Cybersecurity
Microsoft zero day "Follina" demystified: What you need to know
Microsoft Support Diagnostic Tool being unhelpful...
Cybersecurity
Exploit for ANOTHER critical bug in VMware Workspace ONE expected imminently
Weeks after earlier RCE was widely exploited by APTs
Cybersecurity
Department of Justice: We won't sue "good faith" hackers, promise, maybe
Don't go wild on Shodan just yet though...
Cybersecurity
NASA taps Booz Allen for $622m IT security contract after failures
First task: No more random Raspberry Pis on the network.
Cybersecurity
Microsoft warns over novel SQL Server attacks
Microsoft warned that a malicious campaign targeting SQL Servers is using an "uncommon living-off-the-land binary" that to achieve persistence on compromised systems -- saying that defenders need to pay increased attention to abuse of the sqlps.exe which ships with SQL Server as standard. Without naming the attackers
Cybersecurity
Zyxel, VMware, F5 vulnerabilities under attack: Updated CISA database
Don't put that stuff on the public internet, kids.
Cybersecurity
Automated patching, risk-based approach critical to resilience: First, face the "Bleedin' obvious"
Former NCSC Director of Incident Management John Noble, opening the Qualys Security Conference (QSC) in London, warned that much of what he would say would be “to use a British expression, bleedin’ obvious”. He was right. And that's a problem. “My colleagues in the NCSC [say] patching remains
Cybersecurity
Microsoft mauled over fresh cross-tenant vulnerability
"This is a major attack surface and not consistent with the level of security that public cloud customers expect."
Cybersecurity
BPFDoor: Chinese tool almost undetected for FIVE years is second BPF-based attack this year
Researchers warn of risks from extending BPF beyond Linux.
Cybersecurity
Successfully navigating a cyber incident and the changing face of Incident Response
The future of IR is in delivering an automated triage-level analysis of relevant artefacts...
Cybersecurity
US gov tells agencies to get serious on quantum threat to cryptography
Administration tells agencies to inventory cryptographic systems stat.
Cybersecurity
Hyperscalers, telcos exposing BIG-IP to the internet as pre-auth RCE vulnerability drops
Just block iControl REST access through the management interface for starters...