Cybersecurity Starts in the Boardroom
Apple updates have been issued across it’s range of devices to address to address two zero-day flaws discovered in their operating systems. The affected range of devices is extensive but as of writing there have been no reports of active exploitation of the flaws. The best thing to do is …
I write a lot about patches being one of the most important steps in any cyber security plan – a quick search for “patches” on this site will show you how important they are. However you also need more in your cyber security plan than simply software patching as vendors …
Continue reading “Patches are not always available for critical flaws”
CISA is the US government’s Cybersecurity and Infrastructure Security Agency and a very good source cyber security and software patching information. Last week they posted several software patching updates and known vulnerabilities that are being exploited and mitigations for them. Samba Releases Security Updates for Multiple Versions of Samba | …
AlienFox is a malicious modular toolkit that threat actors can buy via a private Telegram channel. New AlienFox toolkit steals credentials for 18 cloud services (bleepingcomputer.com) The malware can be configured to scan for misconfigured servers and steal authentication details and credentials for a range of popular cloud-based services such …
Continue reading “Available for sale – a toolkit to steal credentials”
QNAP is a popular brand of soho NAS, available widely on Amazon. QNAP have released a security patch to fix a serious flaw, that if exploited could give threat actors administrator control of your device and information. QNAP warns customers to patch Linux Sudo flaw in NAS devices (bleepingcomputer.com)
