Threat Landscape Briefing – November 2023

In this month’s briefing we explore:

ServiceNow vulnerability exposes sensitive data (timestamp – 01:05)
- ServiceNow issued a fix for a misconfigured widget that exposes data after a researcher published a method unauthenticated attackers can use to steal an organization’s sensitive files.
- See Info-Tech’s Build a Zero Trust Roadmap.
HTTP/2 Rapid Reset attacks mark the largest recorded DDoS attack in internet history (timestamp – 04:13)
- Large cloud service providers such as Google, AWS, and CloudFlare observed a series of distributed denial of service attacks facilitated by the exploitation of a weakness in the implementation of HTTP/2.
- See Info-Tech’s Define Your Cloud Vision.
The Art of Concealment, what to know about the new Magecart campaign (timestamp – 07:23)
- The Akamai Security Intelligence Group has detected a new Magecart web skimming campaign that is targeting a large number of websites, including large organizations in the food and retail industries.
- See Info-Tech’s Embed Security Into the DevOps Pipeline.
Hackers exploit zero-day on Cisco devices (timestamp – 11:11)
- Cisco issued an advisory warning on October 16 that hackers were actively exploiting a critical vulnerability in IOS XE, the software that operates its networking devices.
- See Info-Tech’s Implement Risk-Based Vulnerability Management.
ToddyCat using spear phishing to deliver disposable malware in Asia (timestamp – 14:33)
- A malware campaign known as “Stayin’ Alive” is continuing to target Asian telecom and governmental organizations and is believed to be perpetrated by ToddyCat, a group linked to China.
- See Info-Tech’s Develop a Security Awareness and Training Program That Empowers End Users.
WordPress sites targeted with backdoor malware disguised as a plugin (timestamp – 15:56)
- A new malware has been targeting WordPress websites by masquerading as a legitimate caching plugin.
- See Info-Tech’s Develop and Implement a Security Incident Management Program.

If you have a question or would like to receive these monthly briefings via email, submit a request here.

Schedule Analyst Call

Downloads

Featured Speakers

Michel Hebert

Principal Research Director, Security & Privacy

Read Bio

Fred Chagnon

Principal Research Director

Read Bio

Logan Rohde

Cybersecurity Advisor

Read Bio

Carlos Rivera

Principal Research Advisor, Security & Privacy

Read Bio

Ahmad Jowhar

Research Specialist, Security & Privacy

Read Bio

Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019