Microsoft How Russian spooks hacked Microsoft, the gap in its “morally indefensible” response, and what CISOs can learn from the attack Expect to start hearing more about MS Graph...
email Next for The Bear: Hacking HPE inboxes "Cozy Bear" gained unauthorized access to HPE’s cloud-based email environment
Microsoft Russian group hacks emails of Microsoft’s “senior leadership” and cybersecurity staff "We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes..."
Cybersecurity Ivanti VPN appliance exploitation now happening at scale VPN appliances "all appear to have been constructed with the code equivalent of string, stamped with the word ‘secure’ and then just left to decay for 20 years..."
vulnerabilities Pre-auth RCE zero days in Ivanti VPNs are being exploited by a Chinese APT and there won’t be a patch for weeks. Buckle up. Attackers re-write JavaScript loaded by the VPN login page for the Appliance to capture credentials; also grabbed Veeam credentials, moved laterally for full SYSTEM control.
Cybersecurity Software licensing bug percolates pre-auth RCE risk downstream to PLC-land Another arguably more potent example and one actively exploited in the wild is CVE-2023-46604 – a CVSS 10 RCE vulnerability in Apache ActiveMQ; an open source message broker written in Java.
Interviews The Big Interview: Rubrik CEO Bipul Sinha on going from no running water, to running a $500m business On Magic Quadrants, deal size, changing approaches to cyber-resilience and learning from his father.
Members only Cybersecurity Utilities splash cash to get OT security in order as new "e-CAF" regime shakes up sector Another £82 million in Operational Technology and cybersecurity contracts hits the market as water, gas companies overhaul legacy systems amid pressure...
bug bounty Hallucinated vulnerability disclosure for Curl generates disgust But Bug Bounty platform HackerOne isn't too worried that LLM-generated bug reports will become a deluge...
News NSA updates software guidelines The NSA has posted a new set of cybersecurity guidelines for government agencies
Cybersecurity $11 billion North Face owner, VF Corp., hit by ransomware Attacker "disrupted… business operations by encrypting some IT systems, and stole data from the company"
SEC New SEC cyber rules are go... Firms need to disclose any cybersecurity incident they determine to be material and to describe the material aspects of the incident's nature, scope, and timing within four days.
Members only banks Europe's banks steel themselves for a tough ECB cyber resilence test after blistering criticism "Institutions continue to report gaps in risk control areas considered fundamental to cyber hygiene, such as proper identity and access management, timely vulnerability patching or network security"
NATO NATO signs up IBM to build and run a custom cybersecurity offering IBM is providing a custom "Asset, Configuration, Patching and Vulnerability” service with a special focus on vulnerability management.
New Relic New Relic says customer accounts were breached, but not via the hack of its staging environment... Hackers gained access to an employee account and pivoted to staging environment, but did not move laterally, company says.
Citrix Boeing shares ransomware incident TTPs as Citrix Bleed attacks ramp up Hey criminals! Fire an HTTP GET request. Grab system memory including session cookies issued post-authentication. Don't worry about logs. Pillage and loot. Thanks, Citrix.
New Relic New Relic warns its 15,000 customers of cyber incident Incident comes weeks after the Application Performance Monitoring firm was taken private in a $6.5 billion buyout
CISO The Big Interview: JPMorgan’s Global CISO, Pat Opet "Industry has gotten good at identifying vulnerabilities in the supply chain; SBOMs and so on [but not at] at insidious backdoors and logic issues that are built into software, and update mechanisms that could cause implants..."
Citrix 1 Citrix bug alone triggered 13 “nationally significant” UK cybersecurity incidents You filthy animals are **** at network architecture, and it may be "necessary to expand threat hunting" says NCSC.
Kubernetes Public Kubernetes API server numbers pass one million, as attackers start to consider K8s a "central target" "Once an attacker is past the initial access, the opportunities are ample for lateral movement and privilege escalation within a cluster..."
Members only CISO “Security is a full contact sport”: Aerospace firm Sierra Nevada Corporation CSO Robert Daugherty "We operate with the assumption that a sophisticated nation state threat actor is always active inside the organisation"
ransomware World’s Biggest Bank hacked: ICBC may have failed to patch "Citrix Bleed" vulnerability Courier dispatched with a USB stick carrying trade settlement details after systems disrupted...
DDoS ChatGPT says major outages may be due to DDoS attacks Incident follows record HTTP2 "Rapid Reset" attack warnings as well as CISA note on exploitation of Service Location Protocol vulnerability for DDoS purposes.
Microsoft Microsoft pledges a dramatic software security overhaul, as Amazon veteran shakes the tree Biggest overhaul of Redmond's security in 20 years sees promises of "code analysis [of] 100% of commercial product”, cryptographic keys to be kept in a hardened Azure HSM, more.
CISO As SEC’s SolarWinds charges reverberate, companies scrutinise cyber risk disclosures 'Do not state anything that is subjective and avoid adjectives (e.g., "state of the art," "mature," "advanced," "appropriate," "comprehensive," or "reasonable")' say experts.