cybersecurity - The Stack (Page 7)

UK.gov's “ostrich” approach to cybersecurity leaves country “exposed and unprepared”

Departments need to go away and rethink how to protect country from ransomware

Joe Fay March 11, 2024

Microsoft customers are being targeted after Redmond's source code, secrets were stolen

A raid by Russian hackers penetrated deeper than first thought: "Some of these secrets were shared between customers and Microsoft..."

Edward Targett March 08, 2024

“Rewrite it in Rust”? Joe Biden is living the meme -but is a focus on memory corruption healthy?

New White House report cites a 2019 Microsoft paper. But analysis this month showed that memory corruption accounted for just 19.5% of “known exploited” vulnerabilities in 2023

Edward Targett February 28, 2024

NIST

governance

News

NIST’s CSF 2.0: Governance now at the heart of new cybersecurity framework. Is it helpful?

Some CIOs and CISOs use customised versions of NIST's CSF as a tool to communicate cybersecurity progress to the board.

Edward Targett February 27, 2024

Beat the bear's cloud incursions with canaries says Five Eyes

Russia

NCSC

News

Beat the bear's cloud incursions with canaries says Five Eyes

Service accounts, MFA bombing and residential proxies are being widely deployed by APT29.

Joe Fay February 27, 2024

US Treasury confirms $9 billion ICBC ransomware impact

"ICBC’s inability to access its systems caused securities to be delivered for settlement with no funds backing the trades"

The Stack February 23, 2024

vulnerabilities

ConnectWise

News

CVSS 10 ConnectWise vulnerability “extremely trivial to reverse and exploit” as POC lands, attacks start

"There might be active exploitation attempts across common AWS IP space"

The Stack February 21, 2024

Ivanti

vulnerabiities

News

13,000 unpatched Ivanti appliances exposed as attacks escalate, firmware analysis shocks users.

“Security” product shipped with a 13-year-old, unsupported base OS and software libraries with 973 vulnerabilities; 111 of which have publicly known exploits available.

Edward Targett February 16, 2024

UK.gov's “ostrich” approach to cybersecurity leaves country “exposed and unprepared”

Microsoft customers are being targeted after Redmond's source code, secrets were stolen

“Rewrite it in Rust”? Joe Biden is living the meme -but is a focus on memory corruption healthy?

NIST’s CSF 2.0: Governance now at the heart of new cybersecurity framework. Is it helpful?

Beat the bear's cloud incursions with canaries says Five Eyes

US Treasury confirms $9 billion ICBC ransomware impact

CVSS 10 ConnectWise vulnerability “extremely trivial to reverse and exploit” as POC lands, attacks start

13,000 unpatched Ivanti appliances exposed as attacks escalate, firmware analysis shocks users.