verlaine j muhungu

CompTIA announced it is developing a new certification focused on core cybersecurity skills for operational technology (OT) environments. The upcoming SecOT+ certification targets the persistent gap between #OT and IT expertise. It aims to equip #cybersecurity professionals, ranging from floor technicians and #industrial engineers to cybersecurity engineers and network architects, with a unified skill set to detect, mitigate, and respond to security threats in #manufacturing and #criticalinfrastructure environments. Detailing how the introduction of CompTIA’s SecOT+ certification reshapes the talent pipeline and workforce readiness in critical infrastructure sectors, James Stanger, chief technology evangelist at CompTIA, told Industrial Cyber that the #organization has several goals in mind regarding the development of #cybersecuritytalent. “First, it should help workers enter into the OT world more quickly. No one has ever tried that before on the scale we have in mind,” Stanger said. “Second, it should help traditional OT workers understand how IT security works. OT workers have traditionally focused on availability, more than confidentiality, integrity, #authentication, and #encryption. Because OT is a fundamental part of the world’s critical infrastructure, and because OT and IT technologies are now being combined, it is vital that OT workers become literate about IT technology concerns, as well.” https://lnkd.in/gAzU8uct

164

11 Comments

Fragmented tools are failing SOC teams in the cloud era! For the first time, security teams can detect novel cloud threats in real time, automatically investigate them with forensic depth, and respond decisively — all within a single solution built for hybrid and multi-cloud environments. Read the full blog! 👇 🔗 https://lnkd.in/gYAaEdpm

67

Human-operated ransomware attacks frequently involve compromising domain controllers, which attackers then use as the primary spreader device — the system responsible for distributing ransomware at scale within a compromised environment. Ransomware threat actors exploit domain controllers to fulfill two requirements that are critical to deploying ransomware on multiple devices simultaneously: access to high-privilege accounts and central network assets. Compromising a domain controller allows threat actors to extract password hashes as well as create and elevate privileged accounts to facilitate lateral movement. Domain controllers also provide access to many endpoints in the network and can be exploited to rapidly deploy ransomware across an environment. Security teams constantly face the complex challenge of striking the right balance between security and operational functionality when it comes to protecting domain controllers. Unlike other endpoints, domain controllers must remain highly accessible to authenticate users, enforce policies, and manage resources across the environment, making it difficult to apply traditional security measures without disrupting business continuity. To address this challenge, we have expanded our contain device capability in Defender for Endpoint to include granular containment of critical assets such as domain controllers through automatic attack disruption. This means that if domain controller is compromised, it is immediately contained in less than three minutes, preventing the threat actor from moving laterally and deploying ransomware, while at the same time maintaining the operational functionality of the device. The expansion also adds containment of IP addresses linked to undiscovered devices, which can identify and incriminate malicious IP addresses linked to unmanaged or undiscovered devices and automatically contain those IPs, preventing attackers from getting their foot in the door through vulnerable, unmanaged devices. Learn more about this update through our blog: https://msft.it/6047qFEZl More details on these automatic attack disruption enhancements are available through our tech community blog, and official documentation: https://msft.it/6048qFEZm https://msft.it/6049qFEZW

244

10 Comments

✅ Penetration Testing Best Practices Checklist Navigating the world of cybersecurity can be challenging, but effective penetration testing (pentesting) is crucial for safeguarding your organization. Here’s a quick checklist to optimize your pentesting efforts: 1. **Define Your Objectives**: Understand why you're conducting a pentest. Align your goals with the outcomes you seek—security improvement, compliance, or customer reassurance. 2. **Know Your Pentests**: Differentiate between internal vs. external pentests, vulnerability assessments, and security audits. Clarity here is key! 3. **Threat Enumeration**: Assess risks to identify areas most vulnerable to attacks. Where is your sensitive data? Are you using outdated applications? 4. **Scope and Budget**: Clearly define the scope and ensure your budget aligns with your objectives. Remember, you often get what you pay for! 5. **Prepare the Environment**: Ensure a controlled environment for testing, minimizing disruptions during the process. 6. **Communication is Key**: Keep your team informed and available for questions during the pentest. Clear communication can prevent misunderstandings. 7. **Post-Test Actions**: After the pentest, review the findings, prioritize vulnerabilities, and schedule retests as necessary. 👉 Let's make the daily red team a priority! #PenetrationTesting #Cybersecurity #InfoSec #SecurityAwareness #BestPractices #dailyredteam #VulnerabilityManagement #Sqreen

304

7 Comments

Organizations need a Risk Operations Center: a strategic, always-on command center for cyber risk. Built right, it's not just a control tower – it’s a business enabler, writes Maman Ibrahim on the ISACA Now blog: https://lnkd.in/gtJbMvXw

