Security Boulevard

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘’Chess Variant” appeared first on Security Boulevard.

This weekend is World Tourism Day, a celebration of the global travel industry and the cultural, economic, and social connections it fosters. However, as the tourism industry continues to grow and evolve, it faces an increasing array of cybersecurity threats. From data breaches targeting personal traveler information, like the 6 million customer records stolen in […]

The post Securing the Journey: Cybersecurity Challenges in the Tourism Industry appeared first on Blog.

The post Securing the Journey: Cybersecurity Challenges in the Tourism Industry appeared first on Security Boulevard.

Craig Adams, chief product officer at Rapid7, discusses the growing complexity of security operations and how organizations can better align tools, teams and processes. Adams, a longtime technology leader, notes that one of the biggest pain points he hears from customers is tool sprawl. Security teams are drowning in dashboards, alerts, and integrations—each product designed..

The post Bridging the Gap Between Security Teams and Tools appeared first on Security Boulevard.

The call came from a Fortune 20 customer yesterday morning. “Hey, Vinay, we’re getting flooded with noise about these two new Cisco ASA/FTD vulnerabilities that CISA posted the emergency advisory on. We are seeing a ton of inconsistent information, would like something to put it together for an exec view. Some enterprises are shutting down …

Read More

The post This Time, I Had Something Special to Offer appeared first on Security Boulevard.

We’re excited to share that IRONSCALES has been recognized in Expert Insights’ Cybersecurity Excellence Awards – Fall 2025, earning honors in two key categories: Email Security and Security Awareness Training.

The post IRONSCALES Recognized as a Leading Solution in Expert Insights’ Cybersecurity Excellence Awards – Fall 2025 appeared first on Security Boulevard.

Sectigo has successfully completed the largest migration of public certificate infrastructure in history, transitioning over half a million SSL/TLS, S/MIME, and code signing certificates from Entrust to Sectigo Certificate Manager. This milestone sets a new standard for digital trust transitions, giving customers a secure, automated, and future-ready CLM platform.

The post A promise fulfilled: Sectigo completes historic migration of Entrust public certificate business appeared first on Security Boulevard.

CISA’s takeaways of an agency hack include a call for timely vulnerability patching. Plus, Cisco zero-day bugs are under attack — patch now. Meanwhile, the CSA issued a framework for SaaS security. And get the latest on the npm breach, the ransomware attack that disrupted air travel and more!

Here are six things you need to know for the week ending September 26.

Key takeaways

1. In assessment of a federal agency breach, CISA highlights importance of vulnerability management and prompt patching.
2. Attackers are actively exploiting Cisco zero-day vulnerabilities. Update your software, stat!
3. A new framework aims to create a clear, consistent baseline for SaaS security.

1 - CISA: Agency breach shows vulnerability management is key

Inventory all your assets. Manage and prioritize their vulnerabilities. Patch promptly.

Rinse and repeat.

That’s a key message issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week after dissecting a recent hack at an unnamed federal agency in the publication “CISA Shares Lessons Learned from an Incident Response Engagement.” 

Attackers exploited a known vulnerability, CVE-2024-36401, in a public-facing GeoServer, an open source server that lets users share and edit geospatial data. They then spent three weeks moving undetected through the network, planting web shells and setting up persistence before the breach was discovered.
 

CISA’s post-mortem flagged several critical failures:

• Critical bugs weren't patched on time.
• The incident response plan was gathering dust – it had never been tested.
• Security alerts weren't being consistently reviewed.

The advisory breaks down the attackers’ tactics, techniques and procedures (TTPs) and includes indicators of compromise (IOCs).

Mitigation recommendations include:

• Prioritize patching, especially for known exploited vulnerabilities on public-facing systems.
• Drill, drill, drill. Regularly test and practice your incident response plan.
• Centralize your logs in a secure, out-of-band location to spot trouble faster.

The vulnerability management recommendations include having procedures for prioritization and emergency patching, and highlight the importance of identifying high-risk systems via asset management and inventorying.

“CISA urges organizations to apply these lessons learned to bolster their security posture, improve preparedness, and reduce the risk of future compromises,” CISA said in a statement.

