New IRAP reports for Australian customers are now available in AWS Artifact

Following our Information Security Registered Assessors Program (IRAP) assessment in December 2019, we are excited to announce that we have additional new IRAP documents now available in AWS Artifact as a result of the recent IRAP assessment at the PROTECTED level that was finished in June 2020. This includes an IRAP compliance report for 33 additional services, plus 1 separate report for AWS Outposts. Also included are 3 features of services that were already assessed in 2019: Amazon EventBridge for Amazon CloudWatch, AWS Transit Gateway for Amazon Virtual Private Cloud (Amazon VPC), and AWS Lake Formation for AWS Glue. The IRAP documentation pack continues to provide the ability to plan, architect, and self-assess Amazon Web Services (AWS) Cloud services in accordance with the Secure Cloud Strategy of the Australian government’s Digital Transformation Agency.

No Summer Slump for Microsoft Vulnerabilities

July 14, 2020 • David Carver

In March, Microsoft’s Patch Tuesday featured 125 vulnerabilities. Then, there were 113 in April. May brought 111, and June had 129. This week, Microsoft includes 123 in the July edition of Patch Tuesday. Vulnerabilities have presented challenges all year, with little hope of slowing down. For some context, this is a +30% increase from March-July of vulnerabilities disclosed by Microsoft in 2019.

July 2020 Patch Tuesday – 123 Vulnerabilities, 18 Critical, Hyper-V RemoteFX, DNS Server, Workstation, Adobe

This month’s Microsoft Patch Tuesday addresses 123 vulnerabilities with 18 of them labeled as Critical. The 18 Critical vulnerabilities cover Hyper-V, DNS Server, PerformancePoint, SharePoint Server, Office, Outlook, Remote Desktop, and several other workstation vulnerabilities. Adobe issued patches today for Download Manager, Media Encoder, Genuine Service, ColdFusion, and Creative Cloud.

Source: Spain is Customer of NSO Group


The cellphones of several politicians in Spain, including that of the president of one of the countries’ autonomous regional parliaments, were targeted with spyware made by NSO Group, an Israeli company that sells surveillance and hacking tools to governments around the world, according to The Guardian and El Pais . Motherboard confirmed the specifics with security researchers who investigated the attempted hack and a Facebook employee who has knowledge of the case.

Microsoft July 2020 Patch Tuesday – Patch Now!, (Tue, Jul 14th)

.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability CVE-2020-1147 No No More Likely More Likely Critical     Azure DevOps Server Cross-site Scripting Vulnerability CVE-2020-1326 No No Less Likely Less Likely Important     Bond Denial of Service Vulnerability CVE-2020-1469 No No Less Likely Less Likely Important     Connected User Experiences and Telemetry Service Information Disclosure Vulnerability


Decrypted: As tech giants rally against Hong Kong security law, Apple holds out

It’s not often Silicon Valley gets behind a single cause. Supporting net neutrality was one, reforming government surveillance another. Last week, Big Tech took up its latest: halting any cooperation with Hong Kong police.

Microsoft Addresses 'Wormable' RCE Vulnerability in Windows DNS Server

Microsoft has released a security update to address a remote code execution (RCE) vulnerability—CVE-2020-1350—in Windows DNS Server. A remote attacker could exploit this vulnerability to take control of an affected system. This is considered a “wormable” vulnerability that affects all Windows Server versions.

Microsoft issues patch for wormable Windows DNS Server flaw

Written by

Your 30-60-90 Day AppSec Plan

Your stakeholders have signed off on an application security program, you???ve selected a vendor ??ヲ ツ?but now what? There is no detailed handbook or instruction manual for getting started because every organization is different. You need to formulate your own plan to make sure the program meets the individual needs of your organization.

17-Year-Old Critical ‘Wormable’ RCE Vulnerability Impacts Windows DNS Servers

Cybersecurity researchers today disclosed a new highly critical “wormable” vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019.

Myspace Wasn’t a Simpler Time, We Were Just Teenagers

My Myspace page was so sick.

Everyone believes this about their own Myspace page. But I had coded custom cursor-animation effects, a rotating sparkly background, auto-playing music, everything—all carefully crafted in the Myspace custom HTML / CSS. I curated my Top 8 obsessively, getting home from school and logging on to shuffle my friends’ avatars around on the grid based on the day’s drama.

CyberSmart raises £5.5million to fund growth following increased demand for cybersecurity

CyberSmart has raised £5.5 million in a heavily oversubscribed Series A funding round led by VC firm IQ Capital and respected cyber security and tech entrepreneur investors. The funding will be used to fund the growth of the company, which enables small to medium-sized businesses (SMBs) to combat the constant threat of cyber-attacks and increasing regulation in an ever-evolving technological landscape and increasingly connected digital operating space.

Apache Releases Security Advisories for Apache Tomcat

The Apache Software Foundation has released security advisories to address multiple vulnerabilities in Apache Tomcat. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

Microsoft Intelligent Security Association expands to include managed security service providers

We’d planned a splashy party at Microsoft Inspire to announce our newest Microsoft Intelligent Security Association (MISA) members and introduce them to association members, but given our world today, I am instead picturing you reading this announcement curled up in a chair with a cup of coffee. Almost as satisfying, right?