Insights

The UK government’s latest ransomware proposals aim to shield businesses and public services from ransomware attacks that cost the economy billions annually. These proposed new measures aim to target the financial lifelines of cybercriminals by banning ransomware payments from public sector bodies and critical national infrastructure organisations, such as the NHS, local councils, and schools. The government’s approach also includes mandatory ransomware incident reporting to bolster law enforcement’s ability to disrupt criminal networks.

Microsoft’s latest Patch Tuesday release addressed 16 critical vulnerabilities, all classified as remote code execution flaws—a stark reminder of the importance of proactive patch management.

The recently discovered vulnerabilities in Veeam Service Provider Console, tracked as CVE-2024-42448 and CVE-2024-42449, have been classified as critical and high severity. If exploited, these vulnerabilities could severely undermine system integrity and operational security, jeopardising sensitive data and backup operations.

We continue our lookback at the biggest cyber attacks of 2024… so far. Read Part one HERE

As 2024 draws to a close, numerous high-profile cyber incidents have dominated the headlines. With only two and a half months remaining and the Christmas season approaching, it's likely we'll see even more before year’s end. In this blog, the Integrity360 Incident Response team explores some of the most significant cyber attacks of the year... so far.

Overview: Ivanti has released updates for Ivanti CSA (Cloud Services Application) which addresses a medium severity and two high severity vulnerabilities. Exploiting these vulnerabilities effectively enables remote attackers to execute SQL statements through SQL injection, run arbitrary code via command injection, and bypass security restrictions by taking advantage of a path traversal weakness in vulnerable CSA gateways, which provide secure access to internal network resources for enterprise users.

In the spirit of Cyber Security Awareness Month, Integrity360 is calling for businesses to look beyond basic cyber security measures. As cyber threats evolve, traditional techniques like strong passwords and periodic software updates leave organisations vulnerable to more sophisticated attacks. 

Overview: A newly reported vulnerability in the Common Unix Printing System (CUPS) poses a significant security threat to UNIX-based systems, including Linux and macOS. Security researcher Simone Margaritelli has published the first of a series of blog posts detailing the issue, which can be exploited by sending a specially crafted HTTP request to the CUPS service. This vulnerability allows remote attackers to gain access to affected systems and execute arbitrary code, potentially escalating privileges and compromising critical assets.

CVE-2024-24919 is a critical information disclosure vulnerability in Check Point Security Gateways which have remote access VPN or mobile access software enabled.

Palo Alto Networks has disclosed a critical (CVSS10) command injection vulnerability in Global Protect Gateway, which is the VPN component of PAN-OS powered networking appliances.

An effective incident response plan is a crucial component of an organisation's cyber security strategy. Where data breaches, cyber-attacks, and other security incidents are increasingly common, having a robust plan in place is essential for minimising damage and recovering swiftly. This blog explores the key elements that constitute a good incident response plan, emphasising the importance of preparedness, swift action, and continual improvement in the face of evolving cyber threats. 

It’s not a matter of whether your organisation will face a security incident but when. That's why a robust incident response plan is crucial. So what elements should your incident response plan include to be truly effective?