Cyber Threat Intelligence 26 March 2026
-
Healthcare Sector
- Grassroots DICOM (GDCM)
"Successful exploitation of this vulnerability could allow an attacker to send a specially crafted file, and when parsed, could result in a denial-of-service condition."
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-083-01
Industrial Sector
- Pharos Controls Mosaic Show Controller
"Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privileges."
https://www.cisa.gov/news-events/ics-advisories/icsa-26-083-01 - Schneider Electric Plant iT/Brewmaxx
"Successful exploitation of these vulnerabilities could risk privilege escalation, which could result in remote code execution."
https://www.cisa.gov/news-events/ics-advisories/icsa-26-083-03 - Schneider Electric EcoStruxure Foxboro DCS
"Schneider Electric is aware of a vulnerability in its EcoStruxure Foxboro DCS Control Software on Foxboro DCS workstations and servers. Control Core Services and all runtime software, like FCPs, FDCs, and FBMs, are not affected. The EcoStruxure Foxboro DCS product is an innovative family of fault-tolerant, highly available control components, which consolidates critical information and elevates staff capabilities to ensure flawless, continuous plant operation. Failure to apply the remediation provided below may risk deserialization of untrusted data, which could result in loss of confidentiality, integrity and potential remote code execution on the compromised workstation."
https://www.cisa.gov/news-events/ics-advisories/icsa-26-083-02
Vulnerabilities
- TP-Link Warns Users To Patch Critical Router Auth Bypass Flaw
"TP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow attackers to bypass authentication and upload new firmware. Tracked as CVE-2025-15517, this security flaw affects Archer NX200, NX210, NX500, and NX600 wireless routers and stems from a missing authentication weakness that attackers can exploit without privileges. "A missing authentication check in the HTTP server to certain cgi endpoints allows unauthenticated access intended for authenticated users," TP-Link explained earlier this week when it released security updates that address the vulnerability. "An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.""
https://www.bleepingcomputer.com/news/security/tp-link-warns-users-to-patch-critical-router-auth-bypass-flaw/
https://nvd.nist.gov/vuln/detail/CVE-2025-15517
https://securityaffairs.com/189980/iot/patch-now-tp-link-archer-nx-routers-vulnerable-to-firmware-takeover.html - iOS, MacOS 26.4 Roll Out With Fresh Security Patches
"Apple on Tuesday rolled out a fresh wave of security updates to resolve more than 80 vulnerabilities across its mobile and desktop operating systems. iOS 26.4 and iPadOS 26.4 were released for the latest generation iPhone and iPad devices with patches for nearly 40 security defects. WebKit received fixes for eight bugs that could be exploited by malicious websites to bypass policy enforcement, mount XSS attacks, fingerprint users, escape the sandbox, or crash the process. Issues addressed in the kernel could be exploited to disclose kernel memory, leak sensitive kernel state, corrupt kernel memory, or write kernel memory."
https://www.securityweek.com/ios-macos-26-4-roll-out-with-fresh-security-updates/ - CISA Adds One Known Exploited Vulnerability To Catalog
"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-33017 Langflow Code Injection Vulnerability"
https://www.cisa.gov/news-events/alerts/2026/03/25/cisa-adds-one-known-exploited-vulnerability-catalog - AI Supply Chain Attacks Don’t Even Require Malware…just Post Poisoned Documentation
"A new service that helps coding agents stay up to date on their API calls could be dialing in a massive supply chain vulnerability. Two weeks ago, Andrew Ng, an AI entrepreneur and adjunct professor at Stanford, launched Context Hub, a service for supplying coding agents with API documentation. "Coding agents often use outdated APIs and hallucinate parameters," Ng wrote in a LinkedIn post. "For example, when I ask Claude Code to call OpenAI's GPT-5.2, it uses the older chat completions API instead of the newer responses API, even though the newer one has been out for a year. Context Hub solves this.""
