Tag: security postures
-
The Register: SafePay ransomware gang claims Microlise attack that disrupted prison van tracking
Source URL: https://www.theregister.com/2024/11/22/safepay_microlise/ Source: The Register Title: SafePay ransomware gang claims Microlise attack that disrupted prison van tracking Feedly Summary: Fledgling band of crooks says it stole 1.2 TB of data The new SafePay ransomware gang has claimed responsibility for the attack on UK telematics biz Microlise, giving the company less than 24 hours to…
-
The Register: Here’s what happens if you don’t layer network security – or remove unused web shells
Source URL: https://www.theregister.com/2024/11/22/cisa_red_team_exercise/ Source: The Register Title: Here’s what happens if you don’t layer network security – or remove unused web shells Feedly Summary: TL;DR: Attackers will break in and pwn you, as a US government red team demonstrated The US Cybersecurity and Infrastructure Agency often breaks into critical organizations’ networks – with their permission,…
-
Simon Willison’s Weblog: Quoting Steven Johnson
Source URL: https://simonwillison.net/2024/Nov/21/steven-johnson/#atom-everything Source: Simon Willison’s Weblog Title: Quoting Steven Johnson Feedly Summary: When we started working on what became NotebookLM in the summer of 2022, we could fit about 1,500 words in the context window. Now we can fit up to 1.5 million words. (And using various other tricks, effectively fit 25 million words.)…
-
Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability CVE-2024-9474 Palo Alto Networks PAN-OS…
-
CSA: CSA Community Spotlight: Addressing Emerging Security Challenges with CISO Pete Chronis
Source URL: https://cloudsecurityalliance.org/blog/2024/11/18/csa-community-spotlight-addressing-emerging-security-challenges-with-ciso-pete-chronis Source: CSA Title: CSA Community Spotlight: Addressing Emerging Security Challenges with CISO Pete Chronis Feedly Summary: AI Summary and Description: Yes Summary: The article highlights the 15th anniversary of the Cloud Security Alliance (CSA) and emphasizes its significant contributions to cloud security, including standardizing cloud security controls and fostering collaboration among industry…
-
Microsoft Security Blog: DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration
Source URL: https://www.microsoft.com/en-us/security/blog/2024/11/11/dod-zero-trust-strategy-proves-security-benchmark-years-ahead-of-schedule-with-microsoft-collaboration/ Source: Microsoft Security Blog Title: DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration Feedly Summary: The Navy implementation scored a 100 percent success rate, meeting DoD requirements on all 91 Target-Level activities tested. The post DoD Zero Trust Strategy proves security benchmark years ahead of schedule…
-
The Register: Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost
Source URL: https://www.theregister.com/2024/11/14/fortinet_vpn_authentication_bypass_bug/ Source: The Register Title: Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost Feedly Summary: Plus a bonus hard-coded local API key A now-patched, high-severity bug in Fortinet’s FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher…