The US Cybersecurity and Infrastructure Security Agency (CISA) has released a cyber security notification about Cisco devices: Cisco Releases Security Updates for Multiple Products | CISA
Ikea smart bulbs that your neighbours can control!
The Internet of Things, a great idea, when they are secure – these lights from Ikea obviously are not: Ikea smart bulbs can be exploited to force them to blink • The Register Your takeaway from this is to look at your IoT and connected devices (such as CCTV) and …
Continue reading “Ikea smart bulbs that your neighbours can control!”
A new approach that is bad for us…
Threat actors have developed a new approach to malware that exploits legitimate drivers making it more difficult to defend against the malware. To date over 1000 drivers have been impacted: BlackByte ransomware abuses legit driver to disable security products (bleepingcomputer.com) What makes this “Bring Your Own Vulnerable Driver” (BYOVD) method …
In-house Microsoft Exchange zero-day attack mitigation is not enough
It appears the mitigation that Microsoft has published for the vulnerabilities CVE-2022-41040 and CVE-2022-41082 is not enough: Microsoft Exchange server zero-day mitigation can be bypassed (bleepingcomputer.com) These vulnerabilities are being actively exploited and now the steps put in place to defend against the issue can be bypassed and others are …
Continue reading “In-house Microsoft Exchange zero-day attack mitigation is not enough”
CISA issues security advisories across a range of popular products
It has been a busy couple of days at the US Cybersecurity and Infrastructure Security Agency as they issue a range of security advisories: Drupal Releases Security Update | CISA Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server | CISA Cisco Releases Security Updates for Multiple Products | …
Continue reading “CISA issues security advisories across a range of popular products”
