[tl;dr sec] #206 – Security Engineer Interview Tips, Security Making Eng Faster, GitHub Action Scanner
I hope you’ve been doing well! John Steven is one of the most technically strong people I’ve ever met, and his interpersonal ninja-ry in causing…
Month: November 2023
Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware
Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware Pierluigi Paganini November 02, 2023 Rapid7 researchers warn of the suspected exploitation of a…
Okta data breach exposed personal information of employees
Okta is warning nearly 5,000 employees that the company was impacted by a third-party data breach that exposed personal information. Okta is a San Fransisco-based…
Remote Desktop Manager Flaw Let Attacker Execute Remote Code
Recent reports indicate that the Remote Desktop Manager and Devolutions Server have been affected by improper access control and Remote code execution vulnerabilities. The CVEs…
Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware
A recently patched vulnerability affecting the Apache ActiveMQ message broker is being exploited by cybercriminals in an apparent attempt to deliver ransomware. Apache ActiveMQ is…
Best Practices and Proven Strategies
Protecting cloud-based apps and the data they manage is the primary goal of Software as a Service (SaaS) security. With the growing popularity of software…
Atlassian: “Take immediate action” to patch your Confluence Data Center and Server instances
Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center. All versions of Confluence Data Center and…
UK government pledges £225m to fund University of Bristol AI-supercomputer build with HPE
The UK government has agreed to invest £225m in the creation of the UK’s most powerful artificial intelligence (AI) supercomputer, which is being overseen by…
Admins told to take action over F5 Big-IP platform flaws
Two recently discovered vulnerabilities in the F5 Networks Big-IP application delivery and security platform are now being chained and exploited by threat actors, putting thousands…
Gondomar Town Hall Cyberattack: Unprecedented €1.5M Toll
The mayor of Gondomar confirmed that the cyberattack on the town hall in September stands as the “largest on a public institution” in Portugal to…
Cisco Meeting Server Flaw Let Attacker Trigger a DoS Attack
Cisco has warned about a serious security issue in the Web Bridge feature of the Cisco Meeting Server. The flaw (CVE-2023-20255) could let someone who is…
Boeing Confirms Cyberattack Amid Lockbit Ransomware Gang Claims
Boeing mentioned that the cyberattack primarily affected its information systems, particularly within its parts business. However, the company did not confirm whether it was a…