Ivanti
Gird your loins, there’s a new pre-auth RCE in Ivanti boxes landing
"Code execution in 0 seconds (3 seconds to be more accurate), no limitation, no authentication..."
Cybersecurity
Managing cybersecurity in local government - multiple hats, fewer tools
Falkirk Council shows where to find the next generation of tech bairns
NSA
NSA IT staffer lands 21 years for "Russian" document sale
One month on the job; 21 years in prison.
Financial Services
Financial services "most attacked" as hacker dwell time dwindles, tactics change
"The second most prevalent vulnerability was CVE-2022-21587, a critical unauthenticated file upload vulnerability in Oracle E-Business Suite..."
LLMs
No LLMs aren’t about to “autonomously” hack your company
Welcome to your latest episode of “is this exciting or is this mild AI exaggeration™"
Cybersecurity
MITRE attack strikes a NERVE after Ivanti to VMware pivot
"We did not detect… lateral movement into our VMware infrastructure. At the time we believed we took all the necessary actions to mitigate the vulnerability, but these actions were clearly insufficient.”
NCSC
UK’s NCSC’s new CEO has flagged business risk of under-investment
Dr Horne has a "wealth of experience working with major companies and organisations" says GCHQ Anne Keast-Butler
NVD
As NVD flatlines, cybersecurity professionals call for urgent action
Consortium plans “doomed” as rumours swirl over vulnerability database program borkage.
VPN
PAN-OS vuln mitigation howler: “Disabling telemetry” no help
POCs for CVSS 10 bug are out of the bag, tens of thousands are exposed, and telemetry mitigation didn't work.
Cybersecurity
XZ Redux? Social engineering attacks on OSS intercepted
"These emails implored OpenJS to take action to update one of its popular JavaScript projects to ‘address any critical vulnerabilities'"
Cybersecurity
Sisense breach: CISO posts guidance amid frantic community action
"They have direct access to JDBC connections, to SSH, and to SaaS platforms... This is a worst case scenario"
Cybersecurity
Could Chrome be a real security weapon for defenders? A new $6/user proposition has potential...
From vanilla data breach risks to insider threats, Chrome Enterprise Premium's capabilities look worth exploring...