Cybersecurity - The Stack (Page 10)

Incident follows record HTTP2 "Rapid Reset" attack warnings as well as CISA note on exploitation of Service Location Protocol vulnerability for DDoS purposes.

The Stack November 09, 2023

Microsoft

DevSecOps

News

Microsoft pledges a dramatic software security overhaul, as Amazon veteran shakes the tree

Biggest overhaul of Redmond's security in 20 years sees promises of "code analysis [of] 100% of commercial product”, cryptographic keys to be kept in a hardened Azure HSM, more.

Edward Targett November 03, 2023

As SEC’s SolarWinds charges reverberate, companies scrutinise cyber risk disclosures

As SEC’s SolarWinds charges reverberate, companies scrutinise cyber risk disclosures

'Do not state anything that is subjective and avoid adjectives (e.g., "state of the art," "mature," "advanced," "appropriate," "comprehensive," or "reasonable")' say experts.

The Stack November 03, 2023

Zero day in free Roundcube webmail service exploited to target governments

News

vulnerabilities

Zero day in free Roundcube webmail service exploited to target governments

Despite the low sophistication of the group’s toolset, it is a threat to governments in Europe because... a significant number of internet-facing applications are not regularly updated although they are known to contain vulnerabilities.”

Steve Ranger October 27, 2023

Okta breach looks worse as BeyondTrust, Cloudflare, Password1 report impact, flag concerns

Okta breach looks worse as BeyondTrust, Cloudflare, 1Password report impact, flag concerns

Concern at IAM vendor Okta's response mounts as BeyondTrust details concerns, Cloudflare calls for customers to press harder on "further information regarding potential impact to your organization"

Edward Targett October 25, 2023

Was this the most vanilla ransomware attack ever?

"VPNs pose a threat to enterprise security. They create a path in the network perimeter and provide access to network resources after authentication..."

The Stack October 23, 2023

Okta

data breaches

News

Fresh Okta breach exposes files: HAR, but no laughing matter

The attackers used a "stolen credential to access Okta's support case management system"

Edward Targett October 23, 2023

NSA

misconfiguration

News

Top 10 misconfigurations: NSA checklist for CISOs flags Active Directory Certificate Services

"In some cases, the actor may be restricted or detected by advanced defense-in-depth and zero trust implementations as well, but this has been a rare finding in assessments thus far"

Edward Targett October 19, 2023

ChatGPT says major outages may be due to DDoS attacks

Microsoft pledges a dramatic software security overhaul, as Amazon veteran shakes the tree

As SEC’s SolarWinds charges reverberate, companies scrutinise cyber risk disclosures

Zero day in free Roundcube webmail service exploited to target governments

Okta breach looks worse as BeyondTrust, Cloudflare, 1Password report impact, flag concerns

Was this the most vanilla ransomware attack ever?

Fresh Okta breach exposes files: HAR, but no laughing matter

Top 10 misconfigurations: NSA checklist for CISOs flags Active Directory Certificate Services