NVD
As NVD flatlines, cybersecurity professionals call for urgent action
Consortium plans “doomed” as rumours swirl over vulnerability database program borkage.
Cybersecurity
Sisense breach: CISO posts guidance amid frantic community action
"They have direct access to JDBC connections, to SSH, and to SaaS platforms... This is a worst case scenario"
Microsoft
Microsoft roasted over “cascade of security failures” – authentication system utterly broken
"A corporate culture that deprioritized both enterprise security investments and rigorous risk management."
cybersecurity
Malicious backdoor, CVSS 10, slipped onto major Linux distributions
Poisoned Easter eggs for all: Apparent supply chain attack caught mercifully early…
cybersecurity
UK nuclear waste firm Sellafield Ltd. prosecuted over cyber failings
Prosecution follows allegations of extensive pwnage, desperately poor hygiene, and as CISO falls on his sword.
CISO
Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim
"The entire analysis from the original post is wrong. It shows only the negative value of using LLM in such cases..."
Microsoft
Microsoft customers are being targeted after Redmond's source code, secrets were stolen
A raid by Russian hackers penetrated deeper than first thought: "Some of these secrets were shared between customers and Microsoft..."
CNI
Less talk, more action on CNI cyber resilience, say White House advisors
"Almost no information is currently available to indicate how an organization is preparing for future cyber-physical challenges. This has to change."
Fortinet
Fortinet patches MORE pre-auth RCEs, with exploits reported. Ivanti also slips out a fresh VPN fix...
"Disable SSL VPN (disable webmode is NOT a valid workaround..."
Microsoft
How Russian spooks hacked Microsoft, the gap in its “morally indefensible” response, and what CISOs can learn from the attack
Expect to start hearing more about MS Graph...
vulnerabilities
vCenter Server vulnerability went exploited for two years unnoticed. Attacks are ongoing
There are no workarounds that remove the vulnerability, which allows unauthenticated remote command execution on vulnerable systems. A patch is available.
cybersecurity
OpenAI, TikTok, X hunt insider threat specialists -- on widely diverging salary bands
"In every insider threat case, there is a combination of network activity and employee behaviour. The malicious activity crosses both physical and electronic modalities..."