Google-owned cybersecurity provider Mandiant has launched Mandiant Proactive Exposure Management offering, a suite of products and services to help organizations focus on “attackable exposures” rather than just vulnerabilities.

“Exposures go beyond vulnerabilities and are potential exploitable entry points that can be used by an adversary to gain initial compromise into an organization or supply chain ecosystem,” said Michael Armistead, director of outbound product management at Google Cloud Security. “An exposure could be a vulnerability, a server misconfiguration, or a security control missing detections for specific indicators of compromise (IOCs) or commonly used threat actor tactics, techniques, and procedures (TTPs).”

To read this article in full, please click here

Cybersecurity firm Trellix analyzed the activity of an emerging cybercriminal group called ‘Read The Manual’ RTM Locker. Researchers from cybersecurity firm Trellix have detailed the tactics, techniques, and procedures of an emerging cybercriminal gang called ‘Read The Manual RTM Locker. The group provides a ransomware-as-a-service (RaaS) and provides its malicious code to a network of […]

The post RTM Locker, a new RaaS gains notorieties in the threat landscape appeared first on Security Affairs.

Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company’s MyBB forum database containing user data and private messages.
What’s more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace.
“MyBB admin logs show the account of a trusted but currently

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The two flaws are listed below –

CVE-2023-20963 (CVSS score: 7.8) – Android Framework Privilege Escalation Vulnerability
CVE-2023-29492 (CVSS score: TBD) – Novi Survey Insecure Deserialization Vulnerability

In today’s fast-paced and ever-changing digital landscape, businesses of all sizes face a myriad of cybersecurity threats. Putting in place the right people, technological tools and services, MSSPs are in a great position to ensure their customers’ cyber resilience. 
The growing need of SMEs and SMBs for structured cybersecurity services can be leveraged by MSPs and MSSPs to provide strategic

Chinese video surveillance giant Hikvision addressed a critical vulnerability in its Hybrid SAN and cluster storage products. Chinese video surveillance giant Hikvision addressed an access control vulnerability, tracked as CVE-2023-28808, affecting its Hybrid SAN and cluster storage products. An attacker with network access to the device can exploit the issue to obtain admin permission. The […]

The post Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products appeared first on Security Affairs.