February | No Love for Cyber Risk
Welcome to the February Edition of The Watch, featuring cyber intel from Deepwatch Labs, information security news, industry insights, and upcoming Deepwatch events. Hit the subscribe button to stay in the know!
📰 IN THIS ISSUE:
🎙️ Welcome to the Deepwatch Overwatch Podcast
Join Deepwatch experts in discussing how they handle complex operations and the best practices they have developed over years of effective security operations in our new cybersecurity podcast.
We kicked off episode 1 by taking a look back at the 2023 cybersecurity landscape, discussing:
A New Service from Deepwatch
Threat Signal, our new standalone forensic-focused operations service, finds advanced cyber threats that have bypassed existing controls by providing deeper insight into your threat landscape. This specialized solution goes deeper than conventional security measures, providing a heightened level of confidence in uncovering and addressing any underlying threats within your organization.
💡 Insights Blog: Security Leader’s TLDR: Facts & Action to Take on Ivanti Zero-day CVEs
Written by: Bill Bernard, VP of Security Strategy
Ivanti's remote access solutions were impacted by a zero-day issue that allows unauthenticated, remote code execution. Viable mitigation has been slow to arrive.
Patches were scheduled to start rolling out for some versions the week of January 22 and continue to roll out for other versions through mid-February. These vulnerabilities are currently being attacked by malicious actors.
While these vulnerabilities are being actively exploited in the wild, we don’t know how widely this will be exploited, and with patches being delayed, we can only assume exploitation will continue. Visit this Ivanti update page for the latest patches.
➡️ Here is a TL;DR blog regarding the details of this incident.
💻 Deepwatch Threat Intelligence
Deepwatch provides curated cybersecurity threat intelligence to keep your organization and SOC ahead of the latest security threats and zero-day vulnerabilities. Below are a few top cyber threats & insights from the past month.
🚨 New qBit Infostealer, Cybercriminals Utilize Microsoft’s App Installer to Deploy Malware, and a Google Exploit Restores Expired Cookies to Allow Persistent Access
🚨 NVIDIA Executable for DLL Sideloading, Phishing with AsyncRAT, and Compromised YouTube Channels Spread Lumma Stealer
🚨 Github Abuses, Ivanti Connect Secure VPN Compromises, New Cloud Hacking Tool FBot, and Phemedrone Infostealer Targets Microsoft Windows Defender SmartScreen
🚨 Androxgh0st Spooks Targets, Iranian APT Spear Phishing, North Korean ScarCruft Campaign Planning, and Critical Vulnerabilities in Confluence
Recommended by LinkedIn
→ Subscribe to Deepwatch Labs to stay up-to-date on the latest cyber threat intelligence, advisories, and recommendations.
👉 The Results Are In: No Love in Ransomware Resilience
In a recent LinkedIn poll, we emphasized how your ability to detect #ransomware in time can keep your organization out of the news and prevent damage to your brand. We asked our audience if they are currently confident in their organization's ability to successfully and quickly recover from a ransomware attack.
Out of those who responded, 73% said "No", and 27% stated, "We're getting there".
Not one individual responded with "Yes".
The results of this poll are reflective of organizations within today's threat landscape lacking a strong cyber resilient strategy that they can be confident in.
As a reminder, we define cyber resilience as an organization's ability to anticipate, withstand, recover, and adapt in the face of evolving security challenges. Cyber threats are growing in complexity and security teams should understand attacks are now inevitable.
A few tips for enhanced cyber resilience:
➡️ Review the basics and prioritize updates or changes to improve your cybersecurity awareness and response.
➡️ Conduct assessments of your tool utilization, tool updates, gap awareness, log ingestion trends, and other key security metrics.
➡️ Consider threats unique to your industry, such as finance or healthcare, and review recent or upcoming changes to regulatory requirements.
Follow Deepwatch for more insights on how to become threat ready, building confidence in your team's ability to recover from anticipated attacks.
📈 Trending Infosec Updates
🎙 ICYMI...
Our CEO, Charlie Thomas , recently sat down with The Cred Podcast to discuss valuable insights into the world of cybersecurity, decision-making in leadership, and the future trajectory of Deepwatch as a resilient and growth-focused organization.
🎙️ Take a listen.
💼 Find Your Career With Deepwatch!
We’re Hiring!
Our unique, fully remote work environment is developed with employee needs in mind, giving you the flexibility and benefits to make your career what you want. Explore current opportunities and learn how it feels to be part of a team of professionals who are passionate about driving positive change in the cybersecurity industry.
View all open positions on our website here.
About Deepwatch
Deepwatch® is the leading managed security platform for the cyber resilient enterprise. The Deepwatch Managed Security Platform and security experts provide enterprises with 24/7/365 cyber resilience, rapid detections, high fidelity alerts, reduced false positives, and automated actions. We operate as an extension of cybersecurity teams by delivering exceptional security expertise, visibility across your attack surface, precision response to threats, and a compelling return on your security investments. The Deepwatch Managed Security Platform is trusted by many of the world’s leading brands to improve their security posture, cyber resilience, and peace of mind. Learn more at www.deepwatch.com.
Follow Deepwatch on LinkedIn and X (formerly Twitter).