Blow for card fraudsters, although UK is an outlier
Yearly Archives: 2023
4 strategies to help reduce the risk of DNS tunneling
Domain name system (DNS) tunneling is a pervasive threat that enables hackers to get any data in and out of a company’s internal network while bypassing most firewalls. The domain name system translates numeric internet protocol addresses that browsers can then use to load web pages — threat actors use tunneling to exploit this process and steal data by hiding it inside DNS traffic.
Most DNS attacks focus on spoofing or misdirection, where an attacker either feeds false information to DNS servers or convinces other systems to query a hostile DNS server instead of a legitimate one. But DNS tunneling essentially smuggles hostile traffic through DNS ports, which makes these attacks difficult to detect and mitigate.
Dissecting threat intelligence lifecycle problems
In my last CSO article, I looked at a few challenges related to enterprise threat intelligence programs. Security pros pointed to issues like dealing with too many manual processes, sorting through noisy threat intelligence feeds, establishing clear ROI benefits, and managing threat intelligence programs that are little more than an academic exercise for the cyber-threat intelligence (CTI) team.
6 phases of an effective threat intelligence program
Given these pervasive challenges, it’s logical to ask: What does a strong threat intelligence program look like? While different organizations may answer this question with their own unique perspective, one common trait is that successful CTI programs follow an established threat intelligence lifecycle across six phases. (Note: Some threat intelligence lifecycle models are composed of five phases as they combine items 5 and 6 below):
Superyacht-Maker Hit by Easter Ransomware Attack
doctl-1.93.1-2.fc37 golang-github-digitalocean-godo-1.98.0-1.fc37
FEDORA-2023-3737bc1c0a
Packages in this update:
doctl-1.93.1-2.fc37
golang-github-digitalocean-godo-1.98.0-1.fc37
Update description:
Update to 1.93.1
Rapid7 Has Good News for UK Security Posture
rnp-0.16.3-1.el9
FEDORA-EPEL-2023-97d6b10e34
Packages in this update:
rnp-0.16.3-1.el9
Update description:
Version 0.16.3 (2023-04-11)
Security
Fixed issue with possible hang on malformed inputs (CVE-2023-29479).
Fixed issue where in some cases, secret keys remain unlocked after use (CVE-2023-29480).
rnp-0.16.3-1.fc37
FEDORA-2023-0b5ccd1812
Packages in this update:
rnp-0.16.3-1.fc37
Update description:
Version 0.16.3 (2023-04-11)
Security
Fixed issue with possible hang on malformed inputs (CVE-2023-29479).
Fixed issue where in some cases, secret keys remain unlocked after use (CVE-2023-29480).
rnp-0.16.3-1.fc36
FEDORA-2023-609db87741
Packages in this update:
rnp-0.16.3-1.fc36
Update description:
Version 0.16.3 (2023-04-11)
Security
Fixed issue with possible hang on malformed inputs (CVE-2023-29479).
Fixed issue where in some cases, secret keys remain unlocked after use (CVE-2023-29480).
rnp-0.16.3-1.fc38
FEDORA-2023-cf4df6380b
Packages in this update:
rnp-0.16.3-1.fc38
Update description:
Version 0.16.3 (2023-04-11)
Security
Fixed issue with possible hang on malformed inputs (CVE-2023-29479).
Fixed issue where in some cases, secret keys remain unlocked after use (CVE-2023-29480).