Security Hot Takes: Mid-Year Review 2024
The first half of 2024 confirmed a trend that had been building since 2021: adversaries are increasingly moving away from traditional initial-access techniques — phishing, browser exploit...
Several high-CVSS-scoring vulnerabilities disclosed in products from vendors such as Ivanti, ConnectWise, and Atlassian throughout late 2023 and the first six months of 2024 illustrate this shift. Rather than being isolated incidents, they represent a broader pattern: threat actors — both cybercriminal and nation-state — have recognized that edge appliances sit at the perimeter of the network, are often internet-facing by design, and historically receive less scrutiny and slower patch cycles than internal systems.
Vulnerability-tracking data going into 2024 showed that threat groups had pivoted, dating back to 2021, toward attacking vulnerable edge appliances. While operating systems, network infrastructure, and enterprise software all saw significant year-on-year increases in high-risk vulnerabilities through 2023, the jump specifically attributable to edge device attacks outpaced all of these other categories.
Within the operating-system category, the trend skewed more toward macOS and UNIX-based systems rather than Windows. Meanwhile, a cluster of CVEs tied to Ivanti, Cisco, FortiGate, Palo Alto, and Checkpoint products all surfaced within just the first six months of 2024 — a...
Sign in to read this course
A free account unlocks all 514 courses. 20 are readable without one.
What's inside
3 sections- 1 Table of Contents
- 2 Module 1: The 2024 Surge in Edge Device Exploitation
- 3 Summary
More Security Hot Takes & Threat Intel courses
View all 21Hot Takes: Inside a Microsoft Ransomware Attack
The Marks & Spencer incident is a textbook example of how modern ransomware operations succeed by targeting identity infrastructure and virtualization hosts rather than individual endpoin...
IT Security Champion: Cyber Threat Intel and Emerging Threats
Security is everyone's job — not solely the responsibility of the security department. Adopting a security culture and a security mindset is the foundation of being an effective IT securi...
Security Hot Takes: The LastPass Breach
The LastPass breach is actually two distinct but connected security incidents, separated by several months, with confusing and inconsistent public communication from the company throughou...
Sandworm: Application Layer Protocol and Web Emulation
Command and control is the connective tissue of nearly every intrusion that progresses beyond initial access — without it, an attacker cannot issue commands, move laterally, or exfiltrate...
Security Hot Takes: SBOMs
security · hot · takes · sboms · threat · intel · networking · systems · sbom · bills · materials · concept · debate · mandate · software.
Security Hot Takes: The Aliquippa Water Breach
The Aliquippa Water Authority breach is a case study in how a basic, avoidable systems-integration failure — not a sophisticated exploit — can expose critical infrastructure to compromise...
Interested in this course?
Contact us to book it or get a custom training plan for your team.