Securitybeat

Community service to promote awareness of emerging security threats and best practices.

Author: tqgthmmy

  • CSS Flaw Eliminates Microsoft O365 First Contact Safety Tips

    Information Security magazine highlights research from Certitude on the First Contact Safety Tip within Microsoft 365. By exploiting a Cross-Site Scripting (CSS) flaw, the user is unaware of the sender being unverified. Microsoft acknowledged the issue but offered no immediate plans to fix it. Read more

  • Crowdstrike Learns Application Security Lessons Learned

    Crowstrike has published the much-anticipated technical postmortem regarding the global outage on July 19th caused by the faulty Falcon EDR running on Microsoft Windows. The report highlighted six lessons learned. Immediate next step is to engage two independent third-party software security vendors. In a nutshell, the solution relies on parameters which were not properly validated.… Read more

  • Patch Enters Pipleline for Google Pixel Zero Day

    BleepingComputer reports that Google has applied source code fixes to address CVE-2024-36971 – a High severity use-after-free (UAF) weakness in the Android kernel. At this point, only limited, targeted exploitation has been observed.While Google Pixel devices receive monthly security updates immediately after release, other manufacturers may require some time before rolling out the patches.  Read more

  • SnakeKeylogger Infection Spreading

    ,

    The Register highlighted an alert from Fortinet’s FortiGuard Labs this month regarding increased detections of SnakeKeylogger, a keyboard logger. SnakeKeylogger, aka KrakenKeylogger, is a Microsoft .NET-based stealer already known for credential theft and keylogging capabilities.  Read more

  • SLUBStick New Linux Kernal Cross-Cache Attack

    A hypothetical attack to a kernel vulnerability is worth monitoring. As SecureWeek suggests, a new demonstrated Linux Kernal Cross-Cache Attack raises the threat level to dangerous. According to researchers from Graz University of Technology, tests prove the attack to be successful 99% of time – up from 40% of other known heap attacks. No solution… Read more

  • Microsoft DDoS Protection Pours Fuel on the DDoS Fire

    ,

    According to Bleeping Computer, a nine-hour global outage in Microsoft services was attributed to a distributed denial of service attack and an implementation flaw in their DDoS Protection services. A Microsoft report on ID KTV1-HWS states that the Azure Front Door (AFD) and Azure Content Delivery Network (CDN) first detected the availability issue. Unfortunately, error… Read more

  • Legislation to Fund Cybersecurity Apprentices

    Cyberscoop highlighted legislative developments in the US Senate on the Cyber Ready Workforce Act to award grants to organizations that support the creation, implementation, and expansion of registered cybersecurity apprenticeship programs. Apprenticeship programs are to build on the NICE Framework, created to build a Cyber ready workforce. Read more

  • Data Breach Cost Jumps

    Help Net Security recently discussed the findings from IBM, raising the average cost of a data breach to $4.88 million. The majority (70%) of surveyed organizations reported significant to very significant impact. While the root cause for the impact certainly varies, a big concern is staffing. Many believe the innovative automation, such as the application… Read more

  • Phish Swim through Misconfigured Email Relays

    The Register reports of a successful attack on Proofpoint’s email filtering systems using spoofed emails of Proofpoint’s largest, most well-known customers. Proofpoint later clarified the nature of the vulnerability. Read more

  • Hello world!

    Welcome to WordPress. This is your first post. Edit or delete it, then start writing! Read more