The US government Cybersecurity and Infrastructure Security Agency (CISA) had added a vulnerability for Barracuda Networks devices to the Known Exploited Vulnerabilities Catalog: CISA Adds One Known Exploited Vulnerability to Catalog | CISA
PyPi software repository takes the most basic of security steps…
Having temporarily closed its doors last week to new business, PyPi – a python code repository – is now enforcing the most basic of cyber security precautions – 2FA! PyPI announces mandatory use of 2FA for all software publishers (bleepingcomputer.com) Your takeaway from this is that any essential business service …
Continue reading “PyPi software repository takes the most basic of security steps…”
On-premises Exchange Server Vulnerability
On-premises Exchange servers are still out there and they make great targets for threat actors, especially those with unpatched flaws. There is a new PowerShell based malware called PowerExchange and being linked to an Iranian threat group APT34 that backdoors Microsoft Exchange servers. New PowerExchange malware backdoors Microsoft Exchange servers …
Continue reading “On-premises Exchange Server Vulnerability”
WordPress again…
See here for what I have written about WordPress this week: Let’s Talk About WordPress …and if you do not think hackers go after WordPress and it’s plugins, then read this: Hackers target 1.5M WordPress sites with cookie consent plugin exploit (bleepingcomputer.com)
Risk, Risk, Risk
Following a meeting with a client last week and the first news item I posted on Monday, I started this week thinking about risk, which has led to a short series of articles looking at… risk! On Smart Thinking I wrote about risk analysis and how I get started with …
