The US government Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for Telerik, a software development tool, to it’s Known Exploited Vulnerabilities Catalog:
CISA Has Added One Known Exploited Vulnerability to Catalog | CISA
This week CISA also released a security advisory for a range of Apple products, but I covered that here:
They also issued an advisory for VMware products:
VMware Releases Security Updates for VMware vRealize Log Insight | CISA
Remote Monitoring and Management Software
CSA released a report this week detailing the malicious abuse of Remote Monitoring and Management (RMM) Software, describing how the attacks are run and offering mitigation:
Protecting Against Malicious Use of Remote Monitoring and Management Software | CISA
As part of the cyber security we set up for clients, we make full use of RMM software – it a great cost effective cyber security tool for smaller organisations, especially if they have hybrid working. (That does not mean larger organisations should not use RMM.)
As part of our arrangements, we have a series of procedures in place to verify our communications and the identities of our team for the protection of them and our clients. We also have phishing email training in place. And… well the rest is between us and our cyber security clients.
Clive Catton MSc (Cyber Security) – by-line and other articles