Key takeaway: Don’t attempt to conceal a data breach. [293 words] What: A federal jury in California has convicted former Uber CISO Joseph Sullivan for attempting to conceal a 2016 data breach…
CISA ups the ante on asset discovery and vulnerability detection on federal networks
Key takeaway: If you aren’t already doing continuous automated asset discovery and vulnerability enumeration on discovered assets, now is a good time to get started. [259 words] What: The US Cybersecurity and…
Here’s what you need to know about the new (actively exploited) Microsoft Exchange Server 0-Days: CVE-2022-41040 and CVE-2022-41082
Latest update: Microsoft has updated its mitigation for the flaw. Implement it. [265 words] What: Two zero-day vulnerabilities exist in Microsoft Exchange Server 2013, 2016 and 2019. One of the flaws CVE-2022-41040,…
Newly disclosed vulnerability in PHP package repository highlights growing software supply chain risks
Key takeaway: Attackers are increasingly trying to infiltrate software development environments via malicious and poisoned packages on public code repositories. Robust SBOM and SCA practices are key to mitigating the threat [289…
Attackers Demonstrate Novel Way to Compromise EXSi Hypervisors
Key takeaway: Don’t allow vSphere Installation Bundles (VIBs) to become a vehicle for sneaking malware into your environment. (276 words) What happened: A China-based threat actor installed multiple backdoors on ESXi hypervisors…