The gap between the vendor discovering a vulnerability and the patch getting to you will always be an issue – this is the zero-day threat. It escalates if the threat actors became aware of the vulnerability and exploits it before the vendor becomes aware. Now research by Mandiant shows that, …
But patching is not the whole story…
Earlier this week I posted about the importance of patches (again) when it comes to cyber security: However understanding your network components and endpoints and monitoring them is also very important as occasionally there is persistent malware that protects itself from security patches designed to eliminate it. Here is an …
Microsoft Exchange attacked again
We live in a Microsoft world when it comes to business – and Microsoft Exchange, whether hosted or your own servers, by their very nature contain information that hacker love or are a way into an organisation. So they are always going to be a target: UNC3524: Eye Spy on …
Zero-Days are back in the news
Zero-Days – will always be a problem and both Google and Mandiant are reporting rises in such exploitations in 2021. I have reported on this before but the point that comes out in Bruce Schneier’s piece is the numbers these research groups are reporting are detected or declared Zero-Days. What …
Counting Cows Chinese Cyber Crime
If it was not so serious, with a title like this I would have saved this for “Because It’s Friday” post. China exploited cow-counting app to spy on US, says Mandiant • The Register A report by cyber security firm Mandiant outlines how the Chinese state sponsored hacking group Double …