Read Time:6 Second
The Australian government’s Cyber Security Bill 2024 will mandate cybersecurity standards for smart devices and introduce ransomware reporting requirements
Enhancing Cyber Resilience in the Financial Services Industry
Read Time:2 Minute, 24 Second
2024 Cyber Resilience Research Unveils Financial Services Industry Challenges
New data illuminates how financial services leaders can prioritize resilience.
Financial services institutions find themselves at the intersection of progress and peril in the rapidly evolving digital landscape. The latest data underscores that the trade-offs are significant and pose substantial risks to financial institutions.
Get your complimentary copy of the report.
One of the foremost obstacles is the disconnect between senior executives and cybersecurity priorities. Despite recognizing cyber resilience as a crucial imperative, many financial services institutions struggle to secure the support and resources from top leadership. This lack of engagement hinders progress and leaves institutions vulnerable to potential breaches.
Meanwhile, technology continues to advance astonishingly, as do the risks posed by cyber threats. The 2024 LevelBlue Futures™ Report reveals this delicate balancing act between innovation and security within the financial services industry. Our comprehensive analysis identifies opportunities for deeper alignment between executive leadership and technical teams.
The Elusive Quest for Cyber Resilience in Financial Services
Imagine a world where financial services institutions are impervious to cyber threats—where every aspect of an operation is fortified against disruptions. This is the lofty ideal of cyber resilience, yet it remains an elusive goal for many financial services institutions. The rapid evolution of computing has transformed the IT landscape, blurring the lines between legacy systems, cloud computing, and digital transformation initiatives. While these advancements bring undeniable benefits, they also introduce unprecedented risks.
Our research indicates that 85% of finance respondents agree that dynamic computing increases their risk exposure. In a world where cybercriminals are becoming increasingly sophisticated, the need for cyber resilience has never been more urgent. From ransomware attacks to crippling DDoS incidents, financial institutions operate in a climate where a single breach can have catastrophic consequences.
Exploring the Relationship Between Leadership and Cyber Resilience
Our survey of 1,050 C-suite and senior executives, including 197 from the finance sector across 18 countries, highlights the pressing need for cyber resilience. The report is designed to foster thoughtful discussions about vulnerabilities and improvement opportunities.
In the report, you’ll:
Discover why financial services leaders and tech teams must prioritize cyber resilience.
Learn about the critical barriers to achieving cyber resilience.
Uncover the importance of business context and operational issues in prioritizing resilience.
Recognizing the Imperative of Cyber Resilience
Financial services leaders are called to chart a course toward greater security and preparedness. Reacting to cyber threats as they arise is no longer enough; organizations must proactively bolster their defenses and cultivate a culture of resilience from within.
Our research delves into the multifaceted challenges facing financial services institutions in their quest for cyber resilience. From limited visibility into IT estates to the complexity of integrating new technologies with legacy systems, financial institutions grapple with deep-seated barriers that hinder their ability to withstand cyber threats.
Enhancing Cyber Resilience in the Financial Services Industry
Read Time:2 Minute, 24 Second
2024 Cyber Resilience Research Unveils Financial Services Industry Challenges
New data illuminates how financial services leaders can prioritize resilience.
Financial services institutions find themselves at the intersection of progress and peril in the rapidly evolving digital landscape. The latest data underscores that the trade-offs are significant and pose substantial risks to financial institutions.
Get your complimentary copy of the report.
One of the foremost obstacles is the disconnect between senior executives and cybersecurity priorities. Despite recognizing cyber resilience as a crucial imperative, many financial services institutions struggle to secure the support and resources from top leadership. This lack of engagement hinders progress and leaves institutions vulnerable to potential breaches.
Meanwhile, technology continues to advance astonishingly, as do the risks posed by cyber threats. The 2024 LevelBlue Futures™ Report reveals this delicate balancing act between innovation and security within the financial services industry. Our comprehensive analysis identifies opportunities for deeper alignment between executive leadership and technical teams.
The Elusive Quest for Cyber Resilience in Financial Services
Imagine a world where financial services institutions are impervious to cyber threats—where every aspect of an operation is fortified against disruptions. This is the lofty ideal of cyber resilience, yet it remains an elusive goal for many financial services institutions. The rapid evolution of computing has transformed the IT landscape, blurring the lines between legacy systems, cloud computing, and digital transformation initiatives. While these advancements bring undeniable benefits, they also introduce unprecedented risks.
