Cybersecurity Oracle Secure Backup exposed to CVSS 9.8, pre-auth RCE An Apache HTTP Server vulnerability continues to affect downstream products...
Cybersecurity Twitter CISO Lea Kissner resigns “I've loved this job and we got *so* much done, but here we are"
Cybersecurity Patch Tuesday: MSFT key storage bug exploited, gives SYSTEM Six MSFT vulns being actively exploited. Get patchin'
Cybersecurity HMRC has £7.5m available for help scanning, patching, hardening its IT Let Nessus be your friend. Try not to break any CNI...
Cybersecurity The British gov't has identified "previously unknown CNI systems” 18 ransomware incidents this year meanwhile required national coordination
Cybersecurity This dance album was made with 200+ exotic malware samples It uses code, images, network traffic, and entropy values of malware to generate sounds...
Cybersecurity Security officials condemn "uneducated" ministers, shadow IT, after Liz Truss's phone hacked The British Gov’t has a serious ‘shadow IT’ problem
Cybersecurity GCHQ, NCSC Technical Director Dr Ian Levy calls quits after 22 years UK National Cyber Security Centre (NCSC) and GCHQ veteran Dr Ian Levy is leaving public service. His decision and absence will be felt keenly by many in the cybersecurity community, who speak highly of the Technical Director, who has been an engaged and forthright bridge with business and other industry
Cybersecurity A jeweller, sociologist, composer, a mum, go into cybersecurity… This is not the start of a joke: CISOs are searching beyond conventional talent pools...
Cybersecurity A mystery threat actor is running an "abnormally" large freejacking campaign that taps GitHub, Heroku to mine crypto Security researchers at Sysdig say that they have identified a previously unreported threat actor “using some of the largest cloud and continuous integration and deployment (CI/CD) service providers” in a massive “freejacking” campaign that makes use of trial accounts’ free compute to power cryptomining campaigns. Dubbing it PURPLEURCHIN, Sysdig
Cybersecurity GIGABYTE drivers are getting exploited warns CISA as 2018 bugs come back to bite POCs have circulated for years...
Cybersecurity Microsoft data breach "BlueBleed" exposes 2.4TB of customer data Customers being told GDPR disclosure unnecessary
Cybersecurity 3 trillion open source downloads, a 633% rise in malicious activity -- and a worrying sense of security IT managers say their orgs are better prepared - infosec pros are less confident...
Cybersecurity FIDO2 is touted as a security panacea: Why isn't it everywhere? FIDO2 makes the user initiate all authentication attempts.
Cybersecurity Windows fails to update vulnerable driver blocklist for THREE YEARS MS now says the blocklist will only be updated alongside major Windows releases.
Cybersecurity CISOs, unis, investors turn to richer metrics as security training evolves SA&T is evolving fast. It needs to...
Cybersecurity Advanced confirms attack was LockBit 3.0 ransomware, legitimate creds used No insight into how credentials were obtained...
Cloud This Azure bug is a perfect CVSS 10, gives you control over K8s clusters A critical vulnerability in an Azure tool that lets users manage Kubernetes clusters can be exploited remotely without authentication to gain administrative control over Kubernetes clusters, as well as Azure edge devices. The vulnerability, allocated a maximum possible CVSS (severity rating) score of 10 has been allocated CVE-2022-37968. It is
Cybersecurity Critical pre-auth RCE Fortinet vulnerability is a breeze to exploit A vulnerability in multiple Fortinet products gives an unauthenticated remote attackers root access to its core product’s administrative interface – and the vulnerability has been exploited in the wild the company warned. Given exploitation the company has warned customers to check for Indicators of Compromise. https://twitter.com/Horizon3Attack/status/
Cybersecurity Here's why Intel’s UEFI source code leak is a genuine security concern Intel late Sunday confirmed that proprietary UEFI code had been leaked in a potential serious security breach. The Intel Alder Lake source code was leaked to 4chan and Github – as first reported by Tom’s Hardware – as a 6GB file containing sensitive tools and code for building and optimising BIOS/
Cybersecurity Former Uber CSO Joe Sullivan found guilty of concealing data breach Note: There is no contractual indemnity clause that will cover criminal activity.
Cybersecurity US agencies ordered to run asset discovery scans every single week Knock Knock. Who's there? Multiple APTs, patch your shit.
Cybersecurity Critical Akamai bug could have let hackers poison millions of major brands' websites Absence of a bug bounty programme led to a “race against time” for customer bug bounties...
Cybersecurity Bolster your VMware ESXi security: Novel malware ecosystem identified Malware avoids EDR, attains persistence, is highly stealthy