Cybersecurity Starts in the Boardroom
The Cyber Safety Review Board is operated by The Department of Homeland Security and in it’s inaugural report the Log4j vulnerability, spread and exploitation is discussed: CSRB Report on Log4j – Public Report – July 11 2022_508 Compliant (cisa.gov) It makes interesting reading. I wonder just how many developers do …
Continue reading “As predicted Log4j is going to be a problem for a long time”
This post was first published on 15 June 2022 Update 12 July 2022 President Bidens’ administration’s decision to blacklist the NSO Group is proving to be a problem for L3Harris, a US defence contractor that wants to buy the Pegasus spyware part of the business: L3Harris in move to buy …
Continue reading “The story of Pegasus spyware continues UPDATED 12 July 2022”
Bug bounties are a useful way for vendors – and now government departments – to engage with honest, white hat, cyber security experts, to test systems for flaws. DoD issues call for hackers to dig into networks – The Record by Recorded Future
Often it the online processes around blockchain and cyrpto-currencies that are exploited by the threat actors, not the blockchain itself – which remains secure. Following a year of research, a report by Trail of Bits, commissioned by the US Government Defense Advanced Research Projects Agency (DARPA) shows that the blockchain …
It seems a long time ago that the Log4Shell vulnerability was discovered. A vulnerability that had far reaching consequences as many systems used this framework for their logging functionality. The US Cybersecurity and Infrastructure Security Agency(CISA) with the United States Coast Guard Cyber Command (CGCYBER) has issued an advisory of …
Continue reading “Log4Shell is still an exploited vulnerability”
