Collaborate Disseminate
On October 2021 Patch Tuesday, Microsoft has fixed 71 CVE-numbered vulnerabilities. Of those, only one was a zero-day exploited in attacks in the wild (CVE-2021-40449) and three were publicly known before the release of the patches. Vulnerabilities of … Continue reading Microsoft patches actively exploited Windows zero-day (CVE-2021-40449)
Immersive Labs and the Cross Market Operational Resilience Group (CMORG) announced an exercise to help technical teams and business-level decision-makers at financial services firms across the entire industry mitigate the impact of an advanced cyber at… Continue reading Immersive Labs and CMORG announce free cyber crisis exercise for UK financial services firms
The definitive OWASP Top 10 2021 list is out, and it shows that broken access control is currently the most serious web application security risk. How is the list compiled? “We get data from organizations that are testing vendors by trade, bug bo… Continue reading OWASP Top 10 2021: The most serious web application security risks
Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google’s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software. Continue reading Microsoft Patch Tuesday, September 2021 Edition
MITRE ATT&CK has become the go-to framework in understanding and visualizing cyber threats and risk. Today its application in identifying the effectiveness of security technologies and processes is widespread, but there are also huge potential adv… Continue reading eBook: Aligning cyber skills to the MITRE ATT&CK framework
‘Mega breaches’ might sound dystopian, but they’re becoming an all too familiar feature of the modern cyber crisis. Yet organizations are still relying on traditional techniques to prepare and exercise their workforces’ cyber cr… Continue reading eBook: The Psychology of Cyber
Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows Server 2019 machines. Continue reading Microsoft Patch Tuesday, August 2021 Edition
Microsoft’s August 2021 Patch Tuesday is pretty lightweight, through it covers a wide variety of Microsoft solutions. 44 CVE-numbered security holes have been plugged, seven of which are critical, and one is actively exploited (CVE-2021-36948). F… Continue reading Microsoft patches actively exploited zero-day (CVE-2021-36948), more Print Spooler flaws
On this July 2021 Patch Tuesday: Microsoft has fixed 117 CVEs, 4 of which are actively exploited Adobe has delivered security updates for Acrobat and Reader, Bridge, Framemaker, Illustrator, and Dimension VMware has fixed two vulnerabilities in VMware … Continue reading July 2021 Patch Tuesday: Microsoft fixes 4 actively exploited bugs
Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. Continue reading Microsoft Patches Six Zero-Day Security Holes