Cloud computing was the lifeline that kept many companies running during the pandemic. But it was a classic case of medicine that comes with serious side effects. Having anywhere, anytime access to data and apps gives companies tremendous flexibility in a fast-changing world, plus the means to scale and customize IT at will. The cloud is an […]
Cyber News, Cyber Threat Trends
Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo. “This vulnerability
Cyber News, Cyber Threat TrendsMicrosoft said the worm had alternate infection methods beyond its original USB drive spread
Cyber News, Cyber Threat TrendsThere are no details yet, but it’s really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. It’s likely to be abused to disclose server memory contents, and potentially […]
Cyber News, Cyber Threat Trends
AWS Changing ARNs in Trust Policies — Big Problems ACM.94 Trying to restore things after a user gets deleted leaves you in a malformed state for which there is no simple recovery This is a continuation of my series on Automating Cybersecurity Metrics. While updating my code in prior posts, the KMSAdmin user got inadvertently deleted so I couldn’t […]
Cyber News, Cyber Threat Trends
Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like SharkBot and Vultur, which are capable of stealing financial data and performing on-device fraud. “These droppers continue the unstopping evolution of malicious apps sneaking to the official store,” Dutch mobile security firm ThreatFabric
Cyber News, Cyber Threat Trends
Turns out that Tuesday’s zero-day for iOS 16 is Friday’s zero-day for iOS 15…
Cyber News, Cyber Threat Trends
The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware. It is “part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread,” the Microsoft Security Threat Intelligence Center (MSTIC
Cyber News, Cyber Threat Trends
Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October […]
Cyber News, Cyber Threat Trends