By Sadiq Iqbal, Security Engineering Manager and Check Point Evangelist. It might be on the ‘to-do’ lists of many CISOs, yet the adoption of zero trust security architectures by Australian organisations is taking place more slowly than in other parts of the world. Zero trust is a security framework that takes a ‘never trust, always […]

The post Why Australian companies need to adopt zero trust… now appeared first on CyberTalk.

The Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform are both affected by a serious vulnerability that might allow remote attackers to counterfeit credentials and bypass authentication. Cisco BroadWorks is a cloud communication services platform used by both businesses and consumers. The other two components mentioned are used for app management and […]

The post Cisco BroadWorks Is Affected by a Critical-Severity Vulnerability appeared first on Heimdal Security Blog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a new critical-severity vulnerability to its KEV catalog. The issue is tracked as CVE-2023-33246 and it affects Apache’s RocketMQ distributed messaging and streaming platform. Exploiting the vulnerability is possible without authentication and has been leveraged actively by threat actors since at least June. Multiple threat actors […]

The post Warning: RocketMQ Vulnerability Actively Exploited by Threat Actors appeared first on Heimdal Security Blog.

EXECUTIVE SUMMARY: Key highlights In 2022, a small number of public companies (86 total) linked chief executive pay to cyber security. These companies included U.S. pharmaceutical giant Johnson & Johnson, the London Stock Exchange Group and Paragon Banking Group. Linking bonus pay to cyber security may make organizations more secure, according to recent research. Executive […]

The post Damaging hack? Compensation could be in the balance appeared first on CyberTalk.

This week, we discuss security issues at the Electoral Commission, Meta’s appeal against daily GDPR fines, and a breach affecting 10 million users of the French unemployment agency Pôle emploi. Also available on Spotify, Amazon Music, Apple Podcasts and SoundCloud. Transcript: Hello and welcome to the IT Governance podcast for Friday, 8 September 2023. Here’s the news: As discussed in our 11 August podcast, the Electoral Commission issued a public notification of what it called a “complex cyber-attack” on 8 August, in which “hostile actors” gained access to the UK’s electoral registers, which contain somewhere in the region of 46 million people’s personal information. According to the

The post IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi appeared first on IT Governance UK Blog.

Minneapolis Public Schools (MPS) recently disclosed the full extent of a data breach from earlier this year, affecting more than 105,000 individuals. The breach, initially attributed to the Medusa ransomware group, compromised a wide range of personal information. The Breach and Investigation The incident, which began on February 6, 2023, and lasted until at least […]

The post Minneapolis School District Reveals Full Extent of Data Breach appeared first on Heimdal Security Blog.

ASUS routers have come under the spotlight due to three critical remote code execution vulnerabilities. These vulnerabilities pose a significant threat, with all three receiving a CVSS v3.1 score of 9.8 out of 10.0. They can be exploited remotely and without authentication, potentially leading to remote code execution, service interruptions, and unauthorized operations on the […]

The post Vulnerabilities Uncovered: Critical Remote Code Execution Risks in ASUS Routers appeared first on Heimdal Security Blog.