Patching vulnerabilities is a difficult task. Keeping up with and patching them without disrupting users’ experience is tricky. Nonetheless, it is a necessary evil and crucial to cybersecurity hygiene and incident prevention.

On March 12, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued three Cybersecurity Alerts for Adobe, Microsoft, and Fortinet security patches.

The

To help organizations protect against ransomware, CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a cybersecurity advisory  warning organizations about the Phobos ransomware, and provided indicators of compromise and tactics, techniques, and procedures used by Phobos as recently as February.

According to the advisory, Phobos has been attacking “municipal and

Mercedes-Benz reportedly suffered a security incident that exposed confidential source code on an Enterprise Git server. The incident occurred due to a compromised GitHub exposed by an employee. Although the incident occurred on September 29, 2023, it wasn’t discovered until January 11, 2024. A cybersecurity firm discovered the token during an internet scan and informed

On December 15, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) issued a Secure by Design Alert and guidance on “How Manufacturers Can Protect Customers by Eliminating Default Passwords.”

The guidance was created by CISA to “urge technology manufacturers to proactively eliminate the risk of default password exploitation by implementing principles one and three of

According to new reporting from Reuters, cybercriminals are exploiting Wyoming’s limited liability corporation law to set up legitimate-seeming endpoints for illicit traffic. Filtering traffic through the United States allows criminals to evade detection by their targets and law enforcement. Wyoming’s LLC governance system, often promoted as being business-friendly and user-friendly, enables criminals to create

On November 13, 2023, Governor Kathy Hochul released proposed cybersecurity regulations applicable to all hospitals located within the state of New York. The Governor has included $500 million in grant funding in her FY24 budget to assist health care facilities with upgrading their systems to comply with the new requirements.

According to the Governor’s press

The Federal Communications Commission (FCC) has announced its proposal to create a Schools and Libraries Cybersecurity Pilot Program that would help K-12 schools and libraries protect their broadband networks and data from cyber threats. The pilot program is part of the FCC’s Learn Without Limits initiative, which aims to ensure connectivity and digital equity for

In a first, bold move by the Securities and Exchange Commission (SEC) following its new Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, issued on July 26, 2023, this week, the SEC filed suit against SolarWinds and its Chief Information Security Officer (CISO) alleging that SolarWinds and its CISO

The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and MS-ISAC recently released an urgent Joint Advisory on the Atlassian Confluence Vulnerability CVE-2023-22515.

According to the Alert, “this critical vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious threat actors to obtain initial access to Confluence instances by creating unauthorized Confluence administrator