Offering money to ethical technologists, who spot flaws in your software and tell you first before the hackers spot it, is an excellent way to keep your software secure. Microsoft reveals bug bounty payouts • The Register
CISA adds Windows and RAR vulnerabilities to the ” Known Exploited Vulnerabilities Catalogue”
The US Government, Cybersecurity and Infrastructure Security Agency (CISA) has added Microsoft Windows and RAR (zip software), vulnerabilities to it’s database. CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
Yesterday was Patch Tuesday – Exchange server gets a special mention
Microsoft has issued it’s monthly round of patches and updates, SANS Internet Storm Centre has a round-up here: Microsoft August 2022 Patch Tuesday – SANS Internet Storm Center This update addresses the DogWalk zero-day vulnerability. Here are the Microsoft release notes: August 2022 Security Updates – Release Notes – Security …
Continue reading “Yesterday was Patch Tuesday – Exchange server gets a special mention”
Security patch round-up
Wired UK has an excellent article rounding-up the security updates across a range of products – our support team found it really useful – you might too. Apple Just Patched 39 iPhone Security Bugs—Update iOS ASAP | WIRED UK
Commercialised cyberweapons
For when you have time, here are two articles from Microsoft looking at cyberweapons: Continuing the fight against private sector cyberweapons – Microsoft On the Issues Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits – Microsoft Security Blog The view from the US Government Pegasus spyware: Just ‘tip of …
And we thought blocking Microsoft Office macros was a good idea – but close one door to the threat actors and of course they find another way to get to you…
Research is showing that with Microsoft now blocking Office VBA macros from the internet, threat actors are moving to other attachments that can execute malicious instructions, such as Windows Shortcut .lnk, .iso and .rar. As Microsoft blocks Office macros, hackers find new attack vectors (bleepingcomputer.com) My advice: Make sure your …
Advice from the National Cyber Security Centre and the UK Government – actions to take when the cybersecurity risk is high (Russia Ukraine Conflict) – UPDATED 2 May 2023
This post was originally made on 2 March 2022. It will be updated as the Russian Ukraine Conflict develops and will highlight the cyber security issues facing organisations and individuals at this time. The National Cyber Security Centre (NCSC) is advising all UK organisations to review and improve their cyber …