Cybersecurity
Managing cybersecurity in local government - multiple hats, fewer tools
Falkirk Council shows where to find the next generation of tech bairns
Qualys
Bugs are turning into exploits faster than ever
Vulnerabilities are turning into actively exploited flaws at a rapid pace, often within the same day. This according to research from security vendor Qualys.
News
Intel patches Downfall bug, but slows CPUs in the process
Intel's fix for a serious side-channel vulnerability in its CPUs could in some cases bring a significant performance slowdown
0days
Ivanti patches second EPMM zero-day
Ivanti has kicked out an urgent patch for cve-2023-35081, a zero-day flaw in EPMM that is under active exploit in the wild
patching
Apple pushes urgent security fix for exploited zero day – then kills it after websites broke
Risk arbitrary code execution or face howls from users unable to access Instagram? Priorities, priorities -- but a fresh fix is coming after initial RSR rolled back.
MOVEit
Fuzzy Thinking: Yet more critical SQL Injection bugs in MOVEIt Transfer
You're tired? Everyone's tired. Just patch promptly please.
Cybersecurity
Gird your loins: Patch Tuesday’s back
It’s that time of the month again: Microsoft has pushed out 98 security patches for January’s Patch Tuesday: 11 are critical, one CVE-2023-21674 is being actively exploited and another gives unauthenticated remote access to your SharePoint Server – and requires not just the patch but a “SharePoint upgrade action”
Cybersecurity
Firmware security in the spotlight after novel ransomware attacks
“The learning curve isn't as steep as people think.”
Cybersecurity
Automated patching, risk-based approach critical to resilience: First, face the "Bleedin' obvious"
Former NCSC Director of Incident Management John Noble, opening the Qualys Security Conference (QSC) in London, warned that much of what he would say would be “to use a British expression, bleedin’ obvious”. He was right. And that's a problem. “My colleagues in the NCSC [say] patching remains
Cybersecurity
A critical Sophos firewall RCE bug is under active attack. Patch now.
Pre-auth RCE has been exploited in the wild...
Cybersecurity
Fix this humdinger of an SAP bug now! It's CVSS 10 and trivial to exploit
Patch Tuesday was otherwise so relaxed...
Cybersecurity
A RECOMMENDED software update crashed 20 critical IT systems
The update in question...