, my new favourite way to travel
NewĀ and noteworthyĀ from our vendor community this week:
š¤ Buckle up for absolute Blog-Ageddon...
Ā
š„ While manufacturing organisations need to be aware of the heightened cyber risk they face, there are plenty of actions these businesses can take to harden their attack surface, reduce their risk, and put themselves in a better position to defend against cyber threats.
We love this blog post from Arctic Wolf on how manufacturing orgs can increase their cyber security
š„ Keep up with the Automox Happenings...
š New Enhancement to Automox Device Explorer
š Expansion of Third-Party Patch Catalog
š Introducing New Automations
...And more in product updates September
š„ Why understanding DORA is important. š
The Digital Operational Resilience Act (#DORA) is set to reshape how financial entities handle ICT risks. This blog from Bugcrowd answers your most frequently asked questionsālike who DORA applies to and what key dates you need to know. If you're in finance or tech, this oneās for you.
LastĀ but not least...
š„ Looking for a more efficient and cost-effective way to secure cloud data? Check out this blog from Imperva to discover the benefits of agentless database activity monitoring and how it can help organisations navigate the increasing complexity of modern data environments
Now, let's take a look at our top Cyber Security News picks of the week:
ā ļø This week we were warned of #ThreatActors infecting TV streaming boxes, a big old whoopsie at #Fortinet and an arrest made following the hacking of #TfL...
Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server. Fortinet is one of the largest cybersecurity companies in the world, selling secure networking products like firewalls, routers, and VPN devices. The company also offers SIEM, network management, andĀ EDR/XDR solutions, as well as consulting services. Early this morning, a threat actor posted to a hacking forum that they had stolen 440GB of data from Fortinet's Azure Sharepoint instance. The threat actor then shared credentials to an alleged S3 bucket where the stolen data is stored for other threat actors to download.
U.K.'s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city's public transportation agency. "A teenager has been arrested in Walsall by the National Crime Agency, as part of the investigation into a cyber security incident affecting Transport for London (TfL)," reads the NCA statement. "The 17-year-old male was detained on suspicion of Computer Misuse Act offences in relation to the attack, which was launched on TfL on 1 September."
Ā
Threat actors have infected over 1.3 million TV streaming boxes running Android with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices.
The Android Open Source Project (AOSP) is anĀ open source operating system led by Google that can be used on mobile, streaming, and IoT devices. In a new report by Dr.Web, researchers found 1.3 million devices infected with the Vo1d malware in over 200 countries, with the largest number detected inĀ Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria, and Indonesia.
Ā
American car rental giant Avis notified customers that unknown attackers breached one of its business applications last month and stole some of their personal information.
According to data breach notification letters sent to impacted customers on Wednesday and filed with California's Office of the Attorney General, the company took action to stop the unauthorized access, launched an investigation with the help of external cybersecurity experts, and reported the incident to relevant authorities after learning of the breach on August 5.
5. SentinelOne Achieves FedRAMP High Authorization for Singularity Platform and Singularity Data Lake
MOUNTAIN VIEW, CA ā September 12, 2024 ā SentinelOneĀ® (NYSE: S), a global leader in AI-powered security, today announced that the SentinelOne Singularityā¢ Platform and Singularity Data Lake have achieved Federal Risk and Authorization Management Program (FedRAMPĀ®) authorization at the High Impact Level from the FedRAMP Program Management Office. The authorization validates the strength of SentinelOneās AI-powered solutions in providing industry-leading protection against cyber attacks to US Federal, Public Sector, Defense Industrial Base (DIB) and Critical Infrastructure entities.
Comments