The Equation Editor vulnerability in Microsoft Office was fixed back in 2017 but SANS recently found a new phishing email using it in the wild. It really highlights why updates and patches are so important – especially when you are using older software. Have a look at the ingenuity used …
Bug programmes are a key step in our cyber-security
I have previously written about bug bounty programmes – where software vendors will pay white-hat hackers for information about flaws in their software – so security steps, updates and patches can be released before the black-hat hackers can exploit them in the wild. A little light holiday reading! – Smart …
Continue reading “Bug programmes are a key step in our cyber-security”
A little light holiday reading!
I am on leave/writing retreat at the moment and one of the things I like to do when away is read. Bruce Schneier’s blog put me on to this very interesting work. Bounty Everything by Ryan Ellis & Yuan Stevens – (datasociety.net) “Hackers and the Making of the Global Bug …
When you have found a “good” thing, why stop?
The log4j vulnerability and it’s associated attack vectors was always going to be major cybersecurity crisis – and of course once the bad actors knew about it they would expand their exploitation. This article on the SANS internet shows how initial attempts to mitigate the log4j issue are now being …
Continue reading “When you have found a “good” thing, why stop?”
Software abuse at source
Hackers are abusing the MSBuild environment to embedded malicious code into applications to evade detection. Attackers are abusing MSBuild to evade defences and implant Cobalt Strike beacons – SANS Internet Storm Centre
