BE ON THE LOOKOUT – to our peers in the industrial manufacturing, shipping, and logistics industries, there is an active adversary purchasing look-alike domains to execute business email compromise against you.
The Bottom-Line Up Front: The threat from insiders is often the least considered—but arguably the most dangerous—type of cyber threat companies face. Time and time again, however, we are reminded that ignoring this threat is a serious mistake. The question then becomes: what is your company doing to mitigate the threat from insiders?
A host header injection vulnerability has been discovered in SecZetta's NEProfile product. Authenticated remote adversaries can poison the host header resulting in the attacker controlling response 302 execution flow. The issue affects version 3.3.11 and has not been tested on other versions of the product.
German soldiers parade on the Champs Élysées on 14 June 1940 (Bundesarchiv)
The Bottom-Line Up Front: Don't assume your defenses are effective; instead, continuously test and probe them for weaknesses, because that is what your adversary is doing. These are lessons that have been painfully learned, both in the annals of military history and corporate conference calls following a major data breach.
Justin Jackson - Director, Revenue Operations Sometimes marketer. Aspiring analytics nerd. Donut lover.
The Bottom-Line Up Front: Cyber adversaries thrive in times of chaos and they have rapidly pivoted to take advantage of the current situation. Right now, they are hard at work launching COVID-19 related attacks against companies and their employees.
Are the defensive controls you had in place 3-months ago sufficient today?