ACM.75 An alternative to NATs and Internet Gateways This is a continuation of my series on Automating Cybersecurity Metrics. We looked at adding a VPC configuration for our Lambda function in an earlier post in this series where I demonstrated how a Lambda function that had Internet access may be abused. I also mentioned two options […]
Cyber NewsAbout 1 in 5 phishing email messages reach workers’ inboxes, as attackers get better at dodging Microsoft’s platform defenses and defenders run into processing limitations.
Cyber NewsACM.74 How these crucial services work by default and what happens if you want to use your own DNS and NTP servers on AWS This is a continuation of my series of posts on Automating Cybersecurity Metrics. It’s always DNS… Everything in AWS needs to access DNS or it will break. And I mean EVERYTHING. When we […]
Cyber NewsA severe remote code execution vulnerability in Zimbra’s enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected
Cyber NewsMicrosoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from “.*autodiscover.json.*Powershell.*” to “(?=.*autodiscover.json)(?=.*powershell).” The list of
Cyber NewsWhy bother with new tactics and exploits when the old tricks are still effective?
Cyber NewsFortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as CVE-2022-40684, the high-severity flaw relates to an authentication bypass vulnerability that could permit an unauthenticated adversary to perform arbitrary operations on
Cyber NewsThe Monterey Bay Aquarium has a video—”2 Hours Of Squid To Relax/Study/Work To“—with 2.4 million views. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Cyber NewsSecureWorks found that business email compromise still generates huge revenues for cybercriminals, while cyberespionage activities tend not to change so much. The post 2022 State of the Threat: Ransomware is still hitting companies hard appeared first on TechRepublic.
Cyber News