Cybersecurity Starts in the Boardroom
Zero-day attacks will always be a serious issue for anyone involved in cyber security. A zero-day cyber attack is one that happens in the gap between the hackers discovering a vulnerability in a system and putting an exploit out in the wild and the software vendors, discovering the same software …
Continue reading “Newly discovered zero-day vulnerability in Windows is being exploited now”
It appears the mitigation that Microsoft has published for the vulnerabilities CVE-2022-41040 and CVE-2022-41082 is not enough: Microsoft Exchange server zero-day mitigation can be bypassed (bleepingcomputer.com) These vulnerabilities are being actively exploited and now the steps put in place to defend against the issue can be bypassed and others are …
Continue reading “In-house Microsoft Exchange zero-day attack mitigation is not enough”
There is an actively exploited zero-day flaw being reported, that Microsoft has not yet patched – so have a look at GTSC’s blog post: Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server | GTSC (gteltsc.vn) The post also includes some temporary mitigation whilst waiting …
Continue reading “Do you operate an Exchange Server? Is it patched and up to date?”
This is what cyber security can become. Not sure what it means? It means navel gazing – thinking about one thing to the exclusion of the wider picture. So what am I talking about? You have been sold anti-virus and a firewall, you’ve set the updates to automatic and have …
WordPress plugin called BackupBuddy I wrote an article today for our training site CyberAwake, questioning exactly how much governance organisations are extending to their websites. The article started off because of two WordPress issues this week and during my background reading for the article I came across this from last …
Continue reading “Then there was a third problem with WordPress… BackupBuddy”
