Threat actors have been taking advantage of an exploited set of Microsoft credentials to embed ransomware attacks into signed drivers: Microsoft-signed malicious Windows drivers used in ransomware attacks (bleepingcomputer.com) And LockBit got through the cyber security defences of California’s Department of Finance: LockBit claims attack on California’s Department of Finance …
December’s Microsoft Patch Tuesday
SANS Internet Storm Diary has a comprehensive report on Microsoft’s Patch Tuesday: Microsoft December 2022 Patch Tuesday – SANS Internet Storm Center Here is the Microsoft release page: December 2022 Security Updates – Release Notes – Security Update Guide – Microsoft The Microsoft report gives much more information on the …
Google Chrome’s 9th zero-day vulnerability of 2022 now patched
Software is difficult and no matter how much vendors test, both black and white hackers will find vulnerabilities once the software has been released. The issue is how fast does the vendor respond with patches once a vulnerability has been found. Google Chrome emergency update fixes 9th zero-day of the …
Continue reading “Google Chrome’s 9th zero-day vulnerability of 2022 now patched”
Can Apple identify us from “anonymous” data?
Apple declares that sharing device usage information with them is anonymous, but researchers are claiming this is not true and Apple can associate actual iCloud users to this shared information. Apple Device Analytics Contain Identifying iCloud User Data, Claim Security Researchers – MacRumors Would Apple do this? They are already …
Continue reading “Can Apple identify us from “anonymous” data?”
Newly discovered zero-day vulnerability in Windows is being exploited now
Zero-day attacks will always be a serious issue for anyone involved in cyber security. A zero-day cyber attack is one that happens in the gap between the hackers discovering a vulnerability in a system and putting an exploit out in the wild and the software vendors, discovering the same software …
Continue reading “Newly discovered zero-day vulnerability in Windows is being exploited now”
CISA adds a Microsoft vulnerability to the Known Exploited Vulnerabilities Catalog
The US government Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft Windows flaw to the Known Exploited Vulnerabilities Catalog. CISA Has Added One Known Exploited Vulnerability to Catalog | CISA
Yesterday was Patch Tuesday
It comes round every month – make sure your team has updated. Here is a link to Lawrence Abrams’ excellent roundup of the updates and patches from Microsoft at Bleeping Computer. It includes details of the zero-day vulnerabilities patched: Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws …
