Security CERT Global
- Pathways: exploring a new way to achieve Cyber Essentials certification
- Sårbarheter i Cisco-produkter utnyttjas aktivt
- Sikkerhedsopdateringer fra Cisco
- お知らせ:インシデント報告Webフォームメンテナンス(2024/05/16)のお知らせ
- Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
- CERTFR-2024-AVI-0343 : Multiples vulnérabilités dans Google Chrome (24 avril 2024)
- CERTFR-2024-AVI-0342 : Multiples vulnérabilités dans NagiosXI (24 avril 2024)
- Sårbarhet i Progress Flowmon
- Tager ansvar for cyberangreb på vandværk i USA
- ICS Security Conference 2024
- JVN: NETGEAR製ルーターにおけるバッファオーバーフローの脆弱性
- JVN: RoamWiFi R10における複数の脆弱性
- NETGEAR routers vulnerable to buffer overflow
- Multiple vulnerabilities in RoamWiFi R10
- Linux kernel: CVSS (Max): 7.8
- Linux Kernel (Live Patch 6 for SLE 15 SP5): CVSS (Max): 7.8
- Linux Kernel (Live Patch 10 for SLE 15 SP5): CVSS (Max): 7.8
- Linux Kernel (Live Patch 8 for SLE 15 SP5): CVSS (Max): 7.8
- Ruby: CVSS (Max): None
- jasper: CVSS (Max): 7.5
- Linux Kernel (Live Patch 47 for SLE 12 SP5): CVSS (Max): 7.8
- qemu: CVSS (Max): 8.2
- qemu: CVSS (Max): 8.2
- Linux Kernel: CVSS (Max): 7.8
- Linux Kernel: CVSS (Max): 7.8
- kubernetes1.23: CVSS (Max): 2.7
- Linux Kernel: CVSS (Max): 7.8
- Google Guest Agent and Google OS Config Agent: CVSS (Max): 5.9
- opensc: CVSS (Max): 4.4
- Linux Kernel: CVSS (Max): 7.8
- kubernetes1.24: CVSS (Max): 2.7
- glibc: CVSS (Max): 8.8
- Linux Kernel: CVSS (Max): 7.8
- Squid: CVSS (Max): 8.6
- Weekly Report: PuTTY SSHクライアントのECDSA署名処理に脆弱性
- Weekly Report: Proscend Communications製M330-WおよびM330-W5におけるOSコマンドインジェクションの脆弱性
- Weekly Report: 2024年4月Oracle Critical Patch Updateについて
- Weekly Report: WordPress用プラグインForminatorにおける複数の脆弱性
- Weekly Report: LINE client for iOSにおけるサーバ証明書の検証不備の脆弱性
- Weekly Report: 経済産業省が「工場システムにおけるサイバー・フィジカル・セキュリティ対策ガイドラインVer 1.0」および「工場システムにおけるサイバー・フィジカル・セキュリティ対策ガイドライン【別冊:スマート化を進める上でのポイント】」の英訳版を公表
- Weekly Report: TensorFlowベースのKerasモデルに含まれるLambdaレイヤにコードインジェクションが発生する問題
- Weekly Report: バッファロー製無線LANルーターに複数の脆弱性
- Weekly Report: CISAが「Deploying AI Systems Securely」を公表
- Weekly Report: IPAが「アタックサーフェスの Operational Relay Box 化を伴うネットワーク貫通型攻撃について Adobe ColdFusion の脆弱性(CVE-2023-29300)を狙う攻撃」に関する注意喚起を公表
- Weekly Report: LINEヤフー社製Armeria-samlにおけるSAMLメッセージ取り扱い不備
- CISA Adds One Known Exploited Vulnerability to Catalog
- CISA Releases Two Industrial Control Systems Advisories
- Udnyttelse af Palo Altofirewalls igang
- Microsoft: APT28 udnytter Windows-fejl
MGS+ ICS Security Report August 2017
MG Strategy+ ICS Security Report August 2017: Editor Picks: News Intelligence Alerts Reports
Financial malware more than twice as prevalent as ransomware
Three Trojans dominated the financial threat landscape in 2016 and attackers increased their focus on corporate finance departments
Source: https://www.symantec.com/connect/blogs/financial-malware-more-twice-prevalent-ransomware
The Jetson’s Cyber Concerns – Future Smart Cities Cybersecurity Checklist
As cities continue to grow smarter, they will also become easier to hack. With millions (if not billions) of dollars going into research for urban domains and the Internet of Things (IoT), there will be more opportunities to utilize technology to define, access and improve smart city services and infrastructure. In these smart cities, information security plays a huge role in protecting the highest levels of confidentiality, availability and integrity for city resources and utilities.
Source: http://blog.trendmicro.com/jetsons-cyber-concerns-future-smart-cities-cybersecurity-checklist/
The Future of Ransomware
Ransomware isn’t new, but it’s increasingly popular and profitable.
Source: https://www.schneier.com/blog/archives/2017/05/the_future_of_r.html
Rethinking Vulnerabilities: Network Infrastructure as a Software System
Increasing complexity is putting networks at risk. It’s time to shift our security approach and take some lessons from software development.
Source: https://www.darkreading.com/vulnerabilities—threats/rethinking-vulnerabilities-network-infrastructure-as-a-software-system/a/d-id/1328989
Over 8,600 Security Flaws Found in Pacemaker Systems
Security researchers from WhiteScope have uncovered over 8,600 vulnerabilities in pacemaker systems and the third-party libraries used to power various of their components.
Source: https://www.bleepingcomputer.com/news/security/over-8-600-security-flaws-found-in-pacemaker-systems/#.WTBsjfJS8zo.twitter
How the FBI relies on dark web intel firms as frontline investigators
Source: https://www.cyberscoop.com/dark-web-intelligence-fbi-investigations/
Using Physics to Protect Industrial Devices Against Hacking
Source: https://waterfall-security.com/blog/using-physics-protect-industrial-devices-hacking
Ransomware: Best Practices for Prevention and Response
Source: https://insights.sei.cmu.edu/sei_blog/2017/05/ransomware-best-practices-for-prevention-and-response.html
Machine Learning in Cybersecurity
Source: https://insights.sei.cmu.edu/sei_blog/2017/06/machine-learning-in-cybersecurity.html
Critical Asset Identification (Part 1 of 20: CERT Best Practices to Mitigate Insider Threats Series)
The first practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 1: Know and Protect Your Critical Assets. In this post, I discuss the importance and nature of this practice, which is a cornerstone of shaping and scoping a robust insider threat program.
Source: https://insights.sei.cmu.edu/insider-threat/2017/04/critical-asset-identification-part-1-of-20-cert-best-practices-to-mitigate-insider-threats-series.html
Jacobs to Acquire CH2M to Create Premier $15 Billion Global Solutions Provider
Source: http://invest.jacobs.com/investors/Press-Release-Details/2017/Jacobs-to-Acquire-CH2M-to-Create-Premier-15-Billion-Global-Solutions-Provider/default.aspx
Google to Achieve “Supremacy” in Quantum Computing by the End of 2017
In theory, quantum computers could be vastly superior to regular or “classical” computers in performing certain kinds of tasks, but it’s been hard to build one. Already a leader in this field, Google is now testing its most powerful quantum chip yet, a 20-qubit processor, which the company looks to more than double in power to 49 qubits by the end of 2017.
Source: http://bigthink.com/paul-ratner/google-to-achieve-supremacy-in-quantum-computing-by-the-end-of-2017
THE HIGH COST OF DARK ENDPOINTS; Do you know where all of your endpoints are and what they are running?
Source: https://blogs.absolute.com/high-cost-dark-endpoints/
THE CYBER-COMMITTED CEO; Three industry-leading practices help CISOs catalyze engagement with their CEO and board to make cybersecurity business-relevant.