https://www.theregister.com/2026/03/25/ai_agents_supply_chain_attack_context_hub/
Malware
-
Cloud Phones: The Invisible Threat
"What began as a simple scheme to inflate social media metrics has evolved into a sophisticated threat that is quietly reshaping the economics of digital fraud. Over the past decade, fraud prevention teams have invested heavily in device fingerprinting and emulator detection and that investment paid off; classic emulators and bot activities became predictable, easy to detect and block. However, attackers adapted. They moved to cloud phones – remote-access Android devices running in data centers. For all intents and purposes, these are real phones, running genuine firmware, exhibiting natural sensor behavior, and presenting valid hardware attestation. Plus, they’re accessible to anyone with just $10 to spare and an internet connection. What makes this threat unlike any other is its invisibility. To fraud detection systems, cloud phone activity such as mobile banking appears indistinguishable from a legitimate device. This report traces the evolution of cloud phones from harmless social media engagement automation to industrial-scale financial fraud, examines why traditional device fingerprinting fails against cloud phones, and reveals updated detection methodologies that are beginning to close this dangerous gap."
https://www.group-ib.com/blog/cloud-phones-invisible-threat/
https://www.infosecurity-magazine.com/news/cloud-phones-financial-fraud/
https://www.theregister.com/2026/03/25/virtual_smartphones_fraud/ -
On The Radar: ChatGPT Stealer
"For many folks, using an AI assistant in browser means opening a new tab, navigating to a website, and asking questions. This works for many use cases, but often means bringing content to the agent, either by summarizing or copy/pasting from other locations. The assistant in this case has no awareness of the conversations, context, or history in the other browser tabs. In short, the agent is effectively siloed. This isolation can be seen as good from a security and privacy perspective, but presents challenges from a usability standpoint. This usability gap has led to the creation of tools that bring further awareness to the AI tools. While this shift has taken several forms, one area of rapid growth is AI-powered browser extensions. These extensions afford users the ability to work across browser tabs, simplifying the ingestion of content into the AI agent and streamlining the experience significantly."
https://expel.com/blog/on-the-radar-chatgpt-stealer/
https://www.infosecurity-magazine.com/news/experts-prompt-poaching-browser/ -
The Unintentional Enabler: How Cloudflare Services Are Abused For Credential Theft And Malware Distribution
"Cloudflare's suite of services like Workers, Tunnels, Turnstile, Pages and Cloudflare R2 (*[.]r2[.]dev) continue to be abused by threat actors to orchestrate stealthy phishing attacks and deliver malware in ways that are difficult for traditional security measures to detect or prevent. This abuse underscores a perilous shift wherein Cloudflare’s legitimate services are now being repurposed by malicious actors to bypass security defenses and evade detection. Here we will explore specifically how Cloudflare services, especially Workers and Tunnels, became powerful enablers of cyber threats, drawing from actual campaigns that Cofense Intelligence has seen that have bypassed defenses to end up in employee inboxes."
https://cofense.com/blog/how-cloudflare-services-are-abused-for-credential-theft-and-malware-distribution -
Novel WebRTC Skimmer Bypasses Security Controls At $100+ Billion Car Maker
"What sets this attack apart is the skimmer itself. Instead of the usual HTTP requests or image beacons, this malware uses WebRTC DataChannels to load its payload and exfiltrate stolen payment data. This is the first time Sansec has observed WebRTC used as a skimming channel. The car manufacturer is the latest victim in a streak of major ecommerce breaches. Sansec has now found payment skimmers on five multi-billion dollar companeis in the past two months, including a top-3 US bank and a top-10 global supermarket chain."
https://sansec.io/research/webrtc-skimmer
https://www.bleepingcomputer.com/news/security/polyshell-attacks-target-56-percent-of-all-vulnerable-magento-stores/ -
Bubble: a New Tool For Phishing Scams
"A variety of AI-powered app builders promise to bring your ideas to life quickly and effortlessly. Unfortunately, we know exactly who’s always on the lookout for new ideas to bring to life — mostly because we’re rather good at spotting and blocking their old ones. We’re talking about phishers, of course. Recently, we discovered they’ve added a new trick to their arsenal: generating websites using the Bubble AI-powered web-app builder. It’s highly likely that this tactic is now available through one or more phishing-as-a-service platforms, which virtually guarantees these decoys will start appearing in a wide range of attacks. But let’s break this down step-by-step."
