Cybersecurity Starts in the Boardroom
So, everyone knows what that means, for the users, slow internet connections as we all gather in those vital updates, for the administrators, checking what needs to be done and checking that it has happened – including checking that the users have not skipped the updates because they are too …
Continue reading “Yesterday was Patch Tuesday for Microsoft”
Recently I have covered a couple of incidents that revolve around a betrayal of trust – often called the insider threat: The Insider Threat – it may be at the top of the company… – Smart Thinking Solutions The Insider Threat and $250,000 – Smart Thinking Solutions This got me …
Continue reading “A series on the Insider Threat – and your first tip on dealing with it!”
Here is an interesting article about privacy, looking at how LinkedIn (Microsoft) loosely interpreted its privacy policies so it could experiment on twenty million users: Experts debate the ethics of LinkedIn’s algorithm experiments on 20M users | Ars Technica
It appears the mitigation that Microsoft has published for the vulnerabilities CVE-2022-41040 and CVE-2022-41082 is not enough: Microsoft Exchange server zero-day mitigation can be bypassed (bleepingcomputer.com) These vulnerabilities are being actively exploited and now the steps put in place to defend against the issue can be bypassed and others are …
Continue reading “In-house Microsoft Exchange zero-day attack mitigation is not enough”
It has been a busy couple of days at the US Cybersecurity and Infrastructure Security Agency as they issue a range of security advisories: Drupal Releases Security Update | CISA Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server | CISA Cisco Releases Security Updates for Multiple Products | …
Continue reading “CISA issues security advisories across a range of popular products”
