At Technewsworld the following quote is interesting: “Attackers do not just target large enterprises. Recent reporting shows companies with less than 100 employees are three times more likely to be the target of a cyberattack — yet, often lack sufficient cybersecurity measures and resources to manage their risk,” said Shena Seneca Tharnish, VP for cybersecurity … Read more
Arstechnica Story from a few days ago (12/2) CryWiper malware is destroying data in Ukraine and Russia Are we going to Cry when it comes to our shores? Cry Baby Cry… What does this mean? This malware has been worked on for years , which means this is the 4th or 5th version of … Read more
So the latest OpenSSL version in the 3.0 release has a fix which is version 3.0.7 which will address a critical vulnerability in the 3.x versions. (so if you are using 2.x you are ok for now). OpenSSL is the open source implementation of SSL and TLS secure communication protocols. MalwareBytes Blog had a post … Read more
Nothing to see here – in Microsoft Land – Portswigger has the story: Apparently there is a feature in Microsoft Office Online Server that causes a Remote Code Execution(RCE) vulnerability. After hackers use a SSRF (Server Side Request forgery) attack, they can attack the systems with RCE. When Microsoft was told about this vulnerability they … Read more
So we are always telling everyone one of the things you must do is to patch and update our computers, so what happens… Someone figured out how to take advantage of this. Of course this has an acronym: BYOVD- “Bring Your Own Vulnerable Driver”. Arstechnica story You may know one of the axioms – everything … Read more
