Skip to Content

Security Advisories Notices Update on 2022-10-04

National Cyber Awareness System Drupal Releases Security Update Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server Cisco Releases Security Updates for Multiple Products Mozilla Releases Security Update for Thunderbird Hurricane-Related Scams CISA Adds Three Known Exploited Vulnerabilities to Catalog VMWare Releases Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting vSphere CISA Releases Six Industrial …

Read More about Security Advisories Notices Update on 2022-10-04

Announcement: Microsoft Cloud Partner Program launches

Today is the official launch of the new Microsoft Cloud Partner Program, historically Microsoft Partner Network (MPN). With the global reach, strategic investments, and technology stack from Microsoft, we empower our partners to create and sell differentiated products and end-to-end solutions for customers in any scenario and every industry. Additionally, we are committed to making …

Read More about Announcement: Microsoft Cloud Partner Program launches

How Servitisation and Industry 4.0 are Transforming Business Models for SMEs Manufacturers

As we enter into a new decade, it’s important to reflect on the changes that have taken place in recent years and how they have affected the business landscape. Two major phenomena that have emerged in recent years are “servitisation” and “Industry 4.0”, and both have had a major impact on product firms, not only …

Read More about How Servitisation and Industry 4.0 are Transforming Business Models for SMEs Manufacturers

US Senate Committee Approves Bill That Would Require Government-Wide Software Inventory

The US Senate Homeland Security and Governmental Affairs Committee has approved a bill that would direct federal agencies to conduct thorough inventories of software they use. The long-term goal of the Strengthening Agency Management and Oversight of Software Assets Act is to help consolidate software contracts and licenses, and encourage the adoption of open-source software. …

Read More about US Senate Committee Approves Bill That Would Require Government-Wide Software Inventory

Medical Device Cybersecurity Mandate Dropped from FDA Authorization Bill

The US Food and Drug Administration (FDA) appropriations bill has passed, but cybersecurity provisions introduced in the House version were removed when the bill went to Senate. The bill gives the FDA the authority to collect fees from healthcare organizations for reviewing new drugs and medical devices. Note This is an unfortunate victory for the …

Read More about Medical Device Cybersecurity Mandate Dropped from FDA Authorization Bill

TIGTA Audit: IRS Needs to Improve Digital Communication Platform Security and Access Controls

According to a report from the Treasury Inspector General for Tax Administration (TIGTA), a vendor who provides the US Internal Revenue Service (IRS) with a communications system did not apply available updates for antivirus and as a result, was running vulnerable software for more than a year. The vendor, eGain, is a managed service provider …

Read More about TIGTA Audit: IRS Needs to Improve Digital Communication Platform Security and Access Controls

CISA Releases Protective DNS Resolver Shared Service

The US Cybersecurity and Infrastructure Security Agency (CISA) has made its Protective Domain Name System available to all federal civilian agencies through CISA’s Cybersecurity Shared Services Office. In a blog post, CISA writes, “Protective DNS shields federal users and organizations from reaching known or suspected malicious destinations with a cutting-edge capability that safeguards network connections. …

Read More about CISA Releases Protective DNS Resolver Shared Service

Cloudflare’s Introduces a CAPTCHA Alternative

Cloudflare has announced the open beta of Turnstile, an alternative to CAPTCHA. Rather than waste users’ time with frustrating clicking exercises, Turnstile “automatically chooses from a rotating suite of non-intrusive browser challenges based on telemetry and client behavior exhibited during a session.” Note I experimented with Turnstile earlier this week, and it looks intriguing enough …

Read More about Cloudflare’s Introduces a CAPTCHA Alternative

Azure Single Sign-on and Passwordless Authentication

Microsoft has announced the public preview of single sign-on and passwordless authentication for Azure Virtual Desktop. The “new functionality is currently available on Windows 10, Windows 11 and Windows Server 2022 session hosts, once [users have] installed the September Cumulative Update Preview.” Note This is using Windows Hello and FIDO2. If you’re looking to start …

Read More about Azure Single Sign-on and Passwordless Authentication

Witchetty

Updated on 2022-09-30 In an ongoing cyberespionage campaign, the hacking group Witchetty has been found targeting two governments in the Middle East and a stock exchange in Africa. It is believed that Witchetty has close ties with the state-backed Chinese threat actor APT10, aka Cicada, and is also a part of the TA410 operatives. Read …

Read More about Witchetty

Potentially New Microsoft Exchange Zero-Day Flaw Actively Exploited

Updated on 2022-09-30 Zero-day remote code execution vulnerabilities in Microsoft Exchange servers are being actively exploited, according to researchers from GTSC. The flaws can be chained to deploy web shells on vulnerable servers. The GTSC researchers notified Microsoft of the vulnerabilities three weeks ago via the Zero Day Initiative, which has given them identifiers: ZDI-CAN-18333 …

Read More about Potentially New Microsoft Exchange Zero-Day Flaw Actively Exploited

New ESXi persistence technique

Updated on 2022-09-30 Mandiant discovered new espionage-related malware families—VIRTUALPITA and VIRTUALPIE—targeting VMware ESXi, Windows virtual machines, and Linux vCenter servers— to gain persistent administrative access. Read more: Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors Overview Mandiant discovered a new persistence technique used against VMWare ESXi systems where threat actors gained access …

Read More about New ESXi persistence technique
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.