The newly discovered threat group compromises companies and then moves laterally on the network, exfiltrating data, logging keystrokes and more along the way.
The federal government's vulnerability disclosure policy platform has taken in more than 1,300 unique valid bug reports in its first 18 months.
A detailed analysis of the activities of the Lapsus$ hacking group by the Cyber Safety Review Board shows that a focus on the basics and better usage of IAM and MFA technologies are highly effective defenses.
An analysis by CISA of commonly exploited vulnerabilities in 2022 shows that most of the targeted flaws are at least a year old and many are much older than that.
A new CISA analysis of risk and vulnerability assessments at government agencies shows that the use of valid credentials and spear phishing are still the most effective initial access vectors.