This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE).

Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government, emergency services, healthcare, manufacturing, and transportation.

This guide overviews common exploitations and associated tactics, techniques, and procedures (TTPs) malicious actors to leverage, rendering these businesses exposed and vulnerable. It also includes recommendations to IT, OT, and ICS professionals and organizations on best practices for using remote capabilities and detecting and defending against malicious actors abusing this software.

How effectively is your business converting revenue into free cash flow? This measurement is the definition of business value.

Ransomware incidents can severely impact business processes and leave organizations without the data to operate and deliver mission-critical services.

The past year’s events have been marked by significant volatility and the exposure of vulnerabilities in the crypto-asset sector. These events highlight a number of key risks associated with crypto-assets and crypto-asset sector participants that banking organizations should be aware.

Threat hunting provides a second level of defense to address gaps in the overall cybersecurity architecture by finding and disrupting attackers that evaded the organization’s automated defenses.

Our adversaries are in our networks, exfiltrating our data and exploiting the Department’s users. To adapt and significantly improve our deterrence strategies, this never trust, always-verify mindset requires us to take responsibility for the security of our devices, applications, assets, and services; users are granted access to only the data they need when needed.

Companies domiciled outside China that directly collect and process the personal information of individuals residing in China in a cross-border manner are subject to the extraterritorial application of the PIPL.

Central to mitigating ransomware threats is developing an understanding of the actors, stakeholders, processes, and information.