New Vulnerabilities Friday 03 July
michele654
Vulnerabilities
New Alerts for OpenClinic GA, Nortek, Mitsubishi Electric, IBM, Mozilla Thunderbird, and Linux. - The Mitsubishi Electric bulletin is for their TCP/IP Stack in GOT2000 HMI devices, but it doesn't appear to be associated with Ripple20.- Nortek is Security Management and Access Control equipment, it's a CVSSv3 score of 10 so access is open...- O...
New Vulnerabilities Thursday 02 July
michele654
Vulnerabilities
New Alerts for Cisco, Wireshark, NetApp, Mozilla, Samba, and Linux. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. https://radar.securitywizardry.com
2 + 2 = Rogue FBI most wanted
James -
Technical
At CND our SOC analysts are inquisitive by nature; digging a little bit deeper and the further exploration of a lead in data is what we like to do. It's a bit like a prospector looking for that tiny fleck of gold that reveals a giant nugget; the detail is what matters and exploring it often leads you to threats you didn't even realis...
New Vulnerabilities Wed 01 July
michele654
Vulnerabilities
New Alerts for Microsoft OOB patches, PowerDNS, F5, Dell, and Linux. The US has published a notice that foreign actors will be using the Palo Alto Networks CVSSv3 10.0 vulnerability reported yesterday.  Patch ASAP.Yesterday we raised an alert for India:China, and other countries seem to be joining.The US has identified Huawei and ZTE as threat...
New Vulnerabilities Tuesday 30 June
michele654
Vulnerabilities
New Alerts for Palo Alto Networks, Mitsubishi, IBM, and Linux.We have raised a GeoPolitical Alert for India:China after India puts 59 Chinese products on a banned list for National Security reasons.Moxa and Boston Scientific have put out their Ripple20 bulletins, neither are affected.  HMS has updated their bulletin to list a few more products...
New Vulnerabilities Monday 29 June
michele654
Vulnerabilities
New Alerts for IBM, PuTTY, NetApp, Sophos, Squid, and Linux. Sierra Wireless and Huawei have published their Ripple20 bulletins.  F5 appeared to have several new bulletins but the actual bulletins weren't there.  Maybe tomorrow. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerabilit...
New Vulnerabilities Friday 26 June
michele654
Vulnerabilities
New Alerts for ENTTEC Lighting Controllers, Apache Tomcat, Hitachi, Dell, and Linux.  ENTTEC is looking into their vulnerabilities.  Apache Tomcat has fixed a DoS.  CentOS Web Panel has multiple 0-day vulnerabilities. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability deta...
Cyber Security Policies - Lack of Leavers Policy Destroys Business
Andy Cuff
Technical
Insider Threat  If you are anything like me you will find the creation and maintenance of security policies a little tedious, though I cannot stress the importance of them enough. A UK case was recently reported by North Yorkshire Police, which could have been prevented on many levels through effective cyber security controls. Danielle Bulley ...
New Vulnerabilities Thursday 25 June
michele654
Vulnerabilities
New Alerts for Microsoft Edge, Dell, HPE, Cisco, NetApp, IBM, and Linux. McAfee has published their Ripple20 bulletin, listing several products as "Vulnerable and Not Exploitable".  The Cisco bulletin is about a vulnerability reported in February that involves persistent Telnet.  The mitigation is switch to SSH until there's a patch. ...
New Vulnerabilities Wednesday 24 June
michele654
Vulnerabilities
New Alerts for VMware, Mitsubishi Electric, Honeywell, IBM, QNAP, Draytek, and Linux. Eaton, Schneider Electric, Aruba, and HMS have published their Ripple20 bulletins. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries. htt...
VIDEO - Cyber Security Certifications - A Recruiters Perspective
Andy Cuff
Recruitment
Following a recent poll, our cyber security recruitment team have put together a short video about which certs are hot and which are not  Recruitment CND are also the UK's oldest independent cyber security recruitment agency, specialising in global security recruitment since 2004. We work with both contract and permanent roles and our recruite...
New Vulnerabilities Tuesday 23 June
michele654
Vulnerabilities
New Alerts for IBM, Dell, Xerox, Fortinet, BlackBerry (powered by Android), Google Chrome, Bitdefender, and Linux. A few more Ripple20 "Doesn't affect us" bulletins are out, expect in the next week for all the vendors "looking into it" to start putting out updates for their products.  This process will spread over a month, we don't report...
New Vulnerabilities for Monday June 22
michele654
Vulnerabilities
New Alerts for Sophos, Squid, Schneider Electric, IBM, Fortinet, and Linux.Vendors are still publishing their bulletins for Ripple20, Schneider Electric has reported a PoC for one of their products is out, but still no patch.  Several vendors have published "we are not affected" bulletins. Security Wizardry Cyber Threat Intelligence - The Rada...
Pwny Treck To Own Your IoT
James -
Technical
 One of the great things about working in cyber security and specifically CND is that we are constantly required (and encouraged) to keep our knowledge and skillset relevant to combat emerging threats and trends in order to best serve our clients. We all have our favourite news feeds or podcasts, on Wednesday 17th June our Radar Page reported ...
New Vulnerabilities Friday 19 June
michele654
Vulnerabilities
New Alerts for Microsoft, Baxter, Dell, Rockwell Automation, ICONICS, NetApp, and Linux.This week there has been several Medical and other IIoT devices getting updates as a result of Pwn2Own competitions and the Ripple20 impacts. Security Wizardry Cyber Threat Intelligence - The Radar Page Security Wizardry Radar Page provides vulnerability details...
Phishing Trends of the Week #2 - Tales From Our Ethical Phisherman
Undisclosed
Technical
This week has produced some interesting phishing campaigns and some new tactics with the attackers creating some new and innovative methods to bait users and make their campaigns look more legitimate. We work tirelessly to discover the latest techniques used for phishing in order to brief our clients and create realistic phishing campaigns to ...

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Find Out More

© Computer Network Defence Limited 2022