Category Archives: week in review

Here’s an overview of some of last week’s most interesting news, articles and interviews: Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations Due to the extraordinary widespread use of the open-source Apache… Continue reading Week in review: Log4Shell updates, Kronos ransomware attack, unused identities threat→

Here’s an overview of some of last week’s most interesting news, articles and interviews: Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228) A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a… Continue reading Week in review: Apache Log4j 0day exploited, Kali Linux 2021.4 released, Patch Tuesday forecast→

Here’s an overview of some of last week’s most interesting news, articles and interviews: Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077) An APT group is leveraging a critical vulnerability (CVE-202… Continue reading Week in review: 150+ HP multifunction printers under attack, how to combat ransomware with visibility→

Here’s an overview of some of last week’s most interesting news, articles and interviews: After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379) A local elevation of privilege vulnerability (CVE-2021-41379) in t… Continue reading Week in review: Windows EoP flaw still exploitable, GoDaddy breach, malicious Python packages on PyPI→

Here’s an overview of some of last week’s most interesting news, articles and interviews: Researchers shed light on hidden root CAs How widespread is the use of hidden root CAs and certificates signed by them? To answer that and other quest… Continue reading Week in review: Intel chip flaw, shedding light on hidden root CAs, Emotet stages a comeback→

Here’s an overview of some of last week’s most interesting news, articles and interviews: Critical RCE in Palo Alto Networks (PAN) firewalls revealed, patch ASAP! (CVE-2021-3064) The existence of a critical RCE vulnerability (CVE-2021-3064)… Continue reading Week in review: Critical RCE in Palo Alto Networks firewalls, how to select a DRaaS solution→

Here’s an overview of some of last week’s most interesting news, articles and interviews: (IN)SECURE Magazine issue 70 released (IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security t… Continue reading Week in review: CVE + MITRE ATT&CK methodology, new issue of (IN)SECURE Magazine→

Here’s an overview of some of last week’s most interesting news, articles and interviews: Apple fixes security feature bypass in macOS (CVE-2021-30892) Apple has delivered a barrage of security updates for most of its devices this week, and… Continue reading Week in review: Popular npm package hijacked, zero trust security key tenets, wildcard certificate risks→

Here’s an overview of some of last week’s most interesting news, articles and interviews: Released: MITRE ATT&CK v10 MITRE Corporation has released the tenth version of ATT&CK, its globally accessible (and free!) knowledge base of… Continue reading Week in review: MITRE ATT&CK v10 released, BEC scammers’ latest tricks, WFH security tactics→

Here’s an overview of some of last week’s most interesting news, articles and interviews: Help Net Security: XDR Report has been released The topic of this inaugural report is extended detection and response (XDR), an emerging technology th… Continue reading Week in review: Strengthening firmware security, Help Net Security: XDR Report released→