Monday 10/2
Join Gotham CTO, Ken Phelan, and Secure Networks Technologies President, Steve Stasiukonis, on Thursday, October 26, at 9:30 AM for a CTO Tech Talk discussing what you need to do during a cybersecurity event.
See the link below for registration details.
https://www.eventbrite.com/e/cto-tech-talk-tickets-723656886227?aff=oddtdtcreator
Driving Enterprise Hybrid Cloud Efficiency: How F5 and NetApp Change the Game (F5)
With data stored across multiple cloud environments and on-premises, the need for a seamless, efficient, and secure way to manage this data is paramount. Enter F5 and NetApp—two industry leaders that have joined forces to offer an unmatched solution for businesses navigating the challenges of a multi-cloud strategy.
https://bit.ly/3rApsmA
CrowdStrike to Acquire Bionic to Extend Cloud Security Leadership with Industry’s Most Complete Code-to-Runtime Cybersecurity Platform (CrowdStrike)
CrowdStrike announced it has agreed to acquire Bionic, a pioneer of application security posture management (ASPM). This will give our customers the most seamless and comprehensive view of cloud risk — from code development through runtime — in a single, unified platform.
https://bit.ly/48zbwdg
Thursday 10/5
Engaging Insiders to Combat Insider Threats (CyberArk)
Despite efforts to mitigate insider threats, current global risks and economic pressure are fueling the flame. There’s no silver bullet for insider threat protection, however a greater focus on culture, engagement and empowerment can make a real difference.
https://www.cyberark.com/resources/blog/engaging-insiders-to-combat-insider-threats
Cybersecurity Stop of the Month – QR Code Phishing (Proofpoint)
QR Code phishing represents a new and challenging threat. It moves the attack channel from the protected email environment to the user’s mobile device, which is often less secure. With QR codes, the URL isn’t exposed within the body of the email. This approach renders most email security scans ineffective.
https://www.proofpoint.com/us/blog/email-and-cloud-threats/cybersecurity-stop-month-qr-code-phishing
Friday 10/6
NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations
Today, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory (CSA), NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations, which provides the most common cybersecurity misconfigurations in large organizations, and details the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations.
https://www.cisa.gov/news-events/alerts/2023/10/05/nsa-and-cisa-release-advisory-top-ten-cybersecurity-misconfigurations
Qakbot hackers are still spamming victims despite FBI takedown
The FBI said at the time that the takedown, dubbed “Operation Duck Hunt,” included the seizure of 52 servers, which the agency said would “permanently dismantle” the botnet. Despite these efforts, the hackers behind the Qakbot malware continue to spam new victims, according to new research from Cisco Talos.
https://techcrunch.com/2023/10/05/qakbot-hackers-are-still-spamming-victims-despite-fbi-takedown
Monday 10/9
6 Essential Steps for Identity Security in Multi-Cloud Environments (CyberArk)
Effective cloud security goes beyond fixing configurations or permissions; it’s fundamentally about controlling “access” to your cloud—your consoles, data and infrastructure.
https://bit.ly/3PKQzU5
Three Recommendations for a Next-Generation Cybersecurity Framework (CrowdStrike)
Cyberattacks evolve daily, and defenders are forced to adapt at the same rate. Cybersecurity best practices, however, are updated and codified much less frequently. There is broad experimentation in the field, and it takes some time for authoritative working groups to sort out which new practices and controls are practical and consistently effective for a large cross-section of users.
https://bit.ly/3F9Cmeo
Tuesday 10/10
Point Break ft. Bryon Singh, RailWorks Corporation
https://www.gothamtg.com/blog/point-break
Phishing Emails Are More Believable Than Ever. Here’s What to Do About It. (Fortinet)
As AI-driven content tools become more broadly available at low or no cost, cybercriminals are turning to these technologies to advance their operations. One way they're doing this is by using AI to make their phishing emails and text messages appear more realistic than ever before, increasing the chances they’ll succeed at getting their unsuspecting victims to click on a malicious link.
https://bit.ly/3FcM8MM
Cyber Security Awareness Month: Recognize, Avoid, and Report Phishing (Check Point)
https://bit.ly/3ZLJWFH
Wednesday 10/11
Gotham stands behind Israel in the face of the shocking aggression directed at them this week. Many of our business partners, former Gotham employees, and close personal friends are directly involved and affected by this horrible tragedy. Gotham is making a significant contribution to JNF (jnf.org) who, among many things, is helping Israeli citizens in harm's way. We encourage our friends and colleagues to consider supporting those in Israel through JNF, or any of the many amazing charitable foundations available.
The good, the bad, and the vulnerable (Wiz)
Vulnerability management in the cloud presents new challenges and opportunities. The Wiz threat research team presents a new report focusing on how the ability to manage vulnerabilities in the cloud requires an understanding of both Application Security (AppSec) and Cloud Security (CloudSec).
https://bit.ly/3PZ5k5Y
7 Best Practices for Active Directory Security to Keep Attackers Out (Proofpoint)
There are multiple ways to fortify your Active Directory security. In this post, we’ll look at seven examples of Active Directory security best practices that can help you reduce the risk of costly breaches.
https://bit.ly/3Q9HN3g
Thursday 10/12
Gotham Technology Group is proud to support The Estée Lauder Companies' Tech Day of Pink to raise awareness in the fight against breast cancer! #TechInPink2023
Every public Instagram, Facebook, Twitter, and/or LinkedIn post with the hashtag #TechInPink2023 will help to raise funds for the Breast Cancer Research Foundation.
To learn more visit: www.techdayofpink.com
VMware Releases vCenter 8.0.2
https://www.gothamtg.com/blog/vmware-vcenter-802
September 2023’s Most Wanted Malware: Remcos Wreaks Havoc in Colombia and Formbook Takes Top Spot after Qbot Shutdown (Check Point)
Our latest Global Threat Index for September 2023 saw researchers report on a new stealth phishing campaign targeted Colombian businesses, designed to discreetly deliver the Remcos Remote Access Trojan (RAT). Meanwhile, Formbook took first place as the most prevalent malware following the collapse of Qbot, and Education remains the most targeted industry.
https://bit.ly/46wHuW3
Friday 10/13
How To Achieve Vulnerability Remediation (Arctic Wolf)
Vulnerabilities don’t have to be a danger organizations can’t control. Vulnerability management, and in particular, vulnerability remediation, can drastically reduce risk and harden the attack surface.
https://bit.ly/3rRts2e
Mastering the 4 Elements: Fortify Your App Architecture and Increase App and API Security (F5)
By adopting the various tiers, the architecture can provide more flexibility and adaptability to organizations, where they can decide where workload segments can be deployed, and enjoy lower total cost of ownership and higher development speed.
https://bit.ly/3QcROg5