76

2 Comments

Nation-state actors are targeting core infrastructure like telecom networks, ISPs, and internet routing systems by leveraging lawful intercept tools and AI-powered social engineering to carry out long-term, strategic espionage — often undetected for years. Gregory Richardson, Vice President, Advisory CISO at BlackBerry, explains how campaigns like Salt Typhoon are forcing CISOs and telecom leaders to rethink their security priorities. Read the full Help Net Security interview: https://lnkd.in/dwJCd6KQ #BlackBerry #SecureCommunications #ZeroTrust #SaltTyphoon 

47

⚡ SOC Analysts Are Burning Out! Manual tasks, false positives, and tool overload—AI is the solution SOC teams need NOW. AI enables faster research, quicker analysis, and smarter responses to emerging threats. Learn more: https://lnkd.in/dnCUYkxJ

33

4 Comments

🚨 On September 25, 2025, #Cisco published advisories for 3 vulnerabilities affecting multiple different Cisco products. CVE-2025-20333 & CVE-2025-20362 are known to be exploited in the wild, while the third vuln, CVE-2025-20363, is said to be at high risk thereof. Find mitigation guidance and more in the Rapid7 blog: https://r-7.co/4pLZs0Y

50

We are scanning for & reporting Nakivo Backup & Replication CVE-2024-48248 (arbitrary file read) vulnerable instances in our Vulnerable HTTP report: https://lnkd.in/dX7Afu4a. ~208 vulnerable instances seen 2025-02-26 Dashboard map view of vulnerable instances: https://lnkd.in/dpB7hrSP Data is tagged 'vulnerable-nakivo-backup' since 2025-02-13 thanks to watchTowr. We have also added the 'cve-2024-48248' tag as well starting today. These kind of products have historically been targeted by ransomware operators. If you run Nakivo, make sure to update your instance to the latest version! (vulnerability was silently patched 2024-11-04). For an in-depth analysis of the vulnerability, please read the watchTowr blog at https://lnkd.in/esdzVTGv #cybersecurity #vulnerabilitymanagement #riskmanagement #situationalwareness #threatintelligence #attacksurface #shadowserver #CyberCivilDefense

25

1 Comment

SOC analysts face hundreds of alerts every day. Multi-layered detections provide context that cuts investigation time and reduces false positives—so analysts can respond faster and with confidence. 👉 See how layering your detection helps clarify and accelerate response. Learn more: https://lnkd.in/gBgsYyUC

26

1 Comment

OT Owners & Operators: Cyber threat actors can exploit products lacking #SecureByDesign principles such as weak authentication and limited logging. We know that it is difficult and costly for asset owners to defend against these threats if security is not considered and implemented in the design and development of OT products. https://go.dhs.gov/Ujv Our 🆕 guide, created with global partners provides a comprehensive overview of how you can integrate 🔒 security into your procurement process when purchasing industrial automation and control systems, as well as other OT products. 👉 https://go.dhs.gov/Ujv

75

2 Comments

𝗜𝘀 𝘆𝗼𝘂𝗿 𝗰𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗽𝗿𝗼𝗴𝗿𝗮𝗺 𝘁𝗿𝘂𝗹𝘆 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝘁? With 𝗦𝗲𝗰𝗲𝗼𝗻 𝗮𝗶𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗦𝗰𝗼𝗿𝗲𝟯𝟲𝟬 & 𝗕𝗜𝟯𝟲𝟬, you gain more than just visibility - you gain actionable intelligence to stay ahead of evolving #cyberthreats. 𝗞𝗲𝘆 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀:  • Unified visibility into internal & external attack surfaces (networks, endpoints, #cloud, #OT, #IoT)  • Continuous compliance reporting across NIST 2.0, PCI-DSS, HIPAA, GDPR & more  • Customizable dashboards & reports for real-time posture monitoring  • AI/ML-powered #anomaly detection & automated remediation  • Benchmarking & risk scoring to track cybersecurity effectiveness Seceon empowers 𝗜𝗧 𝘁𝗲𝗮𝗺𝘀, 𝗠𝗦𝗣𝘀 & 𝗠𝗦𝗦𝗣𝘀 𝘁𝗼 𝘀𝗶𝗺𝗽𝗹𝗶𝗳𝘆 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲, 𝗿𝗲𝗱𝘂𝗰𝗲 𝗿𝗶𝘀𝗸𝘀, 𝗮𝗻𝗱 𝗿𝗲𝘀𝗽𝗼𝗻𝗱 𝘁𝗼 𝘁𝗵𝗿𝗲𝗮𝘁𝘀 𝗶𝗻 𝗿𝗲𝗮𝗹 𝘁𝗶𝗺𝗲 - turning complexity into clarity. Whether it’s meeting regulations, preventing breaches, or proving ROI to stakeholders, 𝗦𝗰𝗼𝗿𝗲𝟯𝟲𝟬 & 𝗕𝗜𝟯𝟲𝟬 𝗱𝗲𝗹𝗶𝘃𝗲𝗿 𝘁𝗵𝗲 𝗶𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝘆𝗼𝘂 𝗻𝗲𝗲𝗱. Explore the full datasheet and see how Seceon helps you measure, monitor, and mitigate risks 24x7. #CyberSecurity #Compliance #AI #RiskManagement #MSSP #MSP #Seceon Shikha Pandey Chandra Shekhar Pandey Argha Bose Vinay Ojha Tom Ertel Maggie MacAlpine Sana Anjali Devi Waldek Mikolajczyk Pushpendra Mishra 🇮🇳 Kriti Tripathi Aashish Kumar Goela Jocelyn Joy Amancio Britto

