The US Government Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory of threat actors exploiting the software issues in the F5 systems: Threat Actors Exploiting F5 BIG IP CVE-2022-1388 | CISA
Joint advisory on the top exploits
The UK’s National Cyber Security Centre with it’s partners in the Five Eyes, has issued an advisory for the top exploited software vulnerabilities in 2021 – meaning they could continue being the top exploits in 2022. 2021 Top Routinely Exploited Vulnerabilities | CISA Microsoft Exchange server, VMware, SonicWall and Log4j …
Bug bounties are a vendor’s shortcut to software vulnerabilities – UPDATED 26 April 2022
This post was first published on 19 April 2022 Following up on the article below, here is a real world example of bug bounties working to improve cybersecurity. The US Government’s Department of Homeland Security (DHS) worked with a group of cyber security analysts, who uncovered 122 vulnerabilities in the …
CISA statement on mitigating MFA and “PrintNightmare” exploits UPDATED 17 March 2022
This article was first posted on 16 March 2022 Here is some good cyber security advice from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) regarding increased cyber threat activity from the Russia Ukraine conflict. “PrintNightmare” is an escalation of an MFA …
Web3 so new the paint has not yet dried but exploited already
It is widely accepted that the cyber security business is an arms race, with the good guys (us) nearly always playing catch up! We get something new and shiny that offers better security and before we know it it needs patching and fixing because the bad guys have found an …
Continue reading “Web3 so new the paint has not yet dried but exploited already”