Threat Landscape Briefing – November 2023

In this month’s briefing we explore:

  • ServiceNow vulnerability exposes sensitive data (timestamp – 01:05)
    • ServiceNow issued a fix for a misconfigured widget that exposes data after a researcher published a method unauthenticated attackers can use to steal an organization’s sensitive files.
    • See Info-Tech’s Build a Zero Trust Roadmap.
  • HTTP/2 Rapid Reset attacks mark the largest recorded DDoS attack in internet history (timestamp – 04:13)
    • Large cloud service providers such as Google, AWS, and CloudFlare observed a series of distributed denial of service attacks facilitated by the exploitation of a weakness in the implementation of HTTP/2.
    • See Info-Tech’s Define Your Cloud Vision.
  • The Art of Concealment, what to know about the new Magecart campaign (timestamp – 07:23)
    • The Akamai Security Intelligence Group has detected a new Magecart web skimming campaign that is targeting a large number of websites, including large organizations in the food and retail industries.
    • See Info-Tech’s Embed Security Into the DevOps Pipeline.
  • Hackers exploit zero-day on Cisco devices (timestamp – 11:11)
    • Cisco issued an advisory warning on October 16 that hackers were actively exploiting a critical vulnerability in IOS XE, the software that operates its networking devices.
    • See Info-Tech’s Implement Risk-Based Vulnerability Management.
  • ToddyCat using spear phishing to deliver disposable malware in Asia (timestamp – 14:33)
  • WordPress sites targeted with backdoor malware disguised as a plugin (timestamp – 15:56)

If you have a question or would like to receive these monthly briefings via email, submit a request here.

Featured Speakers

Michel Hebert

Principal Research Director, Security & Privacy
Read Bio

Fred Chagnon

Principal Research Director
Read Bio

Logan Rohde

Cybersecurity Advisor
Read Bio

Carlos Rivera

Principal Research Advisor, Security & Privacy
Read Bio

Ahmad Jowhar

Research Specialist, Security & Privacy
Read Bio

Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019