Source: https://www.accenture.com/us-en/insight-cyber-committed-ceo
VULNERABILITY IN INDUSTRIAL CONTROL SOFTWARE AND QUALITY OF THE PATCH MANAGEMENT
Source: https://ics-cert.kaspersky.com/reports/2016/12/09/vulnerability-in-industrial-control-software-and-quality-of-the-patch-management/
What’s now and next in analytics, AI, and automation
Innovations in digitization, analytics, artificial intelligence, and automation are creating performance and productivity opportunities for business and the economy, even as they reshape employment and the future of work.
Source: http://www.mckinsey.com/global-themes/digital-disruption/whats-now-and-next-in-analytics-ai-and-automation
Cyber raises threat against America’s energy backbone
Source: https://www.eenews.net/stories/1060054924
UN Report Shows the Whole World Needs a Cybersecurity Upgrade
Major cyber-readiness gaps remain among nations, but nearly all countries need major improvements.
Source: https://www.inc.com/joseph-steinberg/un-report-shows-the-whole-world-needs-a-cybersecur.html
Half of all countries aware but lacking national plan on cybersecurity, UN agency reports
Only about half of all countries have a cybersecurity strategy or are in the process of developing one, the United Nations telecommunications agency today reported, urging more countries to consider national policies to protect against cybercrime. Releasing its second Global Cybersecurity Index (GCI), the International Telecommunication Union (ITU) said about 38 per cent of countries have a published cybersecurity strategy and an additional 12 per cent of governments are in the process of developing one.
Source: http://www.un.org/apps/news/story.asp?NewsID=57119#.WbL7_siGOUl
UN finds cybersecurity is a struggle worldwide
There are massive gaps in security among the 134 countries surveyed, including the world’s most powerful nations.
Source: https://www.cnet.com/news/united-nations-cybersecurity-global-index-united-states-singapore/
How Cisco is establishing itself as a cybersecurity leader
Cisco demonstrated its commitment to cybersecurity at its annual customer event. Good position, but lots of work ahead.
Source: https://www.csoonline.com/article/3205926/security/ciscolive-and-cybersecurity.html
Average time to plug SCADA holes is 150 days, says report
Source: http://www.itworldcanada.com/article/average-time-to-plug-scada-holes-is-150-days-says-report/393418
90% of Companies Get Attacked with Three-Year-Old Vulnerabilities
A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release, albeit this is not recommended, but better than leaving systems unpatched for years.
Source: https://www.bleepingcomputer.com/news/security/90-percent-of-companies-get-attacked-with-three-year-old-vulnerabilities/
Cybersecurity remains a growing problem
Learn the lessons or pay the price
Source: https://www2.deloitte.com/ca/en/pages/risk/articles/Deloitte-risk-series-insight-Cybersecurity.html
Tsunami of DDoS-for-Hire Platforms Coming From the East
Over the past six months, a large number of DDoS-for-hire platforms — also known as DDoS booters or DDoS stressors — have appeared in China, all sporting the same interface, and seeming to be based on the same source code.
Source: https://www.bleepingcomputer.com/news/security/tsunami-of-ddos-for-hire-platforms-coming-from-the-east/
THE BIGGEST CYBERSECURITY DISASTERS OF 2017 SO FAR
Source: https://www.wired.com/story/2017-biggest-hacks-so-far/
Major IIoT Challenges in 2017
Source: https://www.bayshorenetworks.com/blog/major-challenges-for-iiot-in-2017
Steps for Creating National CSIRTs
Source: http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=53062
How Industrial IoT Startups Will Disrupt the Incumbents
Source: https://www.bayshorenetworks.com/blog/how-industrial-iot-startups-will-disrupt-the-incumbents
Cybersecurity spend: ROI Is the wrong metric
Executives and board members should instead focus on network defender first principles.
Source: https://www.csoonline.com/article/3200270/network-security/cybersecurity-spend-roi-is-the-wrong-metric.html