Cybersecurity
CISOs, unis, investors turn to richer metrics as security training evolves
SA&T is evolving fast. It needs to...
Cybersecurity
Advanced confirms attack was LockBit 3.0 ransomware, legitimate creds used
No insight into how credentials were obtained...
Cloud
This Azure bug is a perfect CVSS 10, gives you control over K8s clusters
A critical vulnerability in an Azure tool that lets users manage Kubernetes clusters can be exploited remotely without authentication to gain administrative control over Kubernetes clusters, as well as Azure edge devices. The vulnerability, allocated a maximum possible CVSS (severity rating) score of 10 has been allocated CVE-2022-37968. It is
Cybersecurity
Critical pre-auth RCE Fortinet vulnerability is a breeze to exploit
A vulnerability in multiple Fortinet products gives an unauthenticated remote attackers root access to its core product’s administrative interface – and the vulnerability has been exploited in the wild the company warned. Given exploitation the company has warned customers to check for Indicators of Compromise. https://twitter.com/Horizon3Attack/status/
Cybersecurity
Here's why Intel’s UEFI source code leak is a genuine security concern
Intel late Sunday confirmed that proprietary UEFI code had been leaked in a potential serious security breach. The Intel Alder Lake source code was leaked to 4chan and Github – as first reported by Tom’s Hardware – as a 6GB file containing sensitive tools and code for building and optimising BIOS/
Cybersecurity
Former Uber CSO Joe Sullivan found guilty of concealing data breach
Note: There is no contractual indemnity clause that will cover criminal activity.
Cybersecurity
US agencies ordered to run asset discovery scans every single week
Knock Knock. Who's there? Multiple APTs, patch your shit.
Cybersecurity
Critical Akamai bug could have let hackers poison millions of major brands' websites
Absence of a bug bounty programme led to a “race against time” for customer bug bounties...
Cybersecurity
Bolster your VMware ESXi security: Novel malware ecosystem identified
Malware avoids EDR, attains persistence, is highly stealthy
Cybersecurity
Two unpatched Microsoft Exchange Server zero days are under attack.
Exploited for a month. No detection in Sentinel, no patch yet. Mitigate urgently.
Cybersecurity
Major authentication provider Auth0 says code repositories were copied
Mystery around the data breach, but we can speculate...
Cybersecurity
Aussie Cyber Minister blasts telco's "sophisticated" hack claims: "No. It wasn't"
"They left the window open"