cybersecurity - The Stack (Page 5)

UK government

UK.gov's “ostrich” approach to cybersecurity leaves country “exposed and unprepared”

Departments need to go away and rethink how to protect country from ransomware

Microsoft

Microsoft customers are being targeted after Redmond's source code, secrets were stolen

A raid by Russian hackers penetrated deeper than first thought: "Some of these secrets were shared between customers and Microsoft..."

Rust

“Rewrite it in Rust”? Joe Biden is living the meme -but is a focus on memory corruption healthy?

New White House report cites a 2019 Microsoft paper. But analysis this month showed that memory corruption accounted for just 19.5% of “known exploited” vulnerabilities in 2023

NIST

NIST’s CSF 2.0: Governance now at the heart of new cybersecurity framework. Is it helpful?

Some CIOs and CISOs use customised versions of NIST's CSF as a tool to communicate cybersecurity progress to the board.

Russia

Beat the bear's cloud incursions with canaries says Five Eyes

Service accounts, MFA bombing and residential proxies are being widely deployed by APT29.

cybersecurity

US Treasury confirms $9 billion ICBC ransomware impact

"ICBC’s inability to access its systems caused securities to be delivered for settlement with no funds backing the trades"

screenconnect vulnerability connectwise cvss 10

vulnerabilities

CVSS 10 ConnectWise vulnerability “extremely trivial to reverse and exploit” as POC lands, attacks start

"There might be active exploitation attempts across common AWS IP space"

Ivanti

13,000 unpatched Ivanti appliances exposed as attacks escalate, firmware analysis shocks users.

“Security” product shipped with a 13-year-old, unsupported base OS and software libraries with 973 vulnerabilities; 111 of which have publicly known exploits available.