DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
SAP Netweaver Visual Composer users are urged to patch a critical vulnerability that attackers are actively exploiting. According to ReliaQuest, which detected the vulnerability, the attacks allow full system compromise...more
According to Cyberscoop, the cyber gang Cl0p “has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software.” The gang...more
In the aftermath of what could be one of the most widespread global information technology outages in history, organizations are putting a renewed focus on combating old vulnerabilities that can have cascading effects. ...more
In one of the most clear-eyed and sobering assessments of the cyberthreat China poses to our nation’s critical infrastructure, the country’s foremost cybersecurity leaders recently testified that the Chinese Communist Party...more
On October 30, 2023, the US Securities and Exchange Commission ("SEC") announced that it filed charges against SolarWinds Corp. ("SolarWinds" or the "Company") and its Chief Information Security Officer ("CISO") in connection...more
On September 26, 2023, Windows released a configuration update on Windows 11 version 22H2 (all editions) that is worth reading and applying, particularly if you use Windows Copilot....more
The National Institutes of Science and Technology (NIST) Information Technology Laboratory recently released guidance entitled “Software Supply Chain Security Guidance,” in response to directives set forth in President...more
On December 9th, 2021, a critical zero-day vulnerability, which has the potential of providing threat actors access to millions of computers worldwide, was discovered. Due to the critical nature of this vulnerability, and the...more
It was a crazy weekend for cyberattacks. People seem surprised, but those of us in the industry aren’t surprised one bit. It is very logical and foreseeable that hackers are leveraging attacks that have maximum disruption on...more
A widely reported flaw in popular software known as Log4j poses a severe cybersecurity threat to organizations around the globe, with hundreds of millions of devices at risk. Over the past week, government agencies,...more
Mandiant, a division of FireEye, has reported that it has discovered a vulnerability in a software protocol that enables hackers to gain access to audio and visual data on smart devices including baby monitors and web...more
IT professionals leave room in their schedules for Microsoft’s monthly Patch Tuesday just as I leave room in my schedule every Wednesday night for blog writing. ...more
The FBI recently issued a Flash Alert to Fortinet Fortigate users that Advanced Persistent Threat (APT) groups are continuing to exploit devices that have not been patched. Although Fortinet issued patches for these...more
If you don’t know about SolarWinds, then you haven’t been reading the news for the past six months. Last October 2020, it was reported that a widely-used networking tool that helps companies in the public and private sectors...more