The Equation Editor vulnerability in Microsoft Office was fixed back in 2017 but SANS recently found a new phishing email using it in the wild. It really highlights why updates and patches are so important – especially when you are using older software. Have a look at the ingenuity used …
Bug programmes are a key step in our cyber-security
I have previously written about bug bounty programmes – where software vendors will pay white-hat hackers for information about flaws in their software – so security steps, updates and patches can be released before the black-hat hackers can exploit them in the wild. A little light holiday reading! – Smart …
Continue reading “Bug programmes are a key step in our cyber-security”
A little light holiday reading!
I am on leave/writing retreat at the moment and one of the things I like to do when away is read. Bruce Schneier’s blog put me on to this very interesting work. Bounty Everything by Ryan Ellis & Yuan Stevens – (datasociety.net) “Hackers and the Making of the Global Bug …
When you have found a “good” thing, why stop?
The log4j vulnerability and it’s associated attack vectors was always going to be major cybersecurity crisis – and of course once the bad actors knew about it they would expand their exploitation. This article on the SANS internet shows how initial attempts to mitigate the log4j issue are now being …
Continue reading “When you have found a “good” thing, why stop?”
Software abuse at source
Hackers are abusing the MSBuild environment to embedded malicious code into applications to evade detection. Attackers are abusing MSBuild to evade defences and implant Cobalt Strike beacons – SANS Internet Storm Centre
VMware vulnerability
A serious vulnerability in VMware has been discovered: VMSA-2021-0029 (vmware.com) As the article on The Register says “ignore this at your peril”. Over Log4j? VMware has another critical flaw for you to fix • The Register
The future of society is smart contracts on a blockchain
The future of cyber crime is smart contracts on a blockchain with software bugs! Dan Goodin has an article explaining how a bug (flaw) in the code for drafting a blockchain smart contract, by MonoX Finance, allowed a hacker to steal $31million from them. Really stupid “smart contract” bug let …
Continue reading “The future of society is smart contracts on a blockchain”