Author: Blog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian’s Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally.

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.

Tesla CEO Elon Musk kicked off its Tesla AI Day 2022 with a quick level set on expectations — “we’ve come a long way” — and then stepped aside to allow the first iteration of its robot walk out onto the stage.

Updated Infosec experts have warned zero-day flaws in Microsoft’s Exchange server are being actively exploited.

To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PDT, subscribe here.

The post Preparing for Cyber Insurance? 6 Questions to Ask Your IT Team Today appeared first on Datawiza.

Most organizations today are software development companies. It doesn’t matter much if you are building the latest in cloud computing services or manufacturing paint, you most likely have a team of software engineers building proprietary systems and at the very least you rely heavily on commercial software to keep your operation afloat. Therefore this article doesn’t just affect the start-ups with ambitions to change the IT landscape, it affects all organizations.

Volvo is one of those brands with a core identity so firmly cemented that no amount of marketing can counter it. Volvo is safety first.

As part of Twitter’s lawsuit against Elon Musk for his attempt to renege on acquiring the company for $44 billion, countless of Musk’s text messages were made public and published by the New York Times yesterday. The gang’s all there: tech executives, various podcasters, media executives, and more, all vying for Musk’s attention to pitch ideas about Twitter, social media companies, or a chance to be part of Musk’s purchase.

Written by Suzanne Smalley
Sep 30, 2022 | CYBERSCOOP

• September 30, 2022
• Amy Krigman

Hello and welcome back to the GlobalSign blog! Here’s what’s been happening in cybersecurity.

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

The demand for some services can be so high, it can insulate their providers against the vagaries of the market. During an economic downturn, consumers don’t cut back on pet food or toilet paper. Similarly, everyone needs insurance.

If complex operations and administration are hindering your data protection program’s effectiveness, check out our Data Protection Transformed event, where we’ll unveil groundbreaking innovations that will help your program get to where it needs to be.

In September 2022, Trellix published a report on a vulnerability in the tarfile module, which is part of a standard library for the Python programming language and can be used by anyone. The vulnerability allows an arbitrary file to be written to an arbitrary folder on the hard drive, and in some cases it also allows for malicious code execution. What makes this study noteworthy is that the problem in tarfile was discovered in August 2007 – just over 15 years ago! But back then it wasn’t considered dangerous. Let’s find out why is wasn’t, and what problems Python developers and their users could face as a result.

In a blog post, Vietnamese security company GTSC noted that they saw evidence of a new “ProxyShell” like vulnerability being exploited in the wild. The evidence came from compromised Exchange servers GTSC observed when responding to incidents [1]. Later, Trend Micro confirmed that two vulnerabilities tracked by Trend Micro’s zero-day initiative were involved in the compromise described by GTSC [2]. Trend Micro had reported the vulnerabilities to Microsoft about a month ago.

Back in 2018, we learned that covert system of websites that the CIA used for communications was compromised by—at least—China and Iran, and that the blunder caused a bunch of arrests, imprisonments, and executions. We’re now learning that the CIA is still “using an irresponsibly secured system for asset communication.”

There has been significant growth in organizations deploying private blockchain technology. But despite its reputation, it is essential not to assume blockchain is secure just because it relies on cryptography. An appropriate security design with controls that addresses an organization’s acceptable risk should be applied and reviewed before deploying blockchain to a production environment.