The FBI, NSA, and Five Eyes cybersecurity authorities have issued a joint advisory listing the 15 most exploited vulnerabilities of 2023, many of which were zero-days. This report stresses the necessity for global organizations to address these vulnerabilities promptly and enhance their patch management practices to mitigate cyberattack risks. Particularly concerning is CVE-2023-3519, a code injection vulnerability in Citrix's NetScaler, which has been leveraged by state-sponsored hackers to affect over 2,000 servers. The advisory highlights that despite many of these vulnerabilities being previously addressed, threat actors continue to exploit unpatched flaws, notably affecting major vendors and essential software products.

Urgent Advisory: Top 15 Exploited Vulnerabilities of 2023 Revealed Bleeping Computer

Khalid Turk, Chief Healthcare Info Tech Officer at County of Santa Clara, stresses the significance of self-awareness in leadership, highlighting it as essential for honest self-reflection and understanding one's influence on others. He connects self-awareness with humility, arguing that it counteracts pride and fosters authentic connections within teams. Leaders who embrace humility are positioned to serve others and consistently seek diverse feedback, which is crucial for growth and addressing blind spots. Ultimately, the article advocates for leaders to prioritize ongoing learning and openness to feedback to enhance their effectiveness.

Self-Awareness and Humility: Keys to Effective Leadership LinkedIn

Amazon has reported a data leak involving nearly 3 million employee records, including personal contact details, due to a security breach at a third-party property management vendor related to the MOVEit Transfer hack. While Amazon's own systems were not breached, the incident also affected other major companies like HSBC, UBS, and McDonald’s. The consolidated nature of the leaked data increases the risk of social engineering and phishing attacks, prompting concerns about further vulnerabilities among affected organizations. The group claiming responsibility, Nam3L3ss, argues for greater data privacy awareness, yet cybersecurity experts suggest their methods may not be the most effective way to promote compliance and secure data practices.

Amazon Faces Major Data Leak of Nearly 3 Million Employee Records CyberNews

The Healthcare and Public Health Sector Coordinating Council (HSCC) has introduced a Cyber Incident Response Playbook targeted at medical product manufacturers, including medical device and pharmaceutical companies. This resource offers practical guidance for identifying and managing cyber incidents affecting manufacturing operations and operational technology, with adaptable step-by-step recommendations suitable for different organizational sizes. The playbook, shared on LinkedIn by Erik Decker (CISO, Intermountain Health) covers the entire incident response process, from preparation to remediation, and builds on past initiatives, reflecting a collaborative effort to strengthen cybersecurity within the healthcare sector. The HSCC's Joint Cybersecurity Working Group, comprising over 470 members from various fields, focuses on addressing cyber threats to health data and systems.

New Playbook Empowers Medical Manufacturers to Combat Cyber Threats LinkedIn