Cisco Incident response exercises urged after mass Cisco device exploitation Cisco says patch pending October 22 for what transpires to have been two discrete zero days...
News "The worst security flaw in a long time" is about to land. With 20 billion curl installations, be worried Could a pending curl vulnerability be the next Log4j?
News Georgia on my fines: Top tech uni charged with discrimination Renowned IT research institute Georgia Tech has been fined for discriminating against non US citizens in its job fairs
Members only CISO The five key habits of top CISOs These approaches cropped up regularly amongst those CISOs inhabiting the metaphorical equivalent of that top right corner in a Magic Quadrant (now there's an idea...)
Members only CISO Kroll blasts T-Mobile after SIM swapping attack enables data breach: CISOs, listen up... Security leaders would do well to revisit this month's findings of the Cyber Security Advisory Board (CSRB)...
cybersecurity Wiz eyes SentinelOne as cybersecurity market evolves Wiz, the fastest software company to grow from $1 million to $100 million in ARR should be aware how fast boasts about record-breaking achievements can look like yesterday's news. Just ask SentinelOne...
malware WinRAR zero-day used to pack in malware for targeted attacks A months-long malware campaign was seen exploiting a zero-day flaw in WinRAR for spear-phishing attacks aimed at traders and finance professionals
Members only News Adobe patch nightmare: Trio of application server vulnerabilities being exploited Want to let criminals “query your databases, add/change/delete files, export data or files off your server”? No, then you should probably be paying close attention to whether you are running Adobe ColdFusion and if you are exposed...
News MobileIron under active attack, admins warned to update Ivanti is warning of attacks on its MobileIron platform due to improper handling of APIs
Interviews Featured The Big Interview: CISA’s $7 billion CDM program aims to run pan-federal cybersecurity. Is it delivering? "We have gotten very smart on how to do business with agencies and build in flexibility into our contracting vehicles. We took an approach early on to divide and conquer..."
vulnerabilities CVE for “Damn Vulnerable Web Application” rejected after troubling, bemusing hackers "To the 731 people who have DVWA exposed to the internet, I apologise for CVE-2023-39848, I recommend you temporarily remove them from the internet till I can create a patch."
vulnerabilities Citrix ShareFile vulnerability being exploited amid warnings of a “huge spike” in attacks Pre-auth RCE in Citrix ShareFile has the potential to be the next MOVEit, or Accellion, or GoAnywhere, or Aspera Faspex, or...
CISO The vital role the CISO has to play in the boardroom "As the collective business sector starts to awaken to the size and scale of the risk, the battle for exceptional CISOs will be fierce..."
News Hackers achieve 93% word recovery from keyboard noise Keyboard clicks are giving up more information than you think, according to university researchers
cybersecurity Most exploited vulnerabilities 2022: Five Eyes’ list of CVEs comes with a twist in the tail Two CVEs dominate attack traffic and one will look very familiar: So will six others...
cybersecurity NSRA says cyberattacks pose a greater threat than ever before The UK government has upped the risk factor for cyberattacks on infrastructure, outlining how attacks on vital services and the emergence of AI could potentially threaten public safety
Federal Government White House unveils cyber workforce initiative The Biden Administration has introduced a new initiative that would aim to see the US government expand both its training and hiring for tech jobs
News Kaspersky reports third exploited Apple zero day in 5 weeks "Operation Triangulation" continues after the Russian security firm was hacked by a sophisticated adversary using a zero-click iOS chain...
cybersecurity Striking the right balance between IT security, risk management and cyber insurance "In another example, a custom-built application relied on an old version of Apache Log4J for logging, and the updates to Log4J did not support data in the same way. There was no budget for this application to be rebuilt at the time..."
deals Thales' $3.6 billion buyout of Imperva is timely... Imperva, generating ~$500 million in revenues, has suffered from executive churn in recent years that has caused some “adverse impact on Imperva’s roadmap execution."
Members only encryption The world’s first fully specified, end-to-end encryption standard just landed. That's big. Here’s what you need to know about Messaging Layer Security (MLS) as it becomes an official standard in a move welcomed by AWS, Android, Cisco, Matrix and many more.
Citrix Critical pre-auth RCE Citrix Gateway vulnerability is under active attack and looks bad There are approximately 38,000 Citrix Gateway appliances exposed to the public internet and a whole host of internet traffic flows through Citrix ADC...
encryption RFC 9420 aka Messaging Layer Security (MLS) – An Overview MLS achieves its low complexity through the use of a binary tree. This means that the number of required operations and the payload size do not increase linearly with the group size but rather only logarithmically after a short warm-up period...
cybersecurity Microsoft strengthens key storage after China incident – admits “validation error in Microsoft code” Redmond has since "substantially hardened key issuance systems... this includes increased isolation of the systems, refined monitoring of system activity, and moving to the hardened key store used for our enterprise systems..."
sonicwall Critical SonicWall vulnerabilities "extremely attractive" - central firewall hub needs urgent patching Multiple critical unauthenticated SQL injection bugs and hard-coded credentials as well as command injection, and file upload bugs need urgent patching.