New IRAP reports for Australian customers are now available in AWS Artifact

Following our Information Security Registered Assessors Program (IRAP) assessment in December 2019, we are excited to announce that we have additional new IRAP documents now available in AWS Artifact as a result of the recent IRAP assessment at the PROTECTED level that was finished in June 2020. This includes an IRAP compliance report for 33 additional services, plus 1 separate report for AWS Outposts. Also included are 3 features of services that were already assessed in 2019: Amazon EventBridge for Amazon CloudWatch, AWS Transit Gateway for Amazon Virtual Private Cloud (Amazon VPC), and AWS Lake Formation for AWS Glue. The IRAP documentation pack continues to provide the ability to plan, architect, and self-assess Amazon Web Services (AWS) Cloud services in accordance with the Secure Cloud Strategy of the Australian government’s Digital Transformation Agency.

No Summer Slump for Microsoft Vulnerabilities

July 14, 2020 • David Carver

In March, Microsoft’s Patch Tuesday featured 125 vulnerabilities. Then, there were 113 in April. May brought 111, and June had 129. This week, Microsoft includes 123 in the July edition of Patch Tuesday. Vulnerabilities have presented challenges all year, with little hope of slowing down. For some context, this is a +30% increase from March-July of vulnerabilities disclosed by Microsoft in 2019.

July 2020 Patch Tuesday – 123 Vulnerabilities, 18 Critical, Hyper-V RemoteFX, DNS Server, Workstation, Adobe

This month’s Microsoft Patch Tuesday addresses 123 vulnerabilities with 18 of them labeled as Critical. The 18 Critical vulnerabilities cover Hyper-V, DNS Server, PerformancePoint, SharePoint Server, Office, Outlook, Remote Desktop, and several other workstation vulnerabilities. Adobe issued patches today for Download Manager, Media Encoder, Genuine Service, ColdFusion, and Creative Cloud.

Source: Spain is Customer of NSO Group

IMAGE: JACK GUEZ/AFP VIA GETTY IMAGES

The cellphones of several politicians in Spain, including that of the president of one of the countries’ autonomous regional parliaments, were targeted with spyware made by NSO Group, an Israeli company that sells surveillance and hacking tools to governments around the world, according to The Guardian and El Pais . Motherboard confirmed the specifics with security researchers who investigated the attempted hack and a Facebook employee who has knowledge of the case.

Microsoft July 2020 Patch Tuesday – Patch Now!, (Tue, Jul 14th)

.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability CVE-2020-1147 No No More Likely More Likely Critical     Azure DevOps Server Cross-site Scripting Vulnerability CVE-2020-1326 No No Less Likely Less Likely Important     Bond Denial of Service Vulnerability CVE-2020-1469 No No Less Likely Less Likely Important     Connected User Experiences and Telemetry Service Information Disclosure Vulnerability

CVE-2020-1386

Your 30-60-90 Day AppSec Plan

Your stakeholders have signed off on an application security program, you???ve selected a vendor ??ヲ ツ?but now what? There is no detailed handbook or instruction manual for getting started because every organization is different. You need to formulate your own plan to make sure the program meets the individual needs of your organization.

Myspace Wasn’t a Simpler Time, We Were Just Teenagers

My Myspace page was so sick.

Everyone believes this about their own Myspace page. But I had coded custom cursor-animation effects, a rotating sparkly background, auto-playing music, everything—all carefully crafted in the Myspace custom HTML / CSS. I curated my Top 8 obsessively, getting home from school and logging on to shuffle my friends’ avatars around on the grid based on the day’s drama.

CyberSmart raises £5.5million to fund growth following increased demand for cybersecurity

CyberSmart has raised £5.5 million in a heavily oversubscribed Series A funding round led by VC firm IQ Capital and respected cyber security and tech entrepreneur investors. The funding will be used to fund the growth of the company, which enables small to medium-sized businesses (SMBs) to combat the constant threat of cyber-attacks and increasing regulation in an ever-evolving technological landscape and increasingly connected digital operating space.