![]() ![]() ![]() In my notes last week, I grumbled about Microsoft’s stumbling and bumbling around the ‘PrintNightmare’ patch, only to later discover more problems with the newest emergency patch. By comparison, there were a total of 38 zero-days documented in all of 2020. So far this year, there have been 54 documented zero-day attacks, with code from Microsoft (33 percent) and Apple (20 percent) at the center of malware attacks that’s near impossible to defend. Microsoft’s mega-bundle ( 117 documented security defects) includes three new zero-days where the vendor learned of the problem via live in-the-wild attacks. Today is the Patch Tuesday before the Black Hat/Defcon conferences and it’s causing quite a stir on the zero-day trackers. The most clicked link from last week’s issue was the official Kesaya web page documenting its response to the big ransomware hack.I’ll share the link when the recording goes live. I’m scheduled to appear as a guest on the Recorded Future’s CyberWire Daily podcast.Don’t miss the latest show with JupiterOne CISO Sounil Yu on SBOMs. I’m currently editing a few great podcast episodes - Jack Cable, researcher at the Krebs Stamos Group and Vicente Diaz from Google/VirusTotal.Remember to register, these are always fun! I’ll be hosting a fireside chat and panel discussion on the cloud and expanding attack surfaces at the SecurityWeek Cloud Security Summit.If you’re in Vegas and still want to grab breakfast near Cosmo, ping me, Twitter DMs are open. The Black Hat book-signing event with Crossbeam CISO Chris Castaldo is sold out.SolarWinds chief executive Sudhakar Ramakrishna acknowledged in a blog post that it had brought on the consultants to help the embattled company to be “transparent with our customers, our government partners, and the general public in both the near-term and long-term about our security enhancements. In an interview with the Financial Times, which broke the story, Krebs said it could take years before the hackers are ejected from infiltrated systems. He also consulted for Zoom amid a spate of security problems. Stamos, meanwhile, joined the Stanford Internet Observatory after holding senior cybersecurity positions at Facebook and Yahoo. government, most recently serving as the director of Homeland Security’s CISA cybersecurity advisory agency from 2018, until he was fired by President Trump for his efforts to debunk false election claims - many of which came from the president himself. Krebs was one of the most senior cybersecurity officials in the U.S. government has already pinned the blame on Russia, the scale of the intrusions are not likely to be known for some time. and the Department of Energy have been confirmed breached, in what has been described as likely the most significant espionage campaign against the U.S. federal agencies and several Fortune 500 businesses.Īt least the Treasury Dept., State Dept. The two have been hired as consultants to help the Texas-based software maker recover from a devastating breach by suspected Russian hackers, which used the company’s software to set backdoors in thousands of organizations and to infiltrate at least 10 U.S. cybersecurity official Chris Krebs and former Facebook chief security officer Alex Stamos have founded a new cybersecurity consultancy firm, which already has its first client: SolarWinds. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |