News
-
Oracle January 2022 Critical Patch Update Addresses 266 CVEs
Oracle addresses 266 CVEs in its first quarterly update of 2022 with 497 patches, including 25 critical updates. Background On January 18, Oracle released its Critical Patch Update (CPU) for January 2022, the first quarterly update of the year. This CPU contains fixes for 266 CVEs in 497 security updates across 39 Oracle product families.…
-
Supply chain vulnerability allows attackers to manipulate SAP transport system
A supply chain vulnerability in the SAP transport system that allows attackers to infiltrate the change management or software deployment process has been identified by a cybersecurity provider based in Germany. A patch has been published by SAP SE to fix the issue that threatens all SAP environments that share a single transport directory. SAP…
-
The 2021 Threat Landscape Retrospective: Targeting the Vulnerabilities that Matter Most
A review of the year in vulnerabilities and breaches, with insights to help guide cybersecurity strategy in 2022 and beyond. “We do not learn from experience… we learn from reflecting on experience.” – John Dewey, American philosopher We all know that the best way to improve is by debriefing, especially when it comes to reviewing…
-
The Prometheus traffic direction system is a major player in malware distribution
Cybercrime is fueled by a complex ecosystem of criminal groups that specialize on different pieces of the final attack chains experienced by victims. There are the malware developers, the access brokers, the spammers, the private information sellers, the botnet operators, the malvertizers and more. One service that is often overlooked but still plays an important…
-
Are Fake COVID Testing Sites Harvesting Data?
Over the past few weeks, I’ve seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results. Speculation centered around data harvesting, but that didn’t make sense because it was far too labor intensive for…
-
Exploring influences on SSC grades for insurance companies
This blog was written by an independent guest blogger. There are more online stores and services available than ever, and you are able to shop for almost anything online whether it’s groceries or insurance. There are many ways to protect yourself while browsing the internet, and one of those ways is to choose reputable businesses…
-
Microsoft’s Pluton security processor tackles hardware, firmware vulnerabilities
While this year’s Consumer Electronics Show was impacted by COVID, it didn’t stop Lenovo from announcing the first Microsoft Pluton-powered Windows 11 PCs. First announced in 2020, the Pluton is a security processor that Microsoft developed in partnership with AMD and Qualcomm to provide what they called “chip to cloud” security. Pluton is designed to…
-
Russian cyberattacks on Ukraine raise IT security concerns
This past week has seen an inundation of notifications concerning Russia’s overt and covert efforts to set “their” stage to provide it with a pretext to invade Ukraine once again. The realpolitik of the Russian efforts and the media focus is on the likelihood of Russia taking this course of action. These preparatory actions include…
-
How chaos engineering can help DevSecOps teams find vulnerabilities
The words “chaos” and “engineering” aren’t usually found together. After all, good engineers keep chaos at bay. Yet lately software developers are deploying what they loosely call “chaos” in careful amounts to strengthen their computer systems by revealing hidden flaws. The results aren’t perfect – anything chaotic can’t offer guarantees– but the techniques are often…
-
Nine-year-old kids are launching DDoS attacks against schools
Britain’s computer crime cops are targeting youngsters as young as nine years old in an attempt to dissuade them from embarking on a life of cybercrime. Read more in my article on the Hot for Security blog. Read More