The UK’s financial regulators have discarded plans to force critical suppliers to disclose new vulnerabilities
Yearly Archives: 2024
LevelBlue Cybersecurity Awareness Month Recap
Each year, Cybersecurity Awareness Month serves as a reminder of the critical role that cybersecurity plays in our lives. Every October, LevelBlue champions this initiative which brings awareness to cyber risks, and promotes best practices to protect against growing cyber threats.
Throughout the month, we focused the spotlight on cyber resilience – sharing key trends and insights through research, thought leadership, and social media.
LevelBlue Research on Cyber Resilience
This month LevelBlue released the 2024 Futures Report: Cyber Resilience in Financial Services and 2024 Futures Report: Cyber Resilience in Energy and Utilities, research highlighting trends around the barriers to cyber resilience in each industry. As attacks increase, compounded by the complexities of dynamic computing and an evolving threat landscape organizations are more vulnerable than ever. Notably, however, a key takeaway from our research was that despite acknowledging an increased exposure to risks, organizations believe computing innovation benefits outweigh the cybersecurity risks.
The LevelBlue Futures Reports also revealed common trends across both industries including:
72% and 77% of financial services and energy and utilities organizations respectively, indicate that digital transformation is an ongoing barrier to cybersecurity resilience
72% and 68% of financial services and energy and utilities organizations respectively, indicate that cyber resilience efforts are often siloed
62% and 61% of financial services and energy and utilities organizations respectively, reveal there’s a lack of understanding about cybersecurity at the board level
LevelBlue’s research outlines five key strategies for business leaders to follow to achieve cyber resilience. We encourage security and business leaders to leverage our research to start the conversation about cyber resilience in their organizations.
Insights from Our Executives on Cyber Resilience
In addition to our research, LevelBlue executives offered valuable insights on the importance of Cybersecurity Awareness Month, emphasizing the ongoing need for vigilance and resilience in the face of evolving cyber threats.
Rakesh Shah, AVP – Product Management, shared his perspective with VMblog on how businesses should work to safeguard their most important assets during Cybersecurity Awareness Month – and beyond. He notes, “During a time when threat actors are leveraging generative AI to write targeted emails, impersonate public figures and personal contacts, as well as write new malware, we must act quickly and collaboratively. The pendulum will soon swing to the other side, as defenders and vendors invest in AI to counterbalance what the malicious actors are doing. We need to simplify security and take a page from the offense’s AI playbook, not just this Cybersecurity Awareness Month, but for years to come.”
Appearing on an episode of Security Guy TV, Rakesh discussed the importance of the Zero Trust security model to safeguard digital environments.
During October, LevelBlue proudly served as a Platinum sponsor for the 14th Annual Lonestar Application Security Conference (LASCON) in Austin, TX. The event attracts top speakers and attendees from around the world, offering a unique opportunity to gain cutting-edge knowledge from expertly curated sessions. Beyond cybersecurity insights, participants enjoyed hands-on experiences, from lock-picking workshops to thrilling bull rides.
Spreading Cybersecurity Awareness
To amplify the theme for Cybersecurity Awareness Month ‘Secure Our World’, LevelBlue took to social media to share tips and best practices for staying secure online. These tips focused on the best ways to combat the most common attacks including, spotting a phishing attack, the implementation of strong passwords and password management, the use of multifactor authentication, and the need for updated software to help best protect against malicious actors.
Throughout Cybersecurity Awareness Month and beyond, LevelBlue is committed to being an advocate and partner for organizations looking to achieve cyber resilience. Download the complete findings of the 2024 LevelBlue Futures Report for Financial Services here and Energy and Utilities here. For more information on LevelBlue and its managed security, consulting, and threat intelligence services, follow us on X and LinkedIn.
ZDI-24-1511: Microsoft Office PowerPoint PPTX File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-49032.
Smashing Security podcast #393: Who needs a laptop to hack when you have a Firestick?
Arion Kurtaj, a teenager from the UK, amassed a fortune through audacious cybercrimes. From stealing Grand Theft Auto 6 secrets to erasing Brazil’s COVID vaccination data, his exploits were legendary. But his hacking spree took a bizarre turn when he was placed under police protection… in a Travelodge outside Oxford.
Plus Bengal cat lovers in Australia should be on their guard, as your furry feline friends might be leading you into a dangerous trap., and there’s yet more headaches for troubled 23andMe.
All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.
xen-4.17.5-3.fc39
FEDORA-2024-b043effc6a
Packages in this update:
xen-4.17.5-3.fc39
Update description:
Deadlock in x86 HVM standard VGA handling [XSA-463, CVE-2024-45818]
libxl leaks data to PVH guests via ACPI tables [XSA-464, CVE-2024-45819]
trafficserver-9.2.6-2.fc40
FEDORA-2024-b3c4e8da81
Packages in this update:
trafficserver-9.2.6-2.fc40
Update description:
Update to upstream 9.2.6
Backport fix for broken oubound TLS with OpenSSL 3.2+
Resolves CVE-2024-38479, CVE-2024-50305, CVE-2024-50306
trafficserver-9.2.6-2.fc39
FEDORA-2024-589ea34c42
Packages in this update:
trafficserver-9.2.6-2.fc39
Update description:
Update to upstream 9.2.6
Backport fix for broken oubound TLS with OpenSSL 3.2+
Resolves CVE-2024-38479, CVE-2024-50305, CVE-2024-50306
trafficserver-9.2.6-2.el9
FEDORA-EPEL-2024-23b122f235
Packages in this update:
trafficserver-9.2.6-2.el9
Update description:
Update to upstream 9.2.6
Backport fix for broken oubound TLS with OpenSSL 3.2+
Resolves CVE-2024-38479, CVE-2024-50305, CVE-2024-50306
trafficserver-9.2.6-2.fc41
FEDORA-2024-f4dc07db08
Packages in this update:
trafficserver-9.2.6-2.fc41
Update description:
Update to upstream 9.2.6
Backport fix for broken oubound TLS with OpenSSL 3.2+
Resolves CVE-2024-38479, CVE-2024-50305, CVE-2024-50306
trafficserver-9.2.6-2.el8
FEDORA-EPEL-2024-60dd7e7ad3
Packages in this update:
trafficserver-9.2.6-2.el8
Update description:
Update to upstream 9.2.6
Backport fix for broken oubound TLS with OpenSSL 3.2+
Resolves CVE-2024-38479, CVE-2024-50305, CVE-2024-50306