One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1779378 |
| Date de publication | 2020-05-16 17:38:09 (vue: 2020-06-29 11:00:30) |
| Titre | NBlog May 16 - adjusting to the new normal |
| Texte |  According to alert AA20-133A from US-CERT:"The U.S. Government has reported that the following vulnerabilities are being routinely exploited by sophisticated foreign cyber actors in 2020:Malicious cyber actors are increasingly targeting unpatched Virtual Private Network vulnerabilities. An arbitrary code execution vulnerability in Citrix VPN appliances, known as CVE-2019-19781, has been detected in exploits in the wild.An arbitrary file reading vulnerability in Pulse Secure VPN servers, known as CVE-2019-11510, continues to be an attractive target for malicious actors.March 2020 brought an abrupt shift to work-from-home that necessitated, for many organizations, rapid deployment of cloud collaboration services, such as Microsoft Office 365 (O365). Malicious cyber actors are targeting organizations whose hasty deployment of Microsoft O365 may have led to oversights in security configurations and vulnerable to attack.Cybersecurity weaknesses-such as poor employee education on social engineering attacks and a lack of system recovery and contingency plans-have continued to make organizations susceptible to ransomware attacks in 2020."Well whadyaknow?The US government blames "sophisticated foreign cyber actors" - the usual xenophobic, somewhat paranoid and conspiratorial stance towards those filthy rotten foreigners, desperately attacking little old US of A (today's version of reds under beds I guess);"Unpatched" VPNs and insecurely configured Office 365 services are being targeted, implicitly blaming customers for failing to patch and configure the software correctly, blithely ignoring the fact that it was US-based software vendors behind the systems that required patching and configuring to address exploitable vulnerabilities; |
| Envoyé | Oui |
| Condensat | 11510 133a 19781 2019 2020 2020:malicious 365 aa20 abrupt according accountability actors address adjusting adjustments adoption alert all along already although another anyway appliances arbitrary are arrangements aside attack attacking attacks attractive back based beds been behind being bit blames blaming blithely both brilliantly brought business called caves cert: change changed circumstances citrix cloud code collaboration companies configurations configure configured configuring conspiratorial contingency continue continued continues continuity controls coped corporate correctly covid csps customers cve cyber cybersecurity day depend deployment desperately detected down dramatic drift economic education electricity employee engineering even everyone exactly execution exploitable exploited exploits fact fades failing fallout far fault file filthy finally following foreign foreigners fragile from further global going good government gradually gratuitous great guess has hasty have headlines health; hmmm home how hunkered ignoring implications implicitly incident increasingly information insecurely iot isps issues know known lack lately led little make malicious management many march masse may mental microsoft more nblog necessitated network new next normal not now o365 obvious office old once organizations other others out over oversights pandemic paranoid parties patch patching physical pick planning plans point poke political poor possible present presumably private processes professional profile proportion pulse ransomware rapid reading receive recovery reds regular relationship reported required returns reviewed risk risks rotten routinely scattered secure security self sense servers services shift shock; since situation social software some somewhat sophisticated stance such sudden sufficiency; suitable suppliers susceptible system systems target targeted targeting telecomms thing things third those today towards turns under undoubtedly uneducated unpatched unwashed updated users usual vendors vengeance version virtual vpn vpns vulnerabilities vulnerabilities;and vulnerability vulnerable weaknesses well wfh whadyaknow when which who whose wild will work workers workforce working workloads xenophobic yet your |
| Tags | Ransomware Vulnerability Patching |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.