Cisco have published details of a network compromise of their systems: Cisco’s own network compromised by gang with Lapsus$ links • The Register
Yesterday was Microsoft Patch Tuesday – get it done and check everyone else is getting it done as well…
It is that time again – among the fixes and patches from Microsoft, for July 2022 is one addressing CVE-2022-22047, Windows Elevation of Privilege Vulnerability – according to Microsoft a zero-day flaw that is being exploited by threat actors. For more details see Bleeping Computer’s excellent round-up of Patch Tuesday: …
Microsoft Patch Tuesday – Follina zero-day fixed
We will start with the good news – the zero-day threat Follina/msdt.exe has been patched. Let’s hope that it really is the fix we all need! Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws (bleepingcomputer.com) There are other fixes in the update, for Excel, Edge, Microsoft networking etc …
Continue reading “Microsoft Patch Tuesday – Follina zero-day fixed”
Ransomware via IoT
I have written before about the security limitations of “Internet of Things” (IoT) devices. Many of them are simple devices, possibly based on older tech, they tend to lack the hardware to allow for regular security updates, etc, etc etc. At least the UK Government is enacting laws to make …
If you have an Aruba or Avaya switch – then this post is for you
Critical vulnerabilities have been discovered in these devices. No exploits have been reported in the wild – but patches are available – so get patching. Critical flaws in ‘millions of Aruba, Avaya switches’ • The Register