For more information about reducing cyber risk with an exposure management program, check out these Tenable blogs:

• “How Exposure Management Has Helped Tenable Reduce Risk and Align with the Business”
• “How Tenable Moved From Siloed Security to Exposure Management”
• “How Tenable’s Security Team Went from Thousands of Alerts to a Handful of Tickets with Exposure Management”
• “How Exposure Management Moves Beyond Vulnerability Scans to A Unified View of Risk”
• “Understanding and Managing Cyber Risk: An Exposure Management FAQ for Business Leaders”

2 - Cisco zero-day bugs under attack – patch now 

Cisco this week rushed out patches for zero-day vulnerabilities that attackers are actively exploiting in the wild.

The vulnerabilities in question impact the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software:

• CVE-2025-20333 (CVSS 9.9): Allows an authenticated, remote attacker to run arbitrary code and completely compromise an affected device.
• CVE-2025-20362 (CVSS 6.5): Lets an authenticated, remote attacker access restricted URL endpoints without authentication.

To get a deep dive into these vulnerabilities, read the Tenable blog “CVE-2025-20333, CVE-2025-20362: Frequently Asked Questions About Zero-Day Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) Vulnerabilities.”

Cisco also disclosed and patched a third vulnerability – CVE-2025-20363 (CVSS 9.0) – that it said isn’t part of the zero-day exploitation campaign and that impacts the web services of Cisco Secure Firewall ASA Software, Cisco Secure FTD Software, Cisco IOS Software, Cisco IOS XE Software and Cisco IOS XR Software.

Meanwhile, CISA issued Emergency Directive “ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices” instructing federal agencies to identify affected devices, send memory files to CISA for analysis and apply patches immediately.
 

While the directive is for federal agencies, the warning is for everyone. 

“CISA urges all public and private sector organizations to review the Emergency Directive and associated resources and take steps to mitigate these vulnerabilities,” CISA said in a statement.

To get more details, check out:

• The official Cisco advisories for CVE-2025-20333, CVE-2025-20362 and CVE-2025-20363, as well as its statement “Cisco Event Response: Continued Attacks Against Cisco Firewalls.”
• The CISA Emergency Directive “ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices” and complementary “Supplemental Direction ED 25-03: Core Dump and Hunt Instructions.”
• The U.K. National Cyber Security Centre’s “NCSC warns of persistent malware campaign targeting Cisco devices” alert and “Malware Analysis Report: RayInitiatior & LINE VIPER.”
• Coverage from BleepingComputer, CyberScoop, NextGov/FCW and Ars Technica.

3 - New framework tackles SaaS security guesswork

How can you be sure the software-as-a-service (SaaS) applications your organization owns or plans to acquire are secure?

That question drove the Cloud Security Alliance (CSA) to craft the “SaaS Security Capability Framework (SSCF) v1.0,” unveiled this week.

The framework seeks to provide common, consistent criteria that can guide vendors in developing safer applications and help customers better assess these products’ security.

“Without a clear baseline, enterprises, SaaS vendors, and security teams are all left trying to fill in the gaps on their own with a lot of duplicated effort and unnecessary risk,” Lefteris Skoutaris, Associate VP of GRC Solutions at CSA, wrote in a blog.
 

The SSCF, developed in collaboration with security leaders from various companies, encompasses controls across six key security domains, adapted from the CSA’s “Cloud Controls Matrix”:

• Change Control and Configuration Management
• Data Security and Privacy Lifecycle Management
• Identity and Access Management
• Interoperability and Portability
• Logging and Monitoring
• Security Incident Management, E-Discovery, and Cloud Forensics.

The SSCF seeks to complement existing frameworks like SOC 2 and ISO 27001 by translating high-level security requirements into tangible, actionable features that customers can directly configure and enforce within their SaaS applications. 

In short, the framework gives customers a consistent way to evaluate their SaaS portfolio, while vendors get a clear roadmap of what security controls are expected.

For more information about Saas security:

• “Using Software as a Service (SaaS) securely” (UK NCSC)
• “SaaS security is now a major blind spot for enterprises” (ITPro)
• “SaaS Breaches Skyrocket 300% as Traditional Defenses Fall Short” (Infosecurity)
• “SaaS Cybersecurity: Threats And Mitigation Strategies” (Forbes)

4 - As worm 'Shai-Hulud' burrows into npm, CISA issues warning

CISA has urgent advice for developers using npm, following the latest supply-chain attack against this popular Javascript package registry.

