Cybersecurity Starts in the Boardroom
Hacker spent nearly five months inside a US regional government network, downloading files, using software and deleting logs, before deploying Lockbit ransomware. Sophos recreated the attack from what was left of the logs and believe the attackers got in through a public facing remote desktop protocol (RDP) port – something …
Continue reading “Sophos report even government agencies can miss hackers in their network”
Here is something I wrote for the Octagon Technology blog last month. It started out looking at the zero-day issue and then explored the tools available to create “defence in depth” cyber security and finished with an explanation of how you can keep up with this blog in using Outlook …
Continue reading “Why keeping up with the cyber security news is important”
Apache has issued another patch for a vulnerability in Struts 2 framework for Java applications as the one issued in 2020 did not quite work. Apache says 2-year-old Struts bug wasn’t fully fixed • The Register S2-062 – Apache Struts 2 Wiki – Apache Software Foundation
Patch Tuesday has come around again – and time for you check that ALL your updates and patches are up to date – not just your Microsoft ones. I know they are supposed to happen automatically but check anyway! Microsoft April 2022 Patch Tuesday – Sans Internet Storm Centre Microsoft’s …
Continue reading “Are your patches and updates being done everywhere?”
Hackers have been actively working to exploit the Spring4Shell vulnerability – now it has been detected in the wild deploying the Mirai botnet. Spring4Shell under active exploit by Mirai botnet herders • The Register CVE-2022-22965 Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware (trendmicro.com) …
Continue reading “Spring4Shell in the wild executing the Mirai botnet”
