New zero-day exploits. Airports under attack. Privilege escalation patches - August 2024 Cyber Risk Roundup
This is the monthly zero trust cybersecurity newsletter highlighting key news and actionable insights for enterprises looking to stop the next cyberattack by land, by sea, or in space. Our August 2024 Cyber Risk Roundup blog post offers a quick peek at this month's big stories.
🇨🇳🖥️ New 0-day vulnerabilities in U.S. internet infrastructure are thought to be exploited by Chinese APT “Volt Typhoon” as reported by KrebsOnSecurity and others.
✈️🚢 Sea-Tac Airport and maritime ports are reported to be isolating systems and reverting to manual systems, even hand-writing boarding passes after a cyberattack. This adds to the growing list of airports and seaports experiencing operational disruptions due to security incidents.
⛽🏭 Halliburton hacked? Details are still coming out, but having another oil and gas giant in the headline for a cyber incident adds to the urgency of increased security in the industry.
💾 🪪 Was personal data for 3 billion people leaked by a data aggregator firm? This one is bad, and also complicated.
☀️ Is Europe’s largest solar energy grid vulnerable to attack? A researcher demonstrated the ability to take over ~4 million smart solar arrays. What comes next?
📈 August’s Patch Tuesday was almost 50% privilege escalation vulnerabilities, way more than any other type. Does this reveal a trend in cyberattacker behavior?
🏢🧑💼Boards of Directors are focusing more on cybersecurity as the financial impact of attacks rise and SEC rules on disclosure and individual accountability drive urgency. But how can the board and the CISO work together on cybersecurity? Read more below, and join our upcoming webinar to hear from experienced CISOs and board advisors.
Get the above stories and more in our August 2024 Cyber Risk Roundup. Keep scrolling for cyber guides, deep dives, and upcoming events.
Highlights
Stopping a Critical ESXi Vulnerability being Exploited for Ransomware
Learn how a recent hypervisor vulnerability is being exploited for ransomware, and how to protect your critical assets against privilege escalation and lateral movement.
Privilege Escalation Attacks: A Primer Based on Real World Examples
Almost half of the vulnerabilities from the August Patch Tuesday were elevation of privilege attacks. This tactic is a fundamental, and possibly growing part of every major cyberattack. Now is the time to learn more about how privilege escalation works, and how to stop it. You can start here.
Bringing Zero Trust Security to Autonomous Industrial Operations
Yokogawa Engineering Asia is a huge provider of autonomous industrial operations for manufacturers and other industries. Xage and Yokogawa have partnered to secure these critical autonomous systems.
Password Rotation: A Critical Defense Against Cyberattacks
Valid accounts are one of the top methods attackers use for initial intrusion and lateral movement. Rotating passwords automatically and securely helps stop attackers before they get started. Learn more in our blog post (or get the speedy version in the embedded 2-minute video)
Recommended by LinkedIn
The ROI of Zero Trust Access and Cybersecurity
We conducted research and customer interviews to understand how zero trust access was delivering return on investment for Xage customers, and came back with some incredible numbers. One customer saved $1 million a year in OT maintenance costs with Xage. Read the post and try our ROI calculation for yourself.
Events
National Cyber Summit in Huntsville
Xage will be a sponsor at the upcoming National Cyber Summit in Huntsville, AL September 24-26th - stop by to see Xage Government at Booth #1111 where we will discuss all things zero trust for mission operations.
Webinar: Cyber Risk & The Board of Directors: CISO Topics & Strategies to Level Up Your “Board” Game
Join a fireside chat with Victor Chang, a longtime CISO and advisor to many company boards, and Mathieu Gorge, Founder at Vigitrust and Author of The Cyber Elephant in the Boardroom. Victor and Mathieu will discuss how both sides of the table, from CISO to Board Chair, can ask the right questions and collaborate effectively to assure the security of their companies.
When: September 4, 10AM PT
Webinar: Is my VPN Trying To Kill Me?
Chase “Dr. Zero Trust” Cunningham and Roman Arutyunov got together to talk about the growing risk of relying on VPNs for security. As widely deployed VPNs like Ivanti are revealed to be staggeringly vulnerable, now is the time to adopt different technology for remote access.
When: On Demand
Xage Security In the News
Forbes, Manufacturing.Net, Industrial Cyber, Digital Journal, and more published Xage
Xage got a lot of mentions and publications in the press this month. Visit our press page to check them out.
Want more insights from Xage?
👉 Follow us on LinkedIn for daily actionable info.