NSA publishes list of top vulnerabilities currently targeted by Chinese hackers

RedSeal Cyber Threat Series


The U.S. National Security Agency published a report detailing the top 25 vulnerabilities consistently being scanned, targeted, and exploited by Chinese state-sponsored hacking groups.

All 25 vulnerabilities are known and have patches available from their vendors.

Exploits for many vulnerabilities are available publicly and have been used by various malware and ransomware groups and other nation-state actors.

The first three CVEs of this 25 that should be remediated — especially if open to an untrusted network — are:

  • Citrix Netscaler CVE-2019-19781
  • Windows RDP Exploit (aka Bluekeep) CVE-2019-0708
  • Windows Zerologon CVE-2020-1472)

RedSeal customers should:

 Create and run daily reports until all systems with the 25 vulnerabilities are patched.

 For additional details, contact your RedSeal sales representatives or email info@redseal.net




Space jam: why the military is prioritising cybersecurity for space

Global Defence Technology | March 1 2021

As military and civilian capabilities increasing rely on space-based assets, Berenice Healey asks space and cybersecurity experts about the potential effects of a cyberattack against them and how to offer protection….

Fragile networks

The focus should not be on the satellites alone but the networks they form, argues RedSeal CTO Dr Mike Lloyd, and protecting them requires humans and computers working together.“All networks share key properties: they are fragile, hard for humans to think about, and prone to lateral movement where an attacker breaches one node then spreads. Defending networks involves understanding networks, and we already struggle with this in terrestrial cyber warfare. It only gets harder as the networks extend off the planet’s surface.

“As the network increases in scale, it gets further and further beyond human comprehension – too many interacting parts, any one of which could be breached by an attacker and used as a foothold for further spread.”

Improving Cloud Security With Segmentation And Automation

Forbes | February 12, 2021

by  Mike Lloyd

As a security professional, I tried for several years to keep IoT devices out of my house. However, my anti-IoT crusade just isn’t working anymore. Why? Because, as I’ve discovered, you really have to go to extreme measures to find non-IoT devices for your home. Whether it’s an irrigation system for your lawn, a new alarm system or even solar panels for your roof, just about every home accessory now comes with a prominent IoT footprint.

4 tips for aligning security with business objectives

TechTarget | February 11, 2021

Today’s most effective CISOs develop cybersecurity strategies that fit their organizations’ risk appetites and support business growth. Learn how they do it….

Of course, to successfully align cybersecurity initiatives with business goals, CISOs need buy-in from and access to their CEOs and boards of directors, added Ray Rothrock, executive chairman of the board at cyber-risk modeling company RedSeal. Such support is far from a given. A 2018 survey by PwC found just 40% of CISOs reported directly to CEOs and only 27% to their boards of directors.

13 Tech Leaders Share Industries That Can See Big Benefits From ML

Forbes | February 11, 2021

Machine learning, an important subset of artificial intelligence, lets computers learn from data analysis. While ML technology is expected to play a significant role in the future of many business types, it’s poised to have a more significant impact on some industries than others.

Below, 13 members of Forbes Technology Council share which industries they see being most affected by machine learning and why.

12 Ways For Tech Companies Using Consumers’ Data To Earn Their Trust

Forbes | February 8, 2021

In the remote-first era of Covid-19, the potential for and frequency of cyberattacks has increased significantly. With data breaches regularly hitting the headlines, many consumers are wary of giving tech companies access to their personal data.

So how can a tech brand anticipate this and assuage the concerns of consumers who are reluctant to share personal information?

Security in a Complex World

Dark Reading | February 3, 2021

By Bryan Barney

In 1999, security technologist Bruce Schneier published “A Plea for Simplicity.” In the blog, he famously wrote, “You can’t secure what you don’t understand” and “the worst enemy of security is complexity.” Schneier explained that analyzing a system’s security becomes more difficult as its complexity increases. His goal was to convince the technology sector to “slow down, simplify, and try to add security.”

More than 20 years later, Schneier’s plea seems naïve and even quaint. Innovation has become a force of nature; it will neither stop nor slow down. More innovation means more features, which inherently means more complexity. We all want secure systems, but no one is willing to slow the march of progress to make that happen.

2021 Cyber Predictions from Dr. Mike Lloyd, Chief Technology Officer of RedSeal

Solutions Review | February 2, 2021

Today, we present new 2021 Cyber Predictions from Dr. Mike Lloyd, Chief Technology Officer of RedSeal.

It’s hard to conceptualize, but we only just started 2021. Given how much has already occurred, both carrying over from 2020 and fresh challenges, it can prove easy to forget that the year is still young. There’s plenty of time yet to change course on your business’ cybersecurity and respond to predictions.

As such, we wanted to share these 2021 predictions on enterprise cybersecurity from Dr. Mike Lloyd, Chief Technology Officer of RedSeal. These predictions were submitted as part of our first annual Cybersecurity Insight Jam.

CyberKnight Signed as RedSeal Distributor to Bolster Cybersecurity Posture of Middle East Customers

Dubai, UAE — According to Gartner’s Top 10 IT Security Projects for 2021, CARTA – Continuous Adaptive Risk and Trust Assessment – risk-based vulnerability management shall be a key priority for CIOs and CISOs.

To address challenges related to resilience management and to accelerate incident response at enterprise and government entities in the region, CyberKnight has partnered with a leading provider in the space, RedSeal. The RedSeal platform gives security and management teams the most holistic understanding of their organization’s cyber risks – across physical, cloud and virtual networks – including remote endpoints. RedSeal verifies that network devices are securely configured, validates network segmentation policies, and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk.

“We are thrilled about this strategic RedSeal partnership to support customers with constant improvement to their security posture, understand new cyber risks and ensure business continuity, all while lowering operational costs and simplifying complexities of their security systems. RedSeal’s platform brings unique capabilities to show organizations what is on their networks, how everything is connected, and the associated risks – across physical and cloud-based network environments.”, commented Wael Jaber, VP Technology & Services at CyberKnight.

“Regional organizations can face an overwhelming number of security vulnerabilities to remediate. RedSeal helps them focus on those that represent the most risk in each network.

With CyberKnight’s strong presence in the region, as well as, deep-rooted end-user and channel partner relationships, we aim to help regional organizations measurably reduce their cyber risk over increasingly dynamic attack surfaces while offering our award-winning cyber terrain analytics platform.”, said Richard Adams, Head of EMEA at RedSeal.

– ENDS –


About CyberKnight:

CyberKnight Technologies is a cybersecurity focused value-added-distributor (VAD) covering the Middle East with on-the-ground presence in all key regional markets. Our ZTX (Zero Trust Security) methodology, based on the Forrester framework, incorporates emerging and market-leading cybersecurity solutions that protect the entire attack surface, by leveraging AI, threat intelligence and collective defense. CyberKnight helps security and risk teams at enterprise and government customers simplify breach detection, prevention and incident response, while addressing regulatory compliance. CyberKnight’s Art of Cybersecurity Distribution methodology enables strategic partners to achieve greater market penetration, return-on-investment and time-to-value.