Cybersecurity - The Stack (Page 7)

European cybersecurity labels are coming. Who's signed up?

Scheme will pave the way for upcoming certification schemes: EUCS on cloud services and EU5G on 5G security

Azania Imtiaz Patel February 08, 2024

Cloudflare says hackers stole source code, breached Atlassian and AWS environments

Incident forces huge hygiene effort, as Cloudflare rotates 5,000 credentials, triages 4,893 systems, reimages and reboots every machine after compromise.

Edward Targett February 02, 2024

How Russian spooks hacked Microsoft, the gap in its “morally indefensible” response, and what CISOs can learn from the attack

Expect to start hearing more about MS Graph...

Edward Targett January 29, 2024

email

HPE

News

Next for The Bear: Hacking HPE inboxes

"Cozy Bear" gained unauthorized access to HPE’s cloud-based email environment

The Stack January 25, 2024

Microsoft

News

Russian group hacks emails of Microsoft’s “senior leadership” and cybersecurity staff

"We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes..."

Edward Targett January 21, 2024

Ivanti VPN appliance exploitation now happening at scale

VPN appliances "all appear to have been constructed with the code equivalent of string, stamped with the word ‘secure’ and then just left to decay for 20 years..."

The Stack January 16, 2024

vulnerabilities

Ivanti

News

Pre-auth RCE zero days in Ivanti VPNs are being exploited by a Chinese APT and there won’t be a patch for weeks. Buckle up.

Attackers re-write JavaScript loaded by the VPN login page for the Appliance to capture credentials; also grabbed Veeam credentials, moved laterally for full SYSTEM control.

Edward Targett January 10, 2024

Software licensing bug percolates pre-auth RCE risk downstream to PLC-land

Software licensing bug percolates pre-auth RCE risk downstream to PLC-land

Another arguably more potent example and one actively exploited in the wild is CVE-2023-46604 – a CVSS 10 RCE vulnerability in Apache ActiveMQ; an open source message broker written in Java.

The Stack January 08, 2024

European cybersecurity labels are coming. Who's signed up?

Cloudflare says hackers stole source code, breached Atlassian and AWS environments

How Russian spooks hacked Microsoft, the gap in its “morally indefensible” response, and what CISOs can learn from the attack

Next for The Bear: Hacking HPE inboxes

Russian group hacks emails of Microsoft’s “senior leadership” and cybersecurity staff

Ivanti VPN appliance exploitation now happening at scale

Pre-auth RCE zero days in Ivanti VPNs are being exploited by a Chinese APT and there won’t be a patch for weeks. Buckle up.

Software licensing bug percolates pre-auth RCE risk downstream to PLC-land