59

1 Comment

Interesting APT research and cybersecurity news of the week ▪️ A new trojan, GodRAT, targets financial organizations. This malware traces its roots to the well-known Gh0st RAT code and is similar to the AwesomePuppet malware linked to the Winnti/APT41 group. https://lnkd.in/dumhyypK ▪️ Data leaks from the Kimsuky threat cluster revealed details about the WgetCloud service, which attackers use to mask their operations. https://lnkd.in/dmS6SS5W ▪️ Targeting Linux desktops is gaining momentum. Recently, malicious .desktop files were spotted in APT36/Transparent Tribe attacks on Asian organizations. https://lnkd.in/g332sCT4 ▪️ APT Muddy Water has increased attacks worldwide, focusing on CFOs of organizations https://lnkd.in/eXVMpNzr ▪️ Microsoft analyzed current ClickFix attack scenarios: https://lnkd.in/dBeaN4as ▪️ Kaspersky ICS CERT provides an overview of the modern vehicle threat landscape. The analysis covers the balance of complexity, effectiveness, and profitability that has historically made vehicle attacks unprofitable, though shifting factors may increase future risks. https://lnkd.in/gxRBPnws ▪️ Another large TDS on compromised WordPress sites: Help TDS, primarily used to redirect users to fake tech support sites. https://lnkd.in/dSp65Dry ▪️ An intriguing attack on LLMs in email scanners: hidden prompts were found in a phishing campaign designed to overload language models, increasing chances of bypassing defenses. https://lnkd.in/d9M8P2e3 ▪️ Another analysis of cryptojacking campaigns targeting Redis servers, this time by TA Nastratus: https://lnkd.in/dNit-PaC ▪️ Numerous password managers are vulnerable to ClickJacking attacks, allowing extraction of auto-filled passwords. However, this requires the site to be vulnerable to XSS or DNS subdomain takeover. https://lnkd.in/gZ76ZncV ▪️ Positive news to end with: African police arrested over 1,200 perpetrators across 18 countries involved in BEC and ransomware attacks. Operation Serengeti 2.0 was supported by eight cybersecurity companies, including Kaspersky. https://lnkd.in/dv7M95Hj #APT #digest

35

Leadership plays a critical role in ICS/OT cyber readiness. Scenario-driven training helps leaders and teams prepare for what really happens in an attack—from first signs to coordinated response. The ICS Cybersecurity Awareness Training includes: ✔️ Tabletop exercises designed for leadership ✔️ Real-world ICS/OT attack scenarios ✔️ Practical, role-based lessons for all levels See how small, focused modules can help leadership guide smarter, faster decisions when it counts. 🔗 https://lnkd.in/edAkwzX9 #ICSSecurity #OTSecurity #WorkforceSecurity

13

1 Comment

Large Language Models (LLMs) can provide many benefits to security professionals by helping them analyze logs, detect phishing attacks, or offer threat intelligence. Learn from Wazuh about how to incorporate an LLM, like ChatGPT, into its open source security platform. #wazuh #xdr #siem #llm #sponsored ➡️Learn more: https://lnkd.in/ekyrp_pv

85

𝗧𝗼𝗽 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝘁𝗼 𝗟𝗲𝘃𝗲𝗹 𝗨𝗽 𝗬𝗼𝘂𝗿 𝗖𝗮𝗿𝗲𝗲𝗿 𝗶𝗻 𝟮𝟬𝟮𝟱 🔐 Whether you're defending systems (Blue Team), attacking them to make them stronger (Red Team), or leading strategy, there’s a certification path for you: 1️⃣ Blue Team (Defensive Security) – Security+, CySA+, GCFA, GCIH 2️⃣ Red Team (Offensive Security) – eJPT, OSCP, OSEP, OSEE 3️⃣ Leadership – CISM, CISA, CISSP, CGEIT Pro Tip: Start with foundational certs, then specialize in Red, Blue, or Leadership tracks based on your career goals. Which track are you on – Blue, Red, or Leadership? 🔔 Follow e-Learn Cyber Security for more cybersecurity tips! #CyberSecurity #Certifications #BlueTeam #RedTeam #InfoSec #CareerGrowth

750

23 Comments