Cybersecurity
Security predictions for 2023 from some of the best CISOs around
Thoughts from CISOs and business leaders...
Cybersecurity
Royal Mail cyber incident sees international shipments crippled
National Crime Agency investigating as well as NCSC
Cybersecurity
Gird your loins: Patch Tuesday’s back
It’s that time of the month again: Microsoft has pushed out 98 security patches for January’s Patch Tuesday: 11 are critical, one CVE-2023-21674 is being actively exploited and another gives unauthenticated remote access to your SharePoint Server – and requires not just the patch but a “SharePoint upgrade action”
Cybersecurity
Ray-Ban maker saw $272 million stolen by cybercriminals -- behind it was a romance scam
Company blames JPMorgan for AML failings, sues it for recovery
Cybersecurity
"Caught by the Fuzz" -- These free tools for hackers are also good for application security QA
Analysis by The Stack of over 90,000 vulnerabilities revealed a sharp growth in bugs associated with widely known “CWEs” – or potentially exploitable weaknesses that can occur in architecture, design, code, or implementation and which could potentially have been caught upstream in a secure development process. One control is to
Cybersecurity
CircleCI warns users to "immediately rotate all secrets" amid credential abuse evidence
Updated January 6, 11:00 BST: CircleCI has updated its advisory which deserves revisiting. CircleCI is calling on customers to “immediately rotate any and all secrets” after a security incident. The breach appears to have occurred around December 21 and to have gone unnoticed over the Christmas period. Credentials stolen
GCHQ
Opinion: GCHQ's Director should not be playing guest editor on the BBC
Now was not the time...
Cybersecurity
Will this CVSS 10 Linux Kernel vuln ruin your holiday?
We're hopeful that Betteridge's law applies...
Cybersecurity
Peach and OSV-Scanner give fresh, free, food for thought on security
Two new cybersecurity tools “OSV-Scanner” and “Peach” that landed this week deserve attention – whether you are a CISO, Blue Team, or just trying to tighten up your application development or cloud practices. OSV-Scanner was released under an Apache 2.0 licence by Google. Peach is an open framework from Wiz
Cybersecurity
2022's last Patch Tuesday brings Citrix, VMware, MSFT zero days
Critical Citrix, VMware, Microsoft vulnerabilities all need patching
Cybersecurity
New malware discovered targeting VMware ESXi servers
Security researchers at Juniper Threat Labs say they have identified previously undocumented malware targeting VMware ESXi servers that is notable for its “simplicity, persistence and capabilities.” VMware’s ESXi is a bare metal hypervisor that is widely deployed in large enterprises to run software virtually, from applications to fully emulated
Cybersecurity
Critical new pre-auth RCE Fortinet vulnerability exploited in wild
Fortinet has pushed out an emergency patch for a critical CVSS 9.3 vulnerability in numerous versions of its FortiOS operating system, which lets an unauthenticated, remote attacker (pre-auth RCE) take over systems. Critics would be forgiven for asking tough questions about QA and feeling like it was "deja