Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation
Another two bugs in this month’s set of fixes for 63 CVEs were publicly disclosed previously but have not been exploited yet.
Cyber News, Cyber Threat Trends
- November 15, 2023
- November 15, 2023
Danish Energy Attacks Portend Targeting More Critical Infrastructure
Targeted attacks against two dozen related companies is just the latest evidence that hackers want a piece of energy.
Cyber News, Cyber Threat Trends
- November 14, 2023
Microsoft Patch Tuesday, November 2023 Edition
Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month include CVE-2023-36025, a weakness that allows malicious content to bypass the Windows SmartScreen […]
Cyber NewsUpcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at the AI Summit New York on December 6, 2023. The list is maintained on this page.
Cyber News, Cyber Threat Trends
- November 14, 2023
21 Vulnerabilities Discovered in Crucial IT-OT Connective Routers
In this Black Hat Europe preview, devices bridging critical machinery with the wider Internet are exposed and subject to numerous supply chain-induced bugs.
Cyber News, Cyber Threat Trends
- November 14, 2023
Squeeze some more life from your old laptop
Friends, forever Continue reading on The CISO Den »
Cyber News, Cyber Threat Trends
- November 14, 2023
A CloudFormation Template to Enforce a Secure SSH Encryption Algorithm for EC2 Key Pairs
ACM.383 Security problems and workarounds if you choose to do this Continue reading on Cloud Security »
Cyber News, Cyber Threat Trends
- November 14, 2023
CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs
A group of academics has disclosed a new “software fault attack” on AMD’s Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security and […]
Cyber News
- November 14, 2023
Boeing Roughed-Up After Ransomware Deadline Expires
Boeing Roughed-Up After Ransomware Deadline Expires The Beating Occurred Friday Amid an Aggressive New ‘Digital Extortion’ Crimewave In the uncannily evocative language of street parlance—Boeing just got jumped. Boeing, a leading aerospace and defense company, has been targeted by the notorious Lockbit syndicate in a significant ransomware attack. A vast amount of its confidential data […]
Cyber Thoughts