Vmware Pushes Admins To Uninstall Vulnerable, Deprecated Vsphere Plugin 
The vulnerabilities haven’t been and won’t be fixed. Instead, VMware is urging admins to remove the EAP plugin. Read More

As the digital landscape evolves, so do the threats facing all organizations, especially as they move their operations to the cloud. Projections indicate that by 2025, a staggering 85% of organizations will rely on cloud-native platforms.

With this shift comes increased interest from malicious actors looking to exploit vulnerabilities and gain access to sensitive data of all types. In light of this, advanced penetration testing techniques are necessary to counter the ever-changing cloud security threat landscape.

In this article, we will explore seven key strategies through which penetration testing can fortify your cloud infrastructure, ensuring its resilience against potential threats including data exfiltration.

Critical Shim Bug Impacts Every Linux Boot Loader Signed In The Past Decade 
There are currently 5 vulnerabilities in Shim that could allow a network attacker to bypass secure boot and take over a vulnerable Linux system. Read More

With the digital landscape constantly changing, it's crucial to stay ahead of cybersecurity threats, and advanced penetration testing is a key strategy for strengthening your organization’s defenses.

As businesses grapple with increasingly sophisticated cyber threats, the field of penetration testing continues to evolve, giving rise to new and innovative methodologies.

Biggest Data Leak in History Exposes 26B Records
Most of the exposed data, found on an open instance likely owned by a threat actor or data broker, was from the Chinese instant messaging app Tencent QQ. At the same time, Weibo, MySpace, Twitter, and Wattpad also had hundreds of millions of leaked credentials and other information. Read More

Massive Comcast Xfinity Data Breach Impacts 36 Million Customers
Comcast disclosed that hackers exploited a Citrix vulnerability between October 16 and October 19, 2023. Read More

Attack surface discovery is a crucial component of any organization’s cyber security strategy, allowing teams to identify potential entry points – also known as attack vectors – that could present a cyber threat. Without proper attack surface management, organizations risk exposure to breaches in systems, devices, and the overall network.

Happy New Year and Thank You to Our 7,000+ Readers!

Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day 
China-linked hackers continue to target Barracuda Email Security Gateway (ESG) appliances, with recent attacks involving the exploitation of a new zero-day vulnerability. Read More

FBI Explains How Companies Can Delay Sec Cyber Incident Disclosures
The FBI worked with the Department of Justice to create a guidance document for victims about how companies can “request disclosure delays for national security or public safety reasons.” Read More

Organizations today are in a relentless battle against cyber threats, a challenge magnified by the ever-expanding digital landscape. Companies in a risky environment must protect against both known and unknown threats to their digital infrastructure.

This is where the critical roles of attack surface management (ASM) and vulnerability management (VM) come into play. Imagine navigating a complex network of digital assets, each a potential gateway for cyber attacks. Securing gateways is challenging as organizations depend more on digital operations, making the stakes higher than ever.

This article explains the difference between ASM and VM and advises on what to do during an attack.