CVE-2024-43573 – Microsoft Windows Security Vulnerability – October 2024: A critical vulnerability (CVE-2024-43573) in Microsoft Windows MSHTML platform allows for spoofing attacks. Affected Platform The vulnerability identified as CVE-2024-43573… https://t.co/fFOowi3dyJ
DEF CON 32 – AppSec Village – Fine Grained Authorisation with Relationship Based Access Contro: DEF CON 32 - AppSec Village - DEF CON 32 - Fine Grained Authorisation with Relationship Based Access Control
Authors/Presenters:Ben Dechrai
Our sincere… https://t.co/UhNv1ddopQ
Lateral Movement in Recent Cybersecurity Breaches: Highlighting two recent cybersecurity breaches to study lateral movement Lateral movement is significant threat to all organization, from small startups to large multinational corporations. This tactic… https://t.co/kgGcuI7TQu
CVE-2024-9680 – Mozilla Firefox Security Vulnerability – October 2024: A critical vulnerability (CVE-2024-9680) in Mozilla Firefox exposes systems to remote code execution by exploiting memory handling flaws. Affected Platform CVE-2024-9680 affects… https://t.co/qsHJI5KQiq
Maestro: Maestro: Abusing Intune for Lateral Movement Over C2
If I have a command and control (C2) agent on an Intune admin’s workstation, I should just be able to use their privileges to execute a script or application on an Intune-enrolled device,… https://t.co/lY00iGHtKS
Roger Grimes on Prioritizing Cybersecurity Advice: This is a good point:
Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of… https://t.co/pInYXswII0
UnitedHealth Hires Longtime Cybersecurity Executive as CISO: UnitedHealth Group, which is still picking up the pieces after a massive ransomware attack that affected more than 100 million people, hired a new and experienced CISO to replace the previous… https://t.co/WK5hzYKMa3
Why Data Discovery and Classification are Important: What is data discovery and classification? Let's answer that and look at how your organization can improve its data protection program.
The post Why Data Discovery and Classification are Important… https://t.co/ypczcSTTHG
New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics: Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates… https://t.co/bikWyUKrpI
LottieFiles Issues Warning About Compromised "lottie-player" npm Package: LottieFiles has revealed that its npm package "lottie-player" was compromised as part of a supply chain attack, prompting it to release an updated version of the library. "On… https://t.co/3b0Xflc3Ms
Roger Grimes on Prioritizing Cybersecurity Advice: This is a good point:
Part of the problem is that we are constantly handed lists…list of required controls…list of things we are being asked to fix or improve…lists of new projects…lists of… https://t.co/M5cjUBzdJH
Tracking World Leaders Using Strava: Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look… https://t.co/qFGZb6X0bR
Safeguarding Cyber Insurance Policies With Security Awareness Training: With cybersecurity threats continuing to evolve at an accelerated pace, organizations need to ensure that their cyber insurance policies remain active at all times.
The post… https://t.co/MkaXlqFg2Q
Application Detection and Response (ADR): A Game-changing SOC Analyst Tool | Contrast Security: Paged at 3 a.m. again … we had another breach to respond to in the security operations center (SOC). While the incident response team was busy delegating… https://t.co/qv9zBvcVjd
Small Businesses Boosting Cybersecurity as Threats Grow: ITRC: A report by the Identity Theft Resource Center found that while the number of small businesses hit by a cyberattack and the amount of losses continues to grow, companies are adopting stronger… https://t.co/9lCDfIfZbK
CJIS v5.9.5: What is CJIS (v5.9.5)? The Criminal Justice Information Services (CJIS) Security Policy v5.9.5 is a comprehensive security framework established by the Federal Bureau of Investigation (FBI). It sets standards for safeguarding and managing… https://t.co/V3GFZynD5q
Defending Democracy From Cyber Attacks in 2024: Cyberattacks during the 2016 U.S. presidential election exposed vulnerabilities in voter databases across 21 states, marking a stark warning about the fragility of our electoral systems.
The post… https://t.co/0IuhZVKKWa