Over the last week, the widely reported critical security flaw in the Progress MOVEit Transfer application (CVE-2023-34362) reminded us yet again to remain vigilant in securing our IT infrastructure from potential cyber threat actors.

Gartner® recently published a report called, Emerging Tech: Grow Your Security Service Revenue with Cybersecurity Validations. We believe the report provides research from a buyer’s perspective on security services they purchase while offering guidance to MSPs and MSSPs on how to improve retention and upsell rates of the critical services they provide. So, what has Gartner discovered, and what do they recommend?

In early 2023, CISA launched their Ransomware Vulnerability Awareness Pilot (RVWP). It’s designed to warn critical infrastructure (CI) entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors. The plan is to identify affected systems that may be prevalent in CI networks, then notify operators about potential risk of exploitation. The idea behind this is to enable timely mitigation measures before the damage is done in the context of ransomware attacks.

On 10 March, Silicon Valley Bank (SVB) – a popular institution for the venture capital community in the Bay area – failed when venture capitalists (VCs) quickly started to pull money out of the 40-year-old bank, causing federal regulators to step in and shut its doors before more damage could be done. These are the perfect conditions for threat actors to steal several million dollars (and perhaps much more!).

A series following Horizon3.ai teammate Brian Marr’s “journey to secure” – detailing the logic and items that he uses to understand the business, current security state, and leadership visions for building an internal security program.

Attackers don’t need to hack in – they log in. This is why we believe Credentials are the new RCE. 

Over the past year, Horizon3.ai pentests revealed cybersecurity vulnerability trends across multiple industry sectors around the globe.

Learn how you can use NodeZero to get the Most From TrendMicro Apex One EDR, ensuring you stop, alert, log, and detect activity by bad actors.

As we approach the holiday season, it is important that our customers remain stay and continue a regular cadence of autonomous pentests. Although it’s the time of year for holiday cheer, we’ve seen cyber threat actors (CTAs) take advantage of lackadaisical company manning and low staff.

Verifying credentialed access to your hybrid cloud sprawl matters more than ever. See example attack paths to understand risks to AWS cloud.