https://www.kaspersky.com/blog/bubble-no-code-phishing/55488/
https://www.bleepingcomputer.com/news/security/bubble-ai-app-builder-abused-to-steal-microsoft-account-credentials/ -
Torg Grabber: Anatomy Of a New Credential Stealer
"It started with a lie. A sample walked into the lab wearing a Vidar label like a cheap suit two sizes too small. We pulled the threads, and the whole thing came apart. What fell out was a previously unknown information stealer we named Torg Grabber – 334 samples compiled over three months, a rapid evolution from Telegram dead drops through an encrypted TCP protocol nobody asked for, all the way to a production-grade REST API that worked like a Swiss watch dipped in poison. Over 40 operator tags pulled from the binaries – a mix of nicknames, date-encoded batch IDs, and confirmed Telegram user IDs – fingerprinted individual MaaS customers and confirmed what we already suspected: this was a builder-and-panel operation, crime as a service, infrastructure included. OSINT resolution of the numeric tags peeled back the curtain on eight operators as Telegram accounts buried up to their necks in the Russian cybercrime ecosystem. The bot tokens gave us the developer accounts behind the whole show. Nobody said crime doesn’t pay, but nobody said it doesn’t leave fingerprints either."
https://www.gendigital.com/blog/insights/research/torg-grabber-credential-stealer-analysis
https://www.bleepingcomputer.com/news/security/new-torg-grabber-infostealer-malware-targets-728-crypto-wallets/ -
The Operations Of The Swarm: Inside The Complex World Of Mirai-Based Botnets
"Botnets are always an interesting threat to discuss, simply because of their prevalence and the difficulty of restricting and mitigating them. Spamhaus noted that July to December 2025 saw a 24% increase in the number of botnet command & control servers identified when compared to the previous 6-month period. This blog started off as a focused discussion of Aisuru-Kimwolf, what it is, and what has been observed recently; however, since there are so many botnet families that are related to each other, we decided to expand the scope and treat this as more of a technical primer to botnets. This blog will describe observations on several botnets and discuss their key similarities and differences."
https://blog.pulsedive.com/the-operations-of-the-swarm-inside-the-complex-world-of-mirai-based-botnets/
https://hackread.com/mirai-malware-variants-botnet-growth/ -
GlassWorm Hides a RAT Inside a Malicious Chrome Extension
"A couple of days ago, we covered GlassWorm compromising hundreds of GitHub repositories and a popular React phone number package on npm. We kept digging into the full payload and found a multi-stage framework that installs a persistent RAT and, deep in Stage 3, force-installs a Chrome extension posing as Google Docs Offline. It logs keystrokes, dumps cookies and session tokens, captures screenshots, and takes commands from a C2 server hidden in a Solana blockchain memo."
https://www.aikido.dev/blog/glassworm-chrome-extension-rat
https://thehackernews.com/2026/03/glassworm-malware-uses-solana-dead.html -
Breaches/Hacks/Leaks
Hackers Claim To Have Accessed Data Tied To Millions Of Crime Tipsters
"Millions of crime tips may have been exposed after a hacker group claims to have compromised systems used by Crime Stoppers programs and other organizations worldwide. The incident centers on P3 Global Intel, a Texas-based provider of cloud-based tip and intelligence management software owned by Navigate360. The hacktivists, known as “Internet Yiff Machine,” submitted the stolen data to Straight Arrow News (SAN). According to SAN, the group supplied a cache of more than 8.3 million records said to be taken from P3. The data reportedly spans from as far back as 1987, up to 2025, and is said to include crime tips submitted through Crime Stoppers programs, law enforcement agencies, schools, and parts of the US federal government."
https://www.malwarebytes.com/blog/news/2026/03/hackers-claim-to-have-accessed-data-tied-to-millions-of-crime-tipsters -
Ransomware Attack Disrupts Operation At Major Spanish Fishing Port
"A ransomware attack has disrupted digital systems at Spain’s Port of Vigo, forcing authorities to disconnect parts of its network and temporarily manage cargo operations manually, port officials said Wednesday. The attack was detected early Tuesday and affected computer servers used to manage cargo traffic and other digital services at the port, located in the Galicia region on Spain’s northwest coast. Officials told local media the incident locked some equipment and involved a ransom demand. In response, the port authority’s technology team isolated the affected systems from external networks to limit the impact."
https://therecord.media/port-of-vigo-ransomware -
Puerto Rico Government Agency Cancels Driver’s License Appointments After Cyberattack
"Puerto Rico’s Department of Transportation was forced to cancel all upcoming appointments at the agency that handles driver’s licenses, permits and vehicle registrations due to a cyberattack. Government officials announced the incident on Tuesday and provided an update on Wednesday, writing that the Puerto Rico Innovation and Technology Service (PRITS) is working with the Department of Transportation to restore systems at the agency. Poincaré Díaz, executive director of PRITS, said they were forced to disconnect all of the Transportation Department’s systems after a cyberattack was discovered on Monday."
