This post was first published on 19 April 2022 Following up on the article below, here is a real world example of bug bounties working to improve cybersecurity. The US Government’s Department of Homeland Security (DHS) worked with a group of cyber security analysts, who uncovered 122 vulnerabilities in the …
CISA statement on mitigating MFA and “PrintNightmare” exploits UPDATED 17 March 2022
This article was first posted on 16 March 2022 Here is some good cyber security advice from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) regarding increased cyber threat activity from the Russia Ukraine conflict. “PrintNightmare” is an escalation of an MFA …
Web3 so new the paint has not yet dried but exploited already
It is widely accepted that the cyber security business is an arms race, with the good guys (us) nearly always playing catch up! We get something new and shiny that offers better security and before we know it it needs patching and fixing because the bad guys have found an …
Continue reading “Web3 so new the paint has not yet dried but exploited already”
Making a business from bug bounty – controversial?
Zerodium has announced it will buy bugs from researchers in popular email clients – for white-hat purposes although their actions are controversial. Zerodium looks to buy zero-days in Outlook and Thunderbird email clients – The Record by Recorded Future
iPhone vulnerability alert – take action now
Get this done now! – iPhone Vulnerability – Octagon Technology I have posted an article on the Octagon Technology blog outlining how and why you should update your iOS NOW. Here is more information via Bruce Schneier: Zero-Click iMessage Exploit – Schneier on Security