Welcome to the latest edition of the Below the Surface Threat Report. In this report we will cover a diverse range of threats and vulnerabilities tied to the IT supply chain. We’ll look at evolving threats to Network Infrastructure, as well as vulnerabilities found in proprietary cryptographic algorithms used in LE, DoD and critical infrastructure. When it comes to ransomware and criminal actors, we’ll look at how incidents affecting the IT supply chain are rapidly resulting in material impact and class-action lawsuits, and we’ll dive into how the patch for the BlackLotus UEFI bootkit campaign isn’t enough to mitigate threats that can bypass Secure Boot going forward. On the requirements side, we’ll look at the updated Criminal Justice Information Systems (CJIS) compliance policy that now firmly aligns with NIST 800-53’s firmware and integrity monitoring requirements.
Finally, on the human side of things, we’ll take a look at how shortcomings in leadership can result in a new set of cybersecurity challenges, and how small businesses often make the mistake of not considering how valuable they and their infrastructure are to attackers.
The post Below the Surface Summer 2023 appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.
Article Link: Below the Surface Summer 2023 - Eclypsium | Supply Chain Security for the Modern Enterprise