Cybersecurity Starts in the Boardroom
Following the emergence of Bumblebee malware as a significant threat, SANS INternet Storm has a post looking at the function of the malware and transferring ISO files. Bumblebee Malware from TransferXL URLs – SANS Internet Storm Centre This is an excellent post by Brad and not only shows you the …
Continue reading “More on Bumblebee malware – detailed attack examination”
The US Cybersecurity and Infrastructure Security Agency has issued a joint advisory with the cyber security organisations from the UK, New Zealand, Netherlands and Canada listing ten regularly exploited weak security controls, poor configurations, and bad practices that allow threat actors to compromise networks. Here is the article: Weak Security …
Continue reading “CISA joint advisory on access control. Are you still missing MFA?”
The quote is from an article by Royal Hansen, Vice President of Engineering for Privacy, Safety, and Security, outlining how Google sees it’s role in making it a more secure world. Building a secure world (blog.google) I always have a seed of doubt when I read anything like this from …
Continue reading “Google – “cybersecurity is one of the top issues facing the world today””
I try and highlight the variety of social engineering phishing emails doing the rounds as awareness among your people about the ways they are having their trust exploited, when they check their email, is essential for them to beat the threat actors. Here is another one taken apart by the …
Continue reading “Make money fast – the classic social engineering phishing campaign”
The vulnerabilities are for Zyxel firewalls and VMWare Spring Cloud. CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA The Apache issue is with Tomcat: Apache Releases Security Advisory for Tomcat | CISA Researchers, NSA cybersecurity director warn of hackers targeting Zyxel vulnerability – The Record by Recorded Future
