Cybersecurity Starts in the Boardroom
Recently I have covered a couple of incidents that revolve around a betrayal of trust – often called the insider threat: The Insider Threat – it may be at the top of the company… – Smart Thinking Solutions The Insider Threat and $250,000 – Smart Thinking Solutions This got me …
Continue reading “A series on the Insider Threat – and your first tip on dealing with it!”
Here is an interesting article about privacy, looking at how LinkedIn (Microsoft) loosely interpreted its privacy policies so it could experiment on twenty million users: Experts debate the ethics of LinkedIn’s algorithm experiments on 20M users | Ars Technica
It appears the mitigation that Microsoft has published for the vulnerabilities CVE-2022-41040 and CVE-2022-41082 is not enough: Microsoft Exchange server zero-day mitigation can be bypassed (bleepingcomputer.com) These vulnerabilities are being actively exploited and now the steps put in place to defend against the issue can be bypassed and others are …
Continue reading “In-house Microsoft Exchange zero-day attack mitigation is not enough”
It has been a busy couple of days at the US Cybersecurity and Infrastructure Security Agency as they issue a range of security advisories: Drupal Releases Security Update | CISA Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server | CISA Cisco Releases Security Updates for Multiple Products | …
Continue reading “CISA issues security advisories across a range of popular products”
The US Cybersecurity and Infrastructure Security Agency has added three known exploits to its Known Exploited Vulnerabilities Catalog – this list should be seen as a “Must Patch Now” list. Two of the exploits are for Microsoft Exchange are being actively exploited: CISA Adds Three Known Exploited Vulnerabilities to Catalog …
Continue reading “CISA adds three vulnerabilities to the Known Exploited Vulnerabilities Catalog”
There is an actively exploited zero-day flaw being reported, that Microsoft has not yet patched – so have a look at GTSC’s blog post: Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server | GTSC (gteltsc.vn) The post also includes some temporary mitigation whilst waiting …
Continue reading “Do you operate an Exchange Server? Is it patched and up to date?”
PuTTY, KiTTY and Sumatra PDF Reader – I did my due diligence before installing these – and now they have been targeted by ZINC, a state-sponsored group operating out of North Korea. ZINC weaponizing open-source software – Microsoft Security Blog Before writing this blog post I had checked my system …
Continue reading “Here is some of the open-source software I use – and it has all been targeted!”
