Friday Squid Blogging: COVID Relief Funds

A town in Japan built a giant squid statue with its COVID relief grant. One local told the Chunichi Shimbun newspaper that while the statue may be effective in the long run, the money could have been used for "urgent support," such as for medical staff and long-term care facilities. But a...

Defeating the Pirates

In Akamai's paper, "Inside the World of Video Pirates," we discovered why digital intellectual property theft aka "piracy" is possibly the most misunderstood form of cybercrime facing the TV, sports, and film industries. The paper explored how piracy strategically impacts the industry, how the...

Task Force delivers strategic plan to address global ransomware problem

The Ransomware Task Force RTF, a think tank composed of more than 60 volunteer experts who represent organizations encompassing industries and governments, has recently pushed out a comprehensive and strategic plan for tackling the increasing threat and evolution of ransomware. The report, entitl...

Evolving beyond password complexity as an identity strategy

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Troy Hunt, founder of Have I Been Pwned,...

What COVID-19 Taught Us: Prepping Cybersecurity for the Next Crisis

Few could have anticipated the impact COVID-19 has had on business. It spread from an isolated outbreak to a global pandemic seemingly overnight, and IT leaders across the planet have