https://therecord.media/puerto-rico-gov-agency-cancels-driver-license-appointments-cyber-incident
General News
- Russian Cybercriminal Sentenced To Prison For Using a “botnet” To Steal Millions From American Businesses
"A Russian national was sentenced yesterday to twenty-four months in prison after having pleaded guilty to managing the operation of a botnet (a network of computers infected by malware and controlled remotely by cybercriminals) that was used to launch ransomware attacks on the networks of dozens of U.S. corporations, announced United States Attorney Jerome F. Gorgon Jr. and Special Agent in Charge Jennifer Runyan of the FBI Detroit Field Division. Ilya Angelov, 40, of Tolyatti, Russia was sentenced by U.S. District Court Judge Nancy Edmunds, who also fined Angelov $100,000 and entered a money judgment against him in the amount of $1.6 million dollars."
https://www.justice.gov/usao-edmi/pr/russian-cybercriminal-sentenced-prison-using-botnet-steal-millions-american-businesses
https://thehackernews.com/2026/03/russian-hacker-sentenced-to-2-years-for.html
https://www.bleepingcomputer.com/news/security/russian-man-sentenced-for-operating-botnet-used-in-ransomware-attacks/
https://therecord.media/russian-botnet-operator-sentenced-ransomware
https://www.securityweek.com/russian-cybercriminal-gets-2-year-prison-sentence-in-us/
https://securityaffairs.com/189987/cyber-crime/russian-national-convicted-for-running-botnet-used-in-attacks-on-u-s-firms.html
https://www.helpnetsecurity.com/2026/03/25/russian-botnet-operator-sentenced-mario-kart-ransomware/ - Cybersecurity, AI, And Sovereignty: What’s Next For Global Digital Infrastructure
"Today’s digital systems are advancing faster than the governance models, infrastructure, and security frameworks designed to support them. Artificial intelligence (AI) is driving productivity and innovation, but its rapid deployment is colliding with a more fragmented geopolitical environment. Governments and enterprises are being forced to reconsider how data, platforms, and infrastructure are controlled, shared, and protected. These pressures are already shaping system design and long-term investment decisions. They were central to discussions at the World Economic Forum’s Industry Strategy Meeting (ISM) in Munich, where leaders examined how to translate Davos priorities into operational strategy. The meeting built on priorities established at the World Economic Forum Annual Meeting in Davos earlier this year and focused on translating those insights into practical industry strategies."
https://www.fortinet.com/blog/industry-trends/cybersecurity-ai-and-sovereignty-whats-next-for-global-digital-infrastructure - AI-Native Security Is a Must To Counter AI-Based Attacks
"Slow human-controlled defenses won't be enough for autonomous agents spun off by technologies like OpenClaw, say experts. Artificial intelligence-native security will be needed to fend off threats. "You're going to see an AI-led attack, full agentic attacks that we're starting to see already today. The only way to deal with those is a full agentic defense," Francis deSouza, Google Cloud's chief operating officer and president of security products, said during a panel discussion at Nvidia’s GTC conference earlier this month. During the discussion, panelists noted that AI-native security models prevent rogue agent break-ins. Such models include agents that spot security weaknesses and scan sub-agents before deployment, control dynamic system access for agents, and generate audit trails to track agent identity and activity."
https://www.darkreading.com/cybersecurity-operations/ai-native-security-counter-attacks - Training An AI Agent To Attack LLM Applications Like a Real Adversary
"Most enterprise software development teams now ship AI-powered applications faster than traditional penetration testing can keep up with. A security team with 500 applications may test each one once a year, or less. In the time between tests, the underlying models, integrations, and behaviors can change, with no corresponding security review. Novee launched a product it calls AI Red Teaming for LLM Applications, an AI pentesting agent built specifically to probe LLM-powered software. The company introduced the product at RSAC 2026 Conference in San Francisco and is demonstrating it at booth S-0262."
