Cybersecurity Starts in the Boardroom
We have written several articles recently about how critical patches and updates are to your cyber security. Here is another reason why: Proof-of-Concept released for critical Microsoft Word RCE bug (bleepingcomputer.com) Once the threat actors are aware of a vulnerability – whether it is patched or not – they will …
I love OneNote – it is my go to, cross platform/cross device app (it even works on my watch!) so I have been watching the increasing threat actor activity using OneNote attachments with interest, as we all use OneNote her at Smart Thinking and Octagon and I have encouraged many …
Data breaches of big companies regularly make the news – here is the latest: UK retailer WH Smith hit by another data thief • The Register Threat actors accessed past and present employee data and other company information, but customer information was secure from the attack as it is kept …
The US government Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability to its Known Exploited Vulnerabilities Catalog for ZK Framework: CISA Adds One Known Exploited Vulnerability to Catalog | CISA A updated version of the CISA Decider tool for the MITRE ATT&CK framework has been released. CISA Releases Decider …
Continue reading “CISA cyber security advisories and advice on MITRE ATT&CK”
Windows secure boot is a tool to prevent unauthorised software from running on Windows machines protecting the firmware and other essential systems. A UEFI secbootkit malware package known as BlackLotus – readily available for sale on hacker forums – can now bypass this security feature: It’s official: BlackLotus malware can …