CISA’s alert, issued this week, focuses on the self-replicating worm named Shai-Hulud, which has compromised 500-plus packages on the npm registry since mid-September.

The worm infiltrates a developer's environment, hunts for sensitive credentials like GitHub tokens and cloud API keys, and uploads them to a public repository, CISA said in its alert “Widespread Supply Chain Compromise Impacting npm Ecosystem.”

It then uses those stolen keys to authenticate to npm, inject malicious code into other packages maintained by the developer and spread itself further.
 

CISA recommends that organizations using npm do the following to protect themselves against Shai-Hulud: 

• Review all software dependencies to identify any of the affected packages.
• Pin npm package versions to safe releases published before September 16, 2025.
• Rotate all developer credentials ASAP.
• Enforce phishing-resistant multi-factor authentication for all developer accounts.
• Monitor networks and block connections to known malicious domains.

Meanwhile, GitHub, which owns npm, announced steps to strengthen the registry’s security. For starters, GitHub has already removed over 500 compromised packages, and it’s actively blocking the upload of new packages that contain Shai-Hulud’s indicators of compromise. GitHub also plans to add stronger authentication requirements, including a push toward FIDO-based 2FA and deprecating older, weaker security methods.

“We are going to roll these changes out gradually to ensure we minimize disruption while strengthening the security posture of npm,” reads a GitHub blog. 

GitHub is also strongly encouraging the adoption of "trusted publishing," a security feature that eliminates the need for managing API tokens in build systems. 

For more information about software supply chain security:

• “Software Supply Chain Security” (OWASP)
• “Securing software supply chains: how to safeguard against hidden dependencies” (World Economic Forum)
• “Securing the Software Supply Chain: Recommended Practices for Developers” (CISA)
• “Software Supply Chain Best Practices” (Linux Foundation)
• “5 ways to spot software supply chain attacks and stop worms - before it's too late” (ZDNet)

5 - UK nabs suspect after cyber attack snarls air travel in Europe

U.K. law enforcement authorities have arrested a man in connection with the ransomware attack that wreaked havoc in airports across Europe.

On September 19, Collins Aerospace suffered a ransomware attack that disrupted the availability of its MUSE software, used by airlines to check in passengers at airports.

As a result, chaos ensued in major airports in Europe, including in London, Berlin and Brussels. Hundreds of flights got cancelled or delayed over the course of several days.

“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” Paul Foster, Deputy Director of the NCA’s Cyber Crime Unit, said in a statement.
 

ENISA, the EU’s cybersecurity agency, told news agency Reuters that Collins Aerospace had been hit by a ransomware attack. 

RTX, the parent company of Collins Aerospace, acknowledged in a media statement “a cyber-related disruption to MUSE software in select airports.”

Bernard Montel, EMEA Technical Director and Security Strategist at Tenable, said that while full attack details remain unknown, the impact to multiple airports highlights the risks of insecure third-party systems.

“Truly robust security begins with a strong foundation: identifying the systems that underpin our most vital services and proactively mitigating the vulnerabilities that attackers are most likely to exploit. This is the only way to effectively neutralise the risk," Montel told CFOtech.

To get more details, check out coverage from Reuters, SecurityWeek, CSO and The Guardian.

6 - Alert: Scammers impersonating FBI's IC3 website

Brazen cyber crooks are targeting the very place people go to report online crime. 

In an alert this week, the U.S. Federal Bureau of Investigation (FBI) warned that threat actors are creating fake, or "spoofed," versions of its Internet Crime Complaint Center (IC3) website.

The goal is to trick you into entering personal and financial information on look-alike domains. These spoofed sites use slightly different spellings or alternative domain endings to lure in victims.
 

To protect yourself, the FBI recommends: 

• Go direct: Manually type www.ic3.gov into your browser's address bar. Don't rely on search engine results.
• Watch for "Sponsored" links: In search results, these are often paid ads by impostors trying to divert you from the legitimate site.
• Check the URL: The only official URL is www.ic3.gov. The .gov is your proof.
• Trust your gut: Avoid clicking on links that look suspicious. 

