Collaborate Disseminate
The outing of China-backed threat actor Volt Typhoon and Microsoft’s compromise by Russia-backed Midnight Blizzard provide important cyber security strategy lessons for Australia, says Tenable. Continue reading Tenable: Cyber Security Pros Should Worry About State-Sponsored Cyber Attacks
Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks. Continue reading Fat Patch Tuesday, February 2024 Edition
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2… Continue reading Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based m… Continue reading PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)
Misinformation and disinformation are biggest short-term risks, while extreme weather and critical change to Earth systems are greatest long-term concern, according to the Global Risks 2024 Report from the World Economic Forum. Against a backdrop of sy… Continue reading Geopolitical tensions combined with technology will drive new security risks
For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700. None of the vulnerabilities fixed this time aroundare under active exploitation or have been… Continue reading Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)
The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch batch. Still, four of the updates pushed out today address “critical” vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete control over a vulnerable Windows device with little or no help from users. Continue reading Microsoft Patch Tuesday, December 2023 Edition
Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day vulnerabilities, marking only the second time in 2023 that no zero-days were fixed… Continue reading December 2023 Patch Tuesday: 33 fixes to wind the year down
Arcserve has fixed critical security vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in its Unified Data Protection (UDP) solution, PoCs for which have been published by Tenable researchers on Monday. The vulnerabilities Arcserve UDP i… Continue reading PoCs for critical Arcserve UDP vulnerabilities released
In the last two years, the average organization’s cybersecurity program was prepared to defend preventively, or block, just 57% of the cyberattacks it encountered, according to Tenable. This means 43% of attacks launched against them are successful and… Continue reading The roadblocks to preventive cybersecurity success