Threat actors have been taking advantage of an exploited set of Microsoft credentials to embed ransomware attacks into signed drivers: Microsoft-signed malicious Windows drivers used in ransomware attacks (bleepingcomputer.com) And LockBit got through the cyber security defences of California’s Department of Finance: LockBit claims attack on California’s Department of Finance …
CISA adds five vulnerabilities to the Known Exploited Vulnerabilities Catalog
This is another good resource from the US government Cybersecurity and Infrastructure Security Agency (CISA). Vulnerabilities for Fortinet, Citrix have been added but also for Microsoft Defender and Veeam Backup both of which are vital tools in the fight against threat actors: CISA Adds Five Known Exploited Vulnerabilities to Catalog …
Continue reading “CISA adds five vulnerabilities to the Known Exploited Vulnerabilities Catalog”
Other patches and updates in the news
Other companies gather around Microsoft’s Patch Tuesday and issue their updates round and about the same time and there are also the critical patches that are issued when needed. Here are some that are in the news but you should be checking your systems for updates: AWS fixes vulnerability affecting …
Twitter again – now they are reducing their online safety systems
Twitter has disbanded the volunteer group which advised it on self-harm, child abuse and hate speech. BBC Tech News Charities’ dismay as Twitter disbands safety group – BBC News This cannot be a good thing – whatever other precautions are put in place children and vulnerable people are on Twitter …
Continue reading “Twitter again – now they are reducing their online safety systems”
December’s Microsoft Patch Tuesday
SANS Internet Storm Diary has a comprehensive report on Microsoft’s Patch Tuesday: Microsoft December 2022 Patch Tuesday – SANS Internet Storm Center Here is the Microsoft release page: December 2022 Security Updates – Release Notes – Security Update Guide – Microsoft The Microsoft report gives much more information on the …
