Read Time:3 Second
Mitel MiVoice appliance bug exploited in sophisticated attack
Daily Archives: September 13, 2022
Iranian Hackers Launch Renewed Attack on Albania
CNAPP buyers guide: Top tools compared
Read Time:46 Second
Cloud security continues to be a vexing situation, and the tool set continues to become more complex, riddled with acronyms representing possible solutions. Now there’s another: the cloud native application protection platform, or CNAPP. This tool combines the coverage of four separate products:
A cloud infrastructure entitlements manager (CIEM) that manages overall access controls and risk management tasks
A cloud workload protection platform (CWPP) that secures code across all kinds of cloud-based repositories and provides runtime protection across the entire development environment and code pipelines
A cloud access security broker (CASB) that handles authentication and encryption tasks
A cloud security posture manager (CSPM) that combines threat intelligence and remediation
IT and security managers are looking for a few basic elements from these products, including more accurate threat detection, support for all workloads across multiple cloud deployments, and ways to implement preventable controls.
Researchers Warn of 674% Surge in Deadbolt Ransomware
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Read Time:46 Second
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
Safari is a graphical web browser developed by Apple.
macOS Monterey is the 18th and current major release of macOS.
macOS Big Sur is the 17th release of macOS.
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Hands-on cyberattacks jump 50%, CrowdStrike reports
Read Time:34 Second
Enterprises monitored by CrowdStrike’s Falcon OverWatch threat hunters faced 77,000 attempts of hands-on, interactive intrusions, or approximately one potential intrusion every seven minutes, between July 1, 2021, and June 30, 2022—a 50% year-over-year increase, according to a new report from the cybersecurity company.
Breakout time, or the time an adversary takes to move laterally from an initially compromised host to another host within the victim’s environment, fell to one hour and 24 minutes compared to one hour and 38 minutes during the year-earlier period, demonstrating that adversaries continue to sharpen their tradecraft, according to CrowdStrike.
DSA-5229 freecad – security update
Read Time:8 Second
Two vulnerabilities were discovered in FreeCAD, a CAD/CAM program,
which could result in the execution of arbitrary shell commands when
opening a malformed file.