AWS
AWS took 6 months to fix Security Token Service bug - IAM policy simulator inadequate, says Stedi
"No system is infallible. Sometimes, it is AWS..."
Microsoft
Microsoft’s “top notch” China hack post-mortem was "troubling" speculation
"The loss of a signing key is a serious problem, but the loss of a signing key through unknown means is far more significant... Microsoft’s customers did not have essential facts needed to make their own risk assessments."
Microsoft
Microsoft roasted over “cascade of security failures” – authentication system utterly broken
"A corporate culture that deprioritized both enterprise security investments and rigorous risk management."
NSA
“Bring memes”: Dave Luber takes over as NSA Director of Cybersecurity from Rob Joyce
As well as coming under immediate pressure on social media chatterati to be immediately amusing and bring his meme A-game, Luber faces other challenges too...
utilities
Water company dangles £10m for MSSP support
Assessment by the NCSC of previous industry breaches has seen an “enhanced” Cyber Assessment Framework (e-CAF) created that requires...
Optiv
'We found a server under the candy smelter!' Optiv boss talks about the sticky side of enterprise security
Optiv exec Sean Tufts said that implementing security in the field isn't always a glamorous task
Bank of England
Bank of England warns on expanded operational resilience regime – cloud providers put on notice
New demands of "critical third-parties" will "require some adjustments all round" says senior BoE official.
Cybersecurity
CI/CD platform TeamCity exposed to critical pre-auth RCE bug, amid disclosure spat
JetBrains' platform "a suitable vector to position an attacker to perform a supply chain attack" if compromised warns Rapid7.
Cybersecurity
A Russian spy simply dialled into a sensitive German military call on WebEx - and went unnoticed
"Unfortunately, there are indications that a Russian participant has obviously dialed into the WebEx"
CNI
Less talk, more action on CNI cyber resilience, say White House advisors
"Almost no information is currently available to indicate how an organization is preparing for future cyber-physical challenges. This has to change."
startups
This former teenage hacker, turned CEO, is putting the spotlight on attack surface management
"In Gartner's mind, everyone's moving away from VPNs; VPNs don't exist anymore. But this is not a ‘rip out an appliance, and then shove something else in' job..."
Fortinet
Fortinet patches MORE pre-auth RCEs, with exploits reported. Ivanti also slips out a fresh VPN fix...
"Disable SSL VPN (disable webmode is NOT a valid workaround..."