Nation-State Actors Continue to Mount Campaigns Against Critical Infrastructure
This is the monthly zero trust cybersecurity newsletter highlighting key news and actionable insights for enterprises looking to stop the next cyberattack by land, by sea, or in space. Our Cyber Risk Roundup offers a quick peek at this month's big stories.
🧂🌀 A Chinese state-sponsored hacking group, Salt Typhoon, infiltrated major U.S. telecommunications networks, including T-Mobile, AT&T, Verizon, and Lumen Technologies. The breach aimed to spy on senior national security officials, creating critical national security concerns.
🌙❄️ The nation-state-backed group, Midnight Blizzard, is conducting a sophisticated spear-phishing campaign targeting critical sectors like government, NGOs, academia, and defense organizations. By exploiting Remote Desktop Protocol (RDP) files, attackers gain extensive access to sensitive data.
🪲 Palo Alto Networks revealed CVE-2024-0012, a critical flaw in PAN-OS that allows attackers to bypass authentication and gain admin access via the management interface. Patches are available, and restricting interface access to trusted IPs is advised.
⚠️ A zero-day vulnerability in Fortinet's Windows VPN client has been exploited using the DeepData malware framework, developed by the China-linked threat actor BrazenBamboo. Despite being reported in July 2024, this vulnerability remains unpatched.
Get the above stories and more in our November Cyber Risk Roundup. Keep scrolling for cyber guides, deep dives, and upcoming events.
Highlights
Introducing Xage XPAM: Taking Security Beyond Legacy PAM Limitations
Xage launched Extended PAM (XPAM) to address gaps left by legacy PAM, providing protection from day one, greater coverage, and superior total cost of ownership. Learn more and watch a demo of the solution in our blog.
ESG Solution Showcase Shows How Xage is Changing the PAM Game
Analyst firm Enterprise Strategy Group (ESG) highlights how Xage XPAM redefines PAM. Read the full whitepaper for insights on how XPAM delivers unmatched security for every identity, account, and asset.
Forbes Tech Council: Privilege Escalation Threats Are on the Rise – What to Do
Privileged access is a prime target for cyber attackers. In his latest Forbes article, Xage CEO, Geoffrey Mattson, underscores the need to rethink traditional PAM models to combat privilege escalation threats effectively.
On Entrepreneurship, Product Development, and Cybersecurity
Xage co-founder, Roman Arutyunov, joined The Scale Up Show to share his journey in cybersecurity, the founding of Xage to secure critical infrastructure, and the pivotal role of crafting a delightful user experience in product development.
Recommended by LinkedIn
Events
CDCA Eastern Defense Summit December 11-12th
Xage Government is proud to sponsor the CDCA Defense Summit 2024, a leading event for defense innovation and cybersecurity. Join us in Charleston, SC, to explore how Xage’s zero trust solutions are securing critical infrastructure and advancing national security.
Ditch Legacy PAM: How Xage Is Changing the Rules of Privileged Access
Enterprise Strategy Group’s Todd Thiemann and Xage Security’s Vishal Gupta join this webinar to discuss attack trends, challenges with legacy PAM, and what sets aside Xage’s modern approach to Extended PAM.
Strengthening Defenses: Counter Nation-State Threats Like Volt Typhoon in Critical Infrastructure
Join Dragos and Xage for a webinar where we explore strategies of how to defend against nation-state cyber adversaries targeting critical infrastructure, including threats like Volt Typhoon
Infinite Paths to Achieving CMMC 2.0 Success
With a deadline on the horizon, CMMC 2.0 implementation is top of mind. Unfortunately it’s not as simple as following a recipe—the path to success varies widely based on the specifics of your organization and environment. In this webinar, we’ll discuss the requirements of CMMC and how getting it right varies depending on your systems and setup.
Xage Security In the News
Forbes, Industrial Cyber, and more
Xage got a lot of mentions and publications in the press this month. Visit our press page to check them out.