Author: nlqip

Apply the stable channel update provided by Mozilla to vulnerable systems immediately after appropriate testing. (M1051: Update Software)o Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.o…

Read More

The second year of Gartner rankings for single-vendor SASE (secure access service edge) featured nine vendors in total. Cato Networks moved up and Netskope appeared for the first time as Gartner released its latest Magic Quadrant ranking of single-vendor SASE vendors — with the two companies joining Palo Alto Networks in the sought-after “leaders” quadrant…

Read More

“Prior to our work, there was no publicly-known attack exploiting MD5 to violate the integrity of the RADIUS/UDP traffic,” the researchers wrote in a blog post. “However, attacks continue to get faster, cheaper, become more widely available, and become more practical against real protocols. Protocols that we thought might be ‘secure enough,’ in spite of…

Read More

Almost a thousand Twitter accounts controlled by a large bot farm pushing Russian propaganda and domains used to register the bots were taken down in a joint international law enforcement operation led by the U.S. Justice Department. Organized and managed by a deputy editor-in-chief at Russian state-run news organization Russia Today (RT) and a Russian…

Read More

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23692 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability CVE-2024-38080 Microsoft Windows Hyper-V Privilege Escalation Vulnerability CVE-2024-38112 Microsoft Windows MSHTML Platform Spoofing Vulnerability These types of vulnerabilities are frequent attack vectors…

Read More

Microsoft is rolling out the KB5040442 cumulative update for Windows 11 23H2, which includes up to thirty-one improvements and changes. The changes include a new feature that adds back the “Show Desktop” button, which Copilot replaced. This update was released as part of Microsoft’s July 2024 Patch Tuesday and is mandatory to install as it contains security updates for…

Read More

Almost a thousand Twitter accounts controlled by a large bot farm pushing Russian propaganda and domains used to register the bots were taken down in a joint international law enforcement operation led by the U.S. Justice Department. Organized and managed by a deputy editor-in-chief at Russian state-run news organization Russia Today (RT) and a Russian…

Read More

A few weeks ago, my wife asked me why stopping threat actors from impacting our lives is so difficult. In this digital age, the necessity to connect online brings inherent exposure to vulnerabilities. The challenge for you as a security leader lies in reducing the sense of vulnerability by building trust. You need to protect…

Read More

Apply the stable channel update provided by Adobe to vulnerable systems immediately after appropriate testing. (M1051: Update Software)o Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.o…

Read More

MS-ISAC ADVISORY NUMBER: 2024-078 DATE(S) ISSUED: 07/09/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or…

Read More