Threat Landscape Briefing – August 2023

In this month’s briefing we explore:

• The rise of exfiltration-only ransomware attacks (01:08)
  • The rise of exfiltration-only attacks brings home the importance of building a holistic ransomware resilience strategy.
  • See Info-Tech’s Build Resilience Against Ransomware Attacks.
• VMware releases Aria Operations for Logs 8.12 to address multiple security defects (03:47)
  • This latest series of vulnerabilities is not indicative of any deficiency within the company, but rather the rigor necessary to effectively maintain infrastructure and software components.
  • See Info-Tech’s Implement Risk-Based Vulnerability Management.
• CISA sets deadline for government agencies to patch Adobe ColdFusion servers (07:28)
  • The real challenge with vulnerability management isn’t just finding the weak spots and fixing them; it’s doing so in a way that won’t break something else and cause another problem.
  • See Info-Tech’s Implement Risk-Based Vulnerability Management.
• Security risks from GIGABYTE App Center backdoor (08:44)
  • In the case of such a widespread product backdoor, it represents a supply chain risk for organizations with GIGABYTE system components. These types of issues expose organizations to a wide range of risks and attack scenarios.
  • See Info-Tech’s Build a Vendor Security Assessment Service.
• Cybersecurity advisory issued by US and Canadian authorities on Truebot (12:20)
  • The joint effort of two national security agencies depicts the importance of the warnings sent out to organizations.
  • See Info-Tech’s Develop and Implement a Security Incident Management Program.
• Quantum leap: Magnetic twist unleashes fault-tolerant qubits (15:11)
  • You need to act now to begin your transformation to quantum-resistant encryption. Organizations must proactively initiate their transition toward quantum-resistant encryption to ensure data protection.
  • See Info-Tech’s Prepare for Post-Quantum Cryptography.