Collaborate Disseminate
August 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well. Apple released iCloud for Windows updates and Google pushed out fixes to Chrome. They were followed by… Continue reading Intel, SAP, and Citrix release critical security updates
On this August 2020 Patch Tuesday: Microsoft has plugged 120 flaws, two of which are being exploited in attacks in the wild Adobe has delivered security updates for Adobe Acrobat, Reader and Lightroom Apple has released updates for iCloud on Windows Go… Continue reading August 2020 Patch Tuesday: Microsoft fixes two vulnerabilities under attack
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, July 2020.The standout hack of July 2020, and possibly of the year, was the takeover of 45 celebrity Twit… Continue reading Cyber Security Roundup for August 2020
Could organizations recoup their share of more than $1 billion per quarter by moving away from legacy solutions to cloud-native patch management and endpoint hardening? A new report from Sedulo Group says yes. The 2020 TCO Study of Microsoft WSUS &… Continue reading What are the benefits of automated, cloud-native patch management?
Less than 500 machines have been patched since U.S. Cyber Command issued an alert to patch a critical bug that’s under active exploit. Continue reading Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover
Attackers are bypassing a mitigation for the BIG-IP TMUI RCE vulnerability (CVE-2020-5902) originally provided by F5 Networks, NCC Group’s Research and Intelligence Fusion Team has discovered. On CVE-2020-5902 (K52145254) @TeamAresSec reported publicly at 18:24 the mitigation could be bypassed, we saw it used in the wild at 12:39 for the first time – upgrade don’t mitigate – https://t.co/sSr4JIZwu3 pic.twitter.com/PMfG0rCpyQ — NCC Group Infosec (@NCCGroupInfosec) July 7, 2020 “Early data made available to us, as of … More →
The post Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all appeared first on Help Net Security.
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, June 2020.
Australian Prime Minister Scott Morrison announced a sophisticated nation-state actor is causi… Continue reading Cyber Security Roundup for July 2020
U.S. cyber officials are urging American companies and individuals who rely on a popular security product to update their systems immediately, before foreign hackers can exploit a flaw in the technology to steal protected information. The Department of Homeland Security and U.S. Cyber Command said Monday that a “critical” flaw in technology from Palo Alto Networks, a multinational security firm based in California, could enable attackers “with network access” to obtain sensitive information. The flaw exists in PAN-OS, the operating system on firewalls and corporate virtual private network application products. Cyber Command said in a tweet that advanced hacking groups “will likely attempt exploit soon.” Palo Alto Networks issued a patch on Monday for the security flaw, the start of a weeks or months-long process in which corporate security teams will start updating their technologies to fend off hacking groups. The software flaw, officially dubbed CVE-2020-2021, was designated a 10.0 […]
The post US Cyber Command highlights Palo Alto Networks security patch, citing foreign espionage appeared first on CyberScoop.
There’s a massive amount of complexity plaguing today’s enterprise endpoint environments. The number of agents piling up on enterprise endpoint devices – up on average – is hindering IT and security’s ability to maintain foundational security hyg… Continue reading Massive complexity endangers enterprise endpoint environments
67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and 72% of encrypted malware was classified as zero day, so would have evaded signature-based antivirus protection, according to WatchGuard. These findings show that without HT… Continue reading Most malware in Q1 2020 was delivered via encrypted HTTPS connections