Insights

We continue our lookback at the biggest cyber attacks of 2024… so far. Read Part one HERE

Severity: Critical
CVSSv3 Score: 9.8 
Date: Oct 23, 2024

October is a pivotal month for cybersecurity awareness, making it the perfect time to highlight the critical role Microsoft Defender XDR plays in cloud detection and response. As part of Integrity360’s Managed Detection and Response (MDR) solution, Defender XDR is instrumental in identifying and mitigating threats in cloud environments. In a landscape where cyber threats are becoming more sophisticated and persistent, Defender XDR provides a unified, comprehensive defence system that is essential for organisations today.

If you were to look at a stock image of a hacker, it would show a hooded figure hunched over the desk who’s lost in the sea of green text and numbers that flash across the screen.

As 2024 draws to a close, numerous high-profile cyber incidents have dominated the headlines. With only two and a half months remaining and the Christmas season approaching, it's likely we'll see even more before year’s end. In this blog, the Integrity360 Incident Response team explores some of the most significant cyber attacks of the year... so far.

Overview: Ivanti has released updates for Ivanti CSA (Cloud Services Application) which addresses a medium severity and two high severity vulnerabilities. Exploiting these vulnerabilities effectively enables remote attackers to execute SQL statements through SQL injection, run arbitrary code via command injection, and bypass security restrictions by taking advantage of a path traversal weakness in vulnerable CSA gateways, which provide secure access to internal network resources for enterprise users.

In the spirit of Cyber Security Awareness Month, Integrity360 is calling for businesses to look beyond basic cyber security measures. As cyber threats evolve, traditional techniques like strong passwords and periodic software updates leave organisations vulnerable to more sophisticated attacks. 

For many, presenting cyber security requirements to the board has often felt like an uphill battle, especially when it comes to regulatory frameworks. With the introduction of the NIS2 Directive, this dynamic has become even more pressing. While CISOs are acutely aware of the potential risks of non-compliance, boards may still struggle to grasp the urgency or allocate the necessary resources. Bridging this gap is essential for businesses to meet the new regulatory requirements and safeguard their operations.

In today's digital-first world, cloud security is more critical than ever. Microsoft Defender for Cloud Apps (MDCA) offers a comprehensive and intelligent solution for securing cloud environments. At Integrity360, we help organisations harness its full potential. From tailored implementation and integration to ongoing monitoring, compliance management, and optimisation, our managed services ensure your cloud infrastructure is secure, compliant, and resilient against threats.

Fortinet –  CVE-2024-23113 (CVSS score: 9.8)

This vulnerability was initially published on 08 February 2024.

Data security is and will always be one of the top priorities for every organisation. It’s not just a valuable asset - it’s high-risk and often the primary target for threat actors. The risk of exposure has grown significantly as data moves into cloud apps. Consider this: according to the 2024 AppOmni State of SaaS Security Report, 30% of 644 organisations surveyed suffered a data breach in their SaaS applications last year

Organisations across Europe are bracing for the full implementation of the NIS2 Directive (Network and Information Systems Directive 2). This updated legislation, which strengthens the security requirements for critical infrastructure, will become applicable by 18th October 2024. While it is an EU directive, its impact extends beyond the EU borders, affecting UK-based companies as well, despite the UK no longer being an EU member.