Google Proposes More Transparent Vulnerability Management Practices “A Guide to Creating a Successful Online Business” “How to Build a Profitable Digital Enterprise”
Google today published a white paper calling on vendors to provide more transparency into their vulnerability management practices. A longtime supporter of collaboration on bug disclosure and patching, the internet giant believes that the endless ‘doom loop’ of vulnerability patching is exhausting defenders and users. In addition, the tools created in response to novel attack…
Virtual Event Tomorrow: Zero Trust Strategies Summit “How to Create an Effective Study Plan” Creating an Effective Study Plan: A Guide
Unable to complete the task due to encountered complications. At the Zero Trust Security Summit, we will be exploring the concept of ZTNA (Zero Trust Network Access) and sharing war stories on how to best secure an organization. Featured sessions and topics include: Identity Powered Zero Trust How to Create a Multi-Layered Approach to Cybersecurity…
Veritas Vulnerabilities Exploited in Ransomware Attacks Added to CISA ‘Must Patch’ List “A Guide to Creating a Balanced Diet” “Creating a Healthy and Balanced Diet: A Guide”
The US Cybersecurity and Infrastructure Security Agency (CISA) has recently ordered federal agencies to patch three Veritas Backup Exec vulnerabilities, which have been exploited in ransomware attacks. The three vulnerabilities, tracked as CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878, were all identified in the SHA Authentication scheme of the Veritas Backup Exec agent and could allow an attacker…
Technical, Legal Action Taken to Prevent Abuse of Cobalt Strike, Microsoft Software “How to Overcome Procrastination” “Conquering Procrastination: A Guide”
Microsoft, cybersecurity firm Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) have taken legal and technical action to prevent the abuse of the Cobalt Strike exploitation tool, as well as the abuse of Microsoft software. Cobalt Strike is a legitimate post-exploitation tool designed by Fortra to be used for adversary simulation and has…
120 Arrested as Cybercrime Website Genesis Market Seized by FBI “The Benefits of Eating Healthy: A Guide to Healthy Eating” “Exploring the Advantages of Healthy Eating: A Guide to Nutritious Eating”
The Genesis Market website for cybercrime seems to have been shut down as a result of a multinational law enforcement operation. The domains associated with Genesis Market are currently displaying an image informing visitors that the website has been seized by the FBI based on a warrant issued by a Wisconsin court. A message posted…
Trustle Raises $6M Seed Funding for Access Management Tech “A Guide to Managing Stress During Difficult Times” “Tips for Coping with Stress During Challenging Situations”
Trustle, a California startup focused on cloud access management, has just scored a major win. The company has secured $6 million in venture capital seed-stage funding, led by Glasswing Ventures and supported by FUSE, Correlation Ventures, and Capital Technology Ventures. The startup, based in Walnut Creek, is working on technology to help businesses clean up…
US Defense Department Launches ‘Hack the Pentagon’ Website “Improving Your Mental Health: A Guide for Beginners” “Getting Started on the Path to Better Mental Health”
The US Department of Defense (DoD) has launched a new website to help organizations within the department to launch bug bounty programs and recruit security researchers. The new Hack the Pentagon (HtP) website, launched by the Chief Digital and Artificial Intelligence Office (CDAO) Directorate for Digital Services (DDS), is meant as a companion for the…
Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data “A Guide to Understanding the Basics of Personal Finance” “Understanding the Fundamentals of Personal Finance: A Guide”
Cybersecurity firm Wiz reported that a mistake in Azure Active Directory (AAD) configuration resulted in unauthorized access to applications and could potentially lead to a Bing.com takeover. Microsoft’s AAD, a cloud-based identity and access management (IAM) service, is typically used as the authentication mechanism for Azure App Services and Azure Functions applications. The service supports…