Tag Archive for: addressed

1 Zero-Day Security Flaw Addressed — Redmondmag.com

/in


News

Microsoft August Patch Tuesday: 1 Zero-Day Security Flaw Addressed

In the wake of last month’s massive security update, Microsoft has released a smaller number of fixes for August.

After last months massive security update from Microsoft, this month’s patch load comes with a more-manageable 74 bulletins and two advisories.

Zero-day issues were also on the downswing this month, with Microsoft issuing a fix for just one issue that is in active exploit. As with the case, the lone zero-day, CVE-2023-38180, should be the top priority in patching this month.

The fix addresses a denial-of-service vulnerability in .NET and Visual Studio, which Microsoft said could lead to a system crash through a DDoS attack. While Microsoft has acknowledged that it has seen attacks exploiting the hole in the wild, it has not gone into any detail on the flaw or the monitored attacks.

While that directly takes care of this month’s single zero-day issue, Microsoft also released an advisory on a publicly disclosed issue in Microsoft Office, which updates an issue first disclosed last month. “This defense in depth update is not a vulnerability, but installing this update stops the attack chain leading to the Windows Search security feature bypass vulnerability (CVE-2023-36884),” wrote Microsoft. “Microsoft recommends installing the Office updates discussed in this advisory as well as installing the Windows updates from August 2023.”

While this month’s advisory can be seen as a mitigation against the Office remote code execution vulnerability, it isn’t a final patch. Microsoft has not stated when a permanent fix will be available.

Once the two zero-day items are addressed, IT should focus on applying the following “critical” bulletins:

Source…

How we addressed cyber threats heightened by Russia-Ukraine crisis – NSA

/in


The National Security Adviser, Maj.-Gen. Babagana Monguno (Rtd), has revealed that the ongoing Russian-Ukraine crisis heightened cyber threats in the country.

He, however, said the Cybercrime Advisory Council at its 9th meeting which he chaired, addressed the threats through increased routine monitoring activities.

According to him, other strategy was advisories to relevant stakeholders, and holding of sectoral Computer Security Incidents Response Teams meeting.

He said the meeting which held last Thursday was to facilitate incident management coordination, enhance reporting and strengthen information sharing mechanism in order further tackle the threats.

In a statement by the Head, Strategic Communications, Office of the National Security Adviser (ONSA), Zakari Usman, the office launched Cybersecurity Toolkits for Micro Small and Medium Enterprises (MSMEs).

He said the council noted that the toolkits would be available for use to protect online activities of over 41 million MSMEs that operate in Nigeria.

The statement partly read, ”The Cybercrime Advisory Council meeting held Thursday, 31 March 2022 updated members on activities and events since the 8th Meeting of the Council in compliance with the National Cybersecurity Policy and Strategy (NCPS) 2021 and the provisions of the Cybercrimes (Prohibition, Prevention etc) Act 2015.

”As part of measures to address emerging cyber threats heightened by the Russia-Ukraine crisis, ngCERT has increased its routine monitoring activities and advisories to relevant stakeholders and held sectoral Computer Security Incidents Response Teams meeting on 29 March 2022 to facilitate incident management coordination, enhance reporting and strengthen information sharing mechanism.”

The retired military officer added that his office is putting in place different measures to sensitize state governments on emerging threats and how to protect telecommunications assets in their…

Source…

Vulnerabilities must be addressed through sovereign solutions

/in


140122 DIQld- EM Solutions, Yeronga
Designing and manufacturing satellite commuications products at EM Solutions, Yeronga, Queensland

By BEN GREENE

June 1, 2021

In some ways, Australia was fortunate it was a virus, not an adversary, that revealed the vulnerability of global supply chains and emphasised the need for our own sovereign capabilities. In the throes of the pandemic, the immediate interests of Australia’s supplier nations quickly overrode any contractual obligations, directly threatening our interests. While this was seen publicly through restricted access to ventilators and personal protective equipment, defence supply chains were similarly affected.

This crisis of supply occurred without the added difficulty of an aggressor mounting military operations to cut or disrupt our very long supply lines.

It is now clear that in any national security crisis, we must depend principally on our own resources. This experience provides a clear notion of sovereign capability as one that exists for the defence of Australia and for Australian interests, as its first priority, and without reference to, or approval from, any foreign entity.

What that looks like from a corporate perspective, is that:
● management and executive control are held by Australians;
● control of finances and profit-and-loss accountability is entirely within the local entity;
● the local entity has intellectual property control; and
● there are no obligations to support any parent entity’s defence offsets outside Australia, with transparent controls to ensure this is so.

These four key elements underpin national resilience by ensuring the capabilities we depend on are independent of foreign influence. They are the same conditions applied to sovereign capability by other advanced nations, including via Foreign Ownership, Control or Influence (FOCI) policies in the US. Importantly, they do not exclude foreign investment in, or ownership of, sovereign capability, nor do they prevent the use of foreign technology or foreign nationals working in Australia to support key capabilities.

Dr Ben Greene of EOS.
Dr Ben Greene of EOS.

These principles are applicable to every aspect of sovereign defence capability,…

Source…

Mobile Security Addressed as a Top Industry Concern at Leading Financial … – San Francisco Chronicle (press release)

/in

Mobile Security Addressed as a Top Industry Concern at Leading Financial
San Francisco Chronicle (press release)
Vince Arneja, vice president of product management with Arxan, will also be a featured speaker on the May 16 mobile security panel "Is Mobile Security an Oxymoron?" to be moderated by Jim Routh, Managing Director, Global Head of Application,

and more »

“mobile security” – read more