Cyber Security Informer

Weekly Update 85

Troy Hunt

MAY 4, 2018

It's a (new) weekly update! Lights are in, things are much brighter and. I think it was a bit too bright and the camera was pointed too high. This is all experimentation, folks, and I appreciate everyone's input as I tune things to try and get a consistent, quality result. References. It's a new Pluralsight course!

Passwords

Passwords Data breaches

Microsoft Patch Tuesday, October 2022 Edition

Krebs on Security

OCTOBER 11, 2022

Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. And if you run into any problems with these updates, please drop a note about it here in the comments.

DNS

DNS Internet Internet Cyber threats

Heimdal™ Releases Vulnerability Data on the Microsoft Exchange Patch

Heimadal Security

MARCH 11, 2021

Copenhagen, March 11, 2021 – According to Heimdal™ ‘s internal data, 85% of organizations have already applied the readily available patches that address the Microsoft Exchange vulnerabilities, through the use of automated vulnerability management and deployment.

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

OCTOBER 17, 2023

With 85% of campaigns targeting victims with phishing emails containing malicious links, another form of a social engineering attack, education and cyber vigiliance remain a high priority. Ensure that your systems are up to date with the latest security patches and software updates. Use 2FA authentication for better protection.

Social Engineering

Social Engineering Ransomware Engineering Phishing

CVSS Vulnerability Scores Can Be Misleading: Security Researchers

eSecurity Planet

AUGUST 31, 2022

Rather than reading uncontextualized scores at face value, teams should prioritize the business need to reduce their backlog of tickets that constantly grows with daily security updates. It’s not exactly like pushing the “update button,” and the process can even take weeks or months. Remediation can be a struggle for technical teams.

Risk

Risk Firewall Data breaches Software

Organizations paid at least $602 million to ransomware gangs in 2021

Security Affairs

FEBRUARY 13, 2022

“Sure enough, we updated our ransomware numbers a few times throughout 2021, reflecting new payments we hadn’t identified previously.” ” “There is a slight time lag in ransomware data, so we expect when these numbers get updated in a few months, 2021 will have higher numbers than 2020.” added the company. .

Ransomware

Ransomware Cryptocurrency Cybercrime Malware

Thinking of a Cybersecurity Career? Read This

Krebs on Security

JULY 24, 2020

” Fully 85 percent ranked networking as a critical or “very important” skill, followed by a mastery of the Linux operating system (77 percent), Windows (73 percent), common exploitation techniques (73 percent), computer architectures and virtualization (67 percent) and data and cryptography (58 percent).

Cybersecurity

Cybersecurity Architecture Hacking Engineering

School district IT leaders grade their handling of past malware attacks

SC Magazine

MARCH 15, 2021

“And with that two weeks, we updated everything. Due to the ransomware infection, “we lost access to about 85 of our 400 servers across the network,” and both file and certain back-ups were encrypted. We’re taking advantage of Google for Education’s unlimited backups.”.

Malware

Malware Backups Education Ransomware

TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access

Fox IT

NOVEMBER 8, 2021

NCC Group strongly advises updating systems running SolarWinds Serv-U software to the most recent version (at minimum version 15.2.3 Serv-U_15.1.0.480 85 SSH-2.0-Serv-U_15.1.2.189. NCC Group’s global Cyber Incident Response Team have observed an increase in Clop ransomware victims in the past weeks. Amount Version 441 SSH-2.0-Serv-U_15.1.6.25

Software

Software Ransomware Internet Internet

12 Steps to Take if You’ve Been Laid Off in Cybersecurity (which everyone should read)

Jane Frankland

FEBRUARY 1, 2023

For example, in its “ Future of Jobs Report 2020 ,” they estimated that 85 million jobs will be displaced while 97 million new jobs will be created across 26 countries by 2025. 5 : Update your resume and LinkedIn profile Updating your resume and LinkedIn profile (key assets) are important steps. It’s a sad affair.

Cybersecurity

Cybersecurity Accountability Media Government

13 Steps to Take if You’ve Been Laid Off in Cybersecurity (which everyone should read)

Jane Frankland

FEBRUARY 1, 2023

For example, in its “ Future of Jobs Report 2020 ,” they estimated that 85 million jobs will be displaced while 97 million new jobs will be created across 26 countries by 2025. 5 : Update your resume, LinkedIn profile, and write your story Updating your resume and LinkedIn profile (key assets) are important steps.

