New Vulnerabilities Wed 01 July

New Alerts for Microsoft OOB patches, PowerDNS, F5, Dell, and Linux. The US has published a notice that foreign actors will be using the Palo Alto Networks CVSSv3 10.0 vulnerability reported yesterday.  Patch ASAP.Yesterday we raised an alert for India:China, and other countries seem to be joining.The US has identified Huawei and ZTE as threat...
New Alerts for Palo Alto Networks, Mitsubishi, IBM, and Linux.We have raised a GeoPolitical Alert for India:China after India puts 59 Chinese products on a banned list for National Security reasons.Moxa and Boston Scientific have put out their Ripple20 bulletins, neither are affected.  HMS has updated their bulletin to list a few more products...
New Alerts for IBM, PuTTY, NetApp, Sophos, Squid, and Linux. Sierra Wireless and Huawei have published their Ripple20 bulletins.  F5 appeared to have several new bulletins but the actual bulletins weren't there.  Maybe tomorrow. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerabilit...
New Alerts for ENTTEC Lighting Controllers, Apache Tomcat, Hitachi, Dell, and Linux.  ENTTEC is looking into their vulnerabilities.  Apache Tomcat has fixed a DoS.  CentOS Web Panel has multiple 0-day vulnerabilities. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability deta...
Insider Threat  If you are anything like me you will find the creation and maintenance of security policies a little tedious, though I cannot stress the importance of them enough. A UK case was recently reported by North Yorkshire Police, which could have been prevented on many levels through effective cyber security controls. Danielle Bulley ...
New Alerts for Microsoft Edge, Dell, HPE, Cisco, NetApp, IBM, and Linux. McAfee has published their Ripple20 bulletin, listing several products as "Vulnerable and Not Exploitable".  The Cisco bulletin is about a vulnerability reported in February that involves persistent Telnet.  The mitigation is switch to SSH until there's a patch. ...
New Alerts for VMware, Mitsubishi Electric, Honeywell, IBM, QNAP, Draytek, and Linux. Eaton, Schneider Electric, Aruba, and HMS have published their Ripple20 bulletins. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. htt...
Following a recent poll, our cyber security recruitment team have put together a short video about which certs are hot and which are not  Recruitment CND are also the UK's oldest independent cyber security recruitment agency, specialising in global security recruitment since 2004. We work with both contract and permanent roles and our recruite...
New Alerts for IBM, Dell, Xerox, Fortinet, BlackBerry (powered by Android), Google Chrome, Bitdefender, and Linux. A few more Ripple20 "Doesn't affect us" bulletins are out, expect in the next week for all the vendors "looking into it" to start putting out updates for their products.  This process will spread over a month, we don't report...
New Alerts for Sophos, Squid, Schneider Electric, IBM, Fortinet, and Linux.Vendors are still publishing their bulletins for Ripple20, Schneider Electric has reported a PoC for one of their products is out, but still no patch.  Several vendors have published "we are not affected" bulletins. Security Wizardry Cyber Threat Intelligence - The Rada...
 One of the great things about working in cyber security and specifically CND is that we are constantly required (and encouraged) to keep our knowledge and skillset relevant to combat emerging threats and trends in order to best serve our clients. We all have our favourite news feeds or podcasts, on Wednesday 17th June our Radar Page reported ...
New Alerts for Microsoft, Baxter, Dell, Rockwell Automation, ICONICS, NetApp, and Linux.This week there has been several Medical and other IIoT devices getting updates as a result of Pwn2Own competitions and the Ripple20 impacts. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details...
This week has produced some interesting phishing campaigns and some new tactics with the attackers creating some new and innovative methods to bait users and make their campaigns look more legitimate. We work tirelessly to discover the latest techniques used for phishing in order to brief our clients and create realistic phishing campaigns to ...
You've heard a great deal about ethical hackers, who emulate the Tactics Techniques and Procedures (TTP) of a hacker to test your defences. Well, I'm an ethical phisherman, I use the same TTP as an attacker to lure your staff into taking my bait and then instead of exploiting them, they receive education, whilst you receive statistics on how many s...
You've heard a great deal about ethical hackers, who emulate the Tactics Techniques and Procedures (TTP) of a hacker to test your defences. Well, I'm an ethical phisherman, I use the same TTP as an attacker to lure your staff into taking my bait and then instead of exploiting them, they receive education, whilst you receive statistics on how m...
New Alerts for Cisco, Mitsubishi Electric, Dräger (ventilator), BD (insulin pump), Dell, Synology, NETGEAR, and Linux. Several more vendors published notices about the current Ripple20 affecting the Treck TCP/IP stack.  Most are still investigating which products are affected, and don't have patches yet. Security Wizardry Cyber Threat Intellig...
The word specialist is one that gets thrown around a lot in recruitment. Every recruitment agency claims to be a specialist in every vertical, and case in point that most recruitment businesses have recently created a Cyber Security desk, who are now frantically learning about cyber. However, with CND all we do is Cyber Security, not only do we inv...

Find Out More

© Computer Network Defence Limited 2020
For The Latest Updates Please Subscribe to Our Feed
Or Follow Us on LinkedIn