Cybersecurity Starts in the Boardroom
It comes round every month – make sure your team has updated. Here is a link to Lawrence Abrams’ excellent roundup of the updates and patches from Microsoft at Bleeping Computer. It includes details of the zero-day vulnerabilities patched: Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws …
…winged ninja cyber monkeys… Dr Ian Levy from the National Cyber Security Centre The title is a bit odd, but the article by Ian Levy from the National Cyber Security Centre (NCSC) does an excellent job of explaining why the NCSC is now scanning the internet looking for vulnerabilities in …
Continue reading “NCSC is scanning the internet for the UK’s cyber security readiness”
Everyone needs policies and procedures that address the potential risk of business email compromise (BEC). That is when the threat actors through impersonation or compromised credentials get inside an email system and send malicious business instructions to your team pretending to senior people in your organisation or trusted partners. Here …
The first is that threat actors have compromised a media company and are using its infrastructure to distribute malware: Hundreds of U.S. news sites push malware in supply-chain attack (bleepingcomputer.com) The company has not yet been named but the attack has impacted to many hundreds of news sites. The second …
Continue reading “A couple of stories about supply chain compromise”
Just when it looked like the Emotet spamming/malware operation had stopped, there are widespread reports that it has restarted. Emotet botnet starts blasting malware again after 5 month break (bleepingcomputer.com) Infected Microsoft Office documents are Emotet’s favoured method of malware distribution. Once the email has slipped past your technical defences, …