Our research indicates that 85% of finance respondents agree that dynamic computing increases their risk exposure. In a world where cybercriminals are becoming increasingly sophisticated, the need for cyber resilience has never been more urgent. From ransomware attacks to crippling DDoS incidents, financial institutions operate in a climate where a single breach can have catastrophic consequences.
Exploring the Relationship Between Leadership and Cyber Resilience
Our survey of 1,050 C-suite and senior executives, including 197 from the finance sector across 18 countries, highlights the pressing need for cyber resilience. The report is designed to foster thoughtful discussions about vulnerabilities and improvement opportunities.
In the report, you’ll:
Discover why financial services leaders and tech teams must prioritize cyber resilience.
Learn about the critical barriers to achieving cyber resilience.
Uncover the importance of business context and operational issues in prioritizing resilience.
Recognizing the Imperative of Cyber Resilience
Financial services leaders are called to chart a course toward greater security and preparedness. Reacting to cyber threats as they arise is no longer enough; organizations must proactively bolster their defenses and cultivate a culture of resilience from within.
Our research delves into the multifaceted challenges facing financial services institutions in their quest for cyber resilience. From limited visibility into IT estates to the complexity of integrating new technologies with legacy systems, financial institutions grapple with deep-seated barriers that hinder their ability to withstand cyber threats.
New EU Body to Centralize Complaints Against Facebook, TikTok, YouTube
Read Time:6 Second
The Appeals Centre Europe is supported by Meta’s Oversight Board Trust and certified by Ireland’s media regulator
Ivanti: Three CSA Zero-Days Are Being Exploited in Attacks
Read Time:5 Second
Ivanti’s Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs
Microsoft Fixes Five Zero-Days in October Patch Tuesday
Read Time:5 Second
October’s Patch Tuesday saw Microsoft patch over 100 CVEs including five zero-day vulnerabilities
Ivanti CSA (Cloud Services Appliance) zero-day Attack
Read Time:1 Minute, 46 Second
What is the Attack?Attackers are actively exploiting multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance) that could lead an attacker to gain admin access, bypass security measures, run arbitrary SQL commands, and execute code remotely.The FortiGuard Incident Response (IR) team has been engaged in one of the compromised CSA (Cloud Services Appliance). As the investigation is still ongoing, more details about the campaign will be provided once available. CVE-2024-9379: SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.CVE-2024-9380: An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.CVE-2024-9381: Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.CVE-2024-8963: Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.What is the recommended Mitigation?Ivanti has released updates for Ivanti CSA (Cloud Services Appliance) which addresses these vulnerabilities. Security Advisory Ivanti CSA (Cloud Services Appliance)In the advisory, Ivanti has mentioned that they have observed limited exploitation of CSA 4.6 when CVE-2024-9379 or CVE-2024-9380 are chained with CVE-2024-8963.What FortiGuard Coverage is available?FortiGuard recommends users apply the vendor’s fixes as mentioned in the advisory. FortiGuard Web Filtering service has blocked all the known Indicators of Compromise (IoCs) captured during the IR engagement.FortiGuard Antivirus service has blocked all the known malware used by the threat actor in the related campaign.FortiGuard IPS protection is available for CVE-2024-8963 “Ivanti.Cloud.Service.Appliance.datetime.Command.Injection” to defend against the attack targeting the vulnerable Ivanti CSA systems.FortiGuard IPS protection is currently being investigated for CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.
ZDI-24-1333: NVIDIA Onyx Directory Traversal Remote Code Execution Vulnerability
Read Time:13 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NVIDIA Onyx switches. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-0113.
Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution
Read Time:46 Second
Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution.
Ivanti EPMM is a mobile device management solution designed to secure mobile devices, apps and content.Ivanti Cloud Service Appliance (CSA) is an Internet appliance that provides secure communication and functionality over the Internet.Ivanti Velocity License Server is a server solution that ensures mobile devices have appropriate licenses for accessing business systems.Ivanti Avalanche is a mobile device management solution securing mobile devices across enterprise environments.Ivanti Connect Secure/Policy Secure is a VPN security solution.
Successful exploitation could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
DSA-5787-1 chromium – security update
Read Time:9 Second
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.