OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!
That bated-breath OpenSSL update is out! It’s no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here’s why…
Cyber News, Cyber Threat Trends
- November 1, 2022
CISA Publishes Multi-Factor Authentication Guidelines to Tackle Phishing
The guidelines describe methods threat actors use to steal MFA credentials and how to defend against them
Cyber News, Cyber Threat Trends
- November 1, 2022
Researchers Disclose Details of Critical ‘CosMiss’ RCE Flaw Affecting Azure Cosmos DB
Microsoft on Tuesday said it addressed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB that enabled full read and write access. The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible disclosure from Orca Security, which dubbed the flaw CosMiss. “In short, […]
Cyber News, Cyber Threat Trends
- November 1, 2022
Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware
The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky. Stone Panda, also called APT10, Bronze Riverside, Cicada, and Potassium, is a
Cyber News, Cyber Threat TrendsLockBit Dominates Ransomware Campaigns in 2022: Deep Instinct
The figures come from the 2022 Interim Cyber Threat Report by Deep Instinct
Cyber News, Cyber Threat Trends
- November 1, 2022
SHA-3 code execution bug patched in PHP – check your version!
As everyone waits for news of a bug in OpenSSL, here’s a reminder that other cryptographic code in your life may also need patching!
Cyber News, Cyber Threat Trends
- November 1, 2022
Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution
IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager (SBM). The issue, characterized as a “neutralization of Special Elements in Output Used by a Downstream Component,” could be abused to result in the execution of remote code or disclosure of sensitive information. ConnectWise’s
Cyber News, Cyber Threat Trends
- November 1, 2022
Last Years Open Source – Tomorrow’s Vulnerabilities
Linus Torvalds, the creator of Linux and Git, has his own law in software development, and it goes like this: “given enough eyeballs, all bugs are shallow.” This phrase puts the finger on the very principle of open source: the more, the merrier – if the code is easily available for anyone and everyone to […]
Cyber News, Cyber Threat Trends
- November 1, 2022
Connecting to an EC2 instance via SSH (and when you can’t)
ACM.98 Using our SSH key stored in Secrets Manager to log into an EC2 instance This is a continuation of my series of posts on Automating Cybersecurity Metrics. When I first started using AWS it was very confusing initially to understand how to set up an AWS EC2 instance and the related networking so I could […]
Cyber News, Cyber Threat Trends