Cybersecurity

Cybersecurity Accountability Media Marketing

A vulnerable honeypot exposed online can be compromised in 24 hours

Security Affairs

NOVEMBER 24, 2021

85% of the attacker IPs were observed only on a single day demonstrating that Layer 3 IP-based firewalls are not effective against these attacks because threat actors rotate same IPs to launch attacks. Below are some findings shared by the experts: the most attacked application was SSH. ” reads the post published by Palo Alto Networks.

Firewall

Firewall Internet Internet Hacking

EU Cybersecurity Month: how to spot (and avoid) common cyber scams

BH Consulting

OCTOBER 28, 2021

Keep software patched and updated to avoid exploitation of old vulnerabilities. The 2021 Verizon Data Breach Investigations Report found that 85 per cent of breaches involved the human element. The impact was devastating : as RTE reported , the attack caused delays to medical treatments and masses of cancelled appointments.

Scams

Scams Cybersecurity Data breaches Phishing

The 11 Best GRC Tools for 2024

Centraleyes

APRIL 1, 2024

With over 85 native integrations, Drata enables seamless evidence collection and control monitoring across diverse systems. Diligent’s Security Program follows the NIST Cybersecurity Framework and ISO/IEC 27001 requirements to secure information assets using an ISMS. In reality, a good security audit takes time.

Risk

Risk Government Artificial Intelligence Software

We explored the dangers of pirated sport streams so you don’t have to

Webroot

MAY 12, 2021

All sites at time of testing had a safe, zero detection rating in Virus Total except for one, “daddylive”, with a rating of 1/85. There is a sizable online community that shares bootlegged movies, TV and live sports streams without copyright protection over HTTP/HTTPS.

Scams

Scams Mobile Social Engineering Advertising

9 Best Secure Web Gateway Vendors for 2022

eSecurity Planet

DECEMBER 15, 2021

C-managed and cloud-delivered with over 85 global points of presence. Best catch rate for both known and unknown malware: Fastest time to verdict (up to 4 minutes), fastest time to virtually patch against new vulnerabilities (via IPS), and fastest update of Threat Intelligence feeds. Key differentiators.

Digital transformation

Digital transformation Engineering Internet Internet

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Elie

DECEMBER 2, 2017

We hope the Deutsche Telekom event acts as a wake-up call and push toward making IoT auto-update mandatory. IoT device auto-updates should be mandatory to curb bad actors’ ability to create massive IoT botnets on the back of unpatched IoT devices. We know little about that attack as OVH did not participate in our joint study.

IoT

IoT DDOS Internet Internet

Advanced Phishing 201: How to Prevent Phishing from Impacting Your Users

Duo's Security Blog

MAY 10, 2023

However, these messages, powered by natural language AI models , are getting craftier—prompting users with false but convincing “you received a comment on your last document” and “please download this update ASAP” polished correspondences.

Phishing

Phishing DNS Authentication Risk

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

The fact is over 85% of the software today is composed of third party components -- meaning your developers didn’t code all of it, someone else contributed along the way. Chet Ramey, meanwhile, was producing an updated versions of Bash that incorporated these new findings.

Software

Software Passwords Internet Internet

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

The fact is over 85% of the software today is composed of third party components -- meaning your developers didn’t code all of it, someone else contributed along the way. Chet Ramey, meanwhile, was producing an updated versions of Bash that incorporated these new findings.

Software

Software Passwords Internet Internet

Cyber Security Informer

Weekly Update 85

Microsoft Patch Tuesday, October 2022 Edition

Trending Sources

Heimdal™ Releases Vulnerability Data on the Microsoft Exchange Patch

Ransomware realities in 2023: one employee mistake can cost a company millions

CVSS Vulnerability Scores Can Be Misleading: Security Researchers

Organizations paid at least $602 million to ransomware gangs in 2021

Thinking of a Cybersecurity Career? Read This

School district IT leaders grade their handling of past malware attacks

TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access

12 Steps to Take if You’ve Been Laid Off in Cybersecurity (which everyone should read)

13 Steps to Take if You’ve Been Laid Off in Cybersecurity (which everyone should read)

A vulnerable honeypot exposed online can be compromised in 24 hours

EU Cybersecurity Month: how to spot (and avoid) common cyber scams

The 11 Best GRC Tools for 2024

We explored the dangers of pirated sport streams so you don’t have to

9 Best Secure Web Gateway Vendors for 2022

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Advanced Phishing 201: How to Prevent Phishing from Impacting Your Users

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

Stay Connected