https://www.helpnetsecurity.com/2026/03/25/novee-ai-pentesting-agent/ - Your Security Stack Looks Fine From The Dashboard And That’s The Problem
"One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of corporate PCs. That figure, drawn from Absolute Security’s 2026 Resilience Risk Index, has barely moved in a year, even as organizations continue to add security tools and increase spending. The report, which draws on multi-year endpoint telemetry alongside external research, finds that the gap between security deployment and security enforcement is widening. Controls are installed. Dashboards report coverage. The underlying devices are frequently in a different condition."
https://www.helpnetsecurity.com/2026/03/25/ciso-enterprise-endpoint-security-gaps/ - Operation Henhouse Nets Over 500 Arrests In UK Fraud Crackdown
"UK police arrested over 500 suspects and moved to seize and freeze millions connected to suspected fraud in the latest iteration of Operation Henhouse, the National Crime Agency (NCA) has revealed. Now in its fifth year, the law enforcement operation is led by the NCA and City of London Police. They claimed this year was the strongest yet in the fight against offline and digital fraud. It led to 557 arrests, 172 voluntary interviews and 249 cease-and-desist notices, as well as account freezing orders against £9m ($12m), and seizures of cash and assets worth £18.1m ($24.3m)."
https://www.infosecurity-magazine.com/news/police-fraud-crackdown-leads-to/ - Anatomy Of a Cyber World Global Report 2026
"Kaspersky Security Services provide a comprehensive cybersecurity ecosystem, taking enterprise threat protection to another level. Services like Kaspersky Managed Detection and Response and Compromise Assessment allow for timely detection of threats and cyberattacks. SOC Consulting provides a practical approach ensuring the corporate infrastructure stays secured, while Incident Response is suited for timely remediation with a maximized recovery rate. This new report brings together statistics across regions and industries from our Managed Detection and Response and Incident Response services, and for the first time, it also includes insights from our Compromise Assessment and SOC Consulting services — all to provide you with more comprehensive view of different aspects of corporate information security worldwide."
https://securelist.com/global-report-security-services-2026/119233/ - North America’s Cyber Security Threat Reality In 2026
"The North America cyber security statistics are out. Cyber risk in North America accelerated, concentrated, and repeated itself at scale in 2025. Data from the 2025 North America Threat Landscape Report shows a threat environment defined less by surprise and more by pressure. The same attack types, the same actors, and the same windows of opportunity appeared again and again, particularly in the United States, which accounted for roughly 93 percent of all recorded incidents in the Americas (note: this is all publicly recorded incidents, not attempted attacks). Three dynamics stand out, each shaping how organizations experienced risk over the past year and what they should expect next."
https://blog.checkpoint.com/research/north-americas-cyber-security-threat-reality-in-2026/
https://checkpoint.cyberint.com/north-america-threat-landscape-2025 - Enterprise PCs Are Unreliable, Unpatched, And Unloved Compared To Macs
"End-user compute vendor Omnissa, the company formed by the spin-out of VMware’s virtual desktops, applications, and device management biz, has dug into the telemetry it collects from customers and painted a picture of the world’s enterprise hardware fleet – and the news is better for Google and Apple than it is for Microsoft. Omnissa’s State of Digital Workspace report suffers from the same problem as all research published by vendors in that its authors conclude its findings demonstrate many fine reasons reason why you should consider the company’s products."
https://www.theregister.com/2026/03/25/omnissa_digital_workspace_report/ - Cloud Workload Security: Mind The Gaps
"Complexity is said to be the enemy of many things, but when it comes to organizations and their IT systems and processes, complexity is arguably the worst enemy of cybersecurity. For many IT and security practitioners, this plays out daily as they scramble to manage what IBM once called a "Frankencloud," a patchwork of private and public cloud environments, often further entangled with various on-premise and possibly legacy resources. The ease with which some cloud assets, notably virtual machines, can be spun up contrasts sharply with the reality of keeping them hardened and monitored once they begin to multiply. The machine and software sprawl often produces environments that are heterogenous and beset by inconsistent rules, which ultimately makes them difficult to defend."
https://www.welivesecurity.com/en/business-security/cloud-workload-security-mind-gaps/ - Ex-NSA Directors Discuss 'Red Line' For Offensive Cyberattacks
"When it comes to cyberattacks, what crosses the "red line" and justifies a kinetic response? That was one of the major questions posed to four former National Security Agency (NSA) directors and US Cyber Command leaders, who weighed in on the US government's offensive cybersecurity strategy as part of a keynote panel at RSAC 2026 Conference on Tuesday. The keynote, titled "Inside Offensive Cyber: Lessons from Four NSA Directors" featured Tim Haugh, Paul Nakasone, Mike Rogers, and Keith Alexander. Alexander was appointed by former President Barack Obama to establish and lead the US Cyber Command, and was succeeded in the post by Rogers, Nakasone, and Haugh, respectively."
https://www.darkreading.com/cyber-risk/ex-nsa-directors-red-line-offensive-cyberattacks - The Agentic AI Attack Surface: Prompt Injection, Memory Poisoning, And How To Defend Against Them
"The rise of agentic systems is changing how organizations think about defense and risk. As enterprises embrace autonomous decision-making, the agentic AI attack surface expands in ways that traditional security models were never designed to handle. These systems don’t just process inputs; they interpret goals, make decisions, and act independently. That shift introduces a new category of AI security vulnerabilities, where manipulation doesn’t target code directly but the reasoning layer itself. Two new threats, prompt injection attacks and memory poisoning in AI, are quickly becoming central concerns in agentic AI security. Understanding how they work and how to defend against them is more than critical for any organization deploying autonomous systems at scale."
https://cyble.com/blog/prompt-injection-attacks-agentic-ai-security/ - The 'Expert' AI Prompt That Kills Accuracy
"A coder tells its chatbot: You're an expert. A full stack developer. It's machine massaging technique that's a cornerstone of persona-based artificial intelligence prompting - and it backfires spectacularly, find academics in a studying showing the practice produces worst results, when the goal is accuracy. Researchers at the University of Southern California in a preprint. The study found that the effect of stoking a large language model with the "you're an expert" prompt consistently damaged performance. Their advice is to avoid persona-based prompts for tasks that require models to tap into their pre-trained knowledge - the heaps of coding examples fed into models before they're ready to interact with customers."
https://www.bankinfosecurity.com/expert-ai-prompt-that-kills-accuracy-a-31170
https://arxiv.org/abs/2603.18507 - Blame Game: Why Public Cyber Attribution Carries Risks
"Questions about threat actor attribution, including how to do it and why you might want to hold off, are not as straightforward as they may first seem. Attribution is a wide-ranging topic that mostly boils down to "Whodunnit?" for cyberattacks. Depending on the attack and various circumstances, you may read somewhere that a bespoke threat group, such as a ransomware gang, compromised an organization's network. Sometimes it's a "cluster," designed to connect a pattern of activity without strictly connecting a threat actor or nation to that activity with complete certainty. Often, a cybersecurity vendor will use their own custom naming taxnomy to track threat groups, like Salt Typhoon or Sandworm, even though the threat actors themselves would never use those names."
https://www.darkreading.com/cyber-risk/blame-game-public-cyber-attribution-risks - SANS: Top 5 Most Dangerous New Attack Techniques To Watch
"Each year SANS researchers head to the RSAC Conference to reveal the five top attack techniques. But 2026 marks a distinct shift: all are powered by artificial intelligence. "We would be lying to you if we pointed out a trend in attacks that did not involve AI," SANS president and presentation moderator Ed Skoudis explained to the audience during a keynote session covering the Top 5. "That is just where we are in the industry.""
https://www.darkreading.com/threat-intelligence/sans-most-dangerous-attack-techniques - Why a 'Near Miss' Database Is Key To Improving Information Sharing
"When people talk about transparency in cybersecurity, they are usually referring to organizations disclosing breaches and incidents. At RSAC Conference this week, two security experts made the case for why success stories deserve equal attention, and why focusing on near-misses can strengthen security defenses. Wendy Nather, senior research initiatives director at 1Password and Bob Lord, head of consumer working group at hacklore.org, emphasized how the industry needs to prioritize transparency, and outlined ways to do so – starting with sharing near-misses. Information sharing, which encompasses threat intelligence, indicators of compromise, and reports of vulnerability exploitation, is an essential component to combat and stay ahead of cyber threats. The victim blame game, shame, finger-pointing, and regulatory punishments contribute to a lack of transparency, particularly when it comes to ransomware. But that needs to change if organizations want to be proactive, even when it feels daunting."
https://www.darkreading.com/cyber-risk/experts-near-miss-database-improve-information-sharing
อ้างอิง
Electronic Transactions Development Agency (ETDA)
- Grassroots DICOM (GDCM)