And remember: The real IC3 will never ask for money to recover lost funds and has zero social media presence. 

The post Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as Orgs Are Urged To Patch Cisco Zero-Days appeared first on Security Boulevard.

Salesforce is facing a possible class action lawsuit from almost two dozen plaintiffs who say the SaaS giant should have had better security around its platform, even though a spate of high-profile data-stealing attacks on third-party partners did not start with a breach of its systems.

The post Salesforce Faces Lawsuits Over Compromises of Third-Party Apps: Report appeared first on Security Boulevard.

Today’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments accordingly. Arriving at any conclusion is an exercise in threat modeling.

In security, threat modeling is the process of determining what security measures make sense in your particular situation. It’s a way to think about potential risks, possible defenses, and the costs of both. It’s how experts avoid being distracted by irrelevant risks or overburdened by undue costs...

The post Digital Threat Modeling Under Authoritarianism appeared first on Security Boulevard.

Shadow AI isn’t a fringe behavior; it’s the norm. My team recently analyzed AI usage patterns across multiple industries and found signs of unapproved AI activity in more than 80% of the 100+ customer organizations sampled. Whether it’s sales teams dropping customer data into ChatGPT, HR uploading resumes into Claude, or executives experimenting with AI..

The post How to Manage Shadow AI Risk Without Killing Innovation appeared first on Security Boulevard.

A popular MCP server in the NPM repository that was being downloaded 1,500 times a week suddenly began quietly copying emails and sending them to a C2 server after the developer inserted a line of code. Koi Security researchers said the incident highlights the security threats organizations are letting in through their blind trust of AI tools.

The post Malicious MCP Server Found Quietly Stealing Emails appeared first on Security Boulevard.

Creator, Author and Presenter: Sam Havron, Meta

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX ’25 Conference content on the organization’s’ YouTube channel.

Permalink

The post USENIX 2025: PEPR ’25 – Remediating Systemic Privacy Incidents appeared first on Security Boulevard.

AttackIQ presents the fourth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Rhysida, Charon, and Dire Wolf ransomware families.

The post Ransom Tales: Volume IV – Emulating Rhysida, Charon and Dire Wolf Ransomware appeared first on AttackIQ.

The post Ransom Tales: Volume IV – Emulating Rhysida, Charon and Dire Wolf Ransomware appeared first on Security Boulevard.

Austin / TX, United States, 25th September 2025, CyberNewsWire

The post Living Security Unveils HRMCon 2025 Speakers as Report Finds Firms Detect Just 19% of Human Risk appeared first on Security Boulevard.

Is your IBM QRadar instance overwhelmed by web application firewall (WAF) alerts, or worse, have you throttled them back, potentially missing critical application-layer threats? You're not alone. Many Security Operations Centers (SOCs) struggle with the noise-to-signal ratio from perimeter tools, leaving a dangerous blindspot around the very applications driving the business. This lack of deep visibility hinders accurate threat assessment and slows down response times. 

The post IBM QRadar SIEM and Contrast ADR Integration | Actionable Application Security Intelligence | Contrast Security appeared first on Security Boulevard.

In cybersecurity, the CIA Triad—Confidentiality, Integrity, and Availability—defines the three pillars of information security. Integrity, however, is often the least understood. So, what does integrity in the CIA Triad actually mean?

The post What Integrity Means in the CIA Triad appeared first on Security Boulevard.

The post True Threat Prevention Demands Browser Security & File Sanitization appeared first on Votiro.

The post True Threat Prevention Demands Browser Security & File Sanitization appeared first on Security Boulevard.

Creators, Authors and Presenters: Lukas Bundonis, Netflix; Ben Ballard, MITRE

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel.

Permalink

The post USENIX 2025: PEPR ’25 – Privacy Paradigms For Law Enforcement Response appeared first on Security Boulevard.

Secure your CI/CD pipelines with SonarQube Cloud's Scoped Organization Tokens (SOT). A resilient, user-decoupled way to manage authentication and prevent broken builds.

The post Introducing Scoped Organization Tokens for SonarQube Cloud appeared first on Security Boulevard.

The post <b>Post-Quantum Cryptography and the Future of Data Security</b> appeared first on Sovy.

The post Post-Quantum Cryptography and the Future of Data Security appeared first on Security Boulevard.