Cybersecurity Starts in the Boardroom
This post was first made on 27 April 2022 Here is an article from Microsoft examining an issue with Linux, where user privileges can be elevated by stringing together a number of vulnerabilities. Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn – Microsoft Security Blog If you use Linux …
Continue reading “Linux vulnerability – Nimbuspwn UPDATED 28 April 2022”
Zero-Days – will always be a problem and both Google and Mandiant are reporting rises in such exploitations in 2021. I have reported on this before but the point that comes out in Bruce Schneier’s piece is the numbers these research groups are reporting are detected or declared Zero-Days. What …
I have written a couple of time about the vulnerabilities in VMware – they are patched now but the article below shows there are groups still trying to attack those organisations, slow to patch, with an active exploit. Iran’s Rocket Kitten likely behind VMware exploitation • The Register Why bother. …
The US Government, Cybersecurity and Infrastructure Security Agency (CISA) has added several new Microsoft Windows, vulnerabilities to it’s database. These all need patches – so again it is a good time to check that your “auto-updating” is working or time to get an Octagon IT monitoring package and let experts monitor the …
This post was first made on 22 April 2022 I regularly write about the issues around the zero-day vulnerability and our Social Engineering and Email Cyber Security Training course aims to equip individuals and organisations to meet the challenge that the zero-day poses. Google’s Project Zero has reported on it’s …
Continue reading “Zero-day security vulnerabilities exploited in 2021 – UPDATED 25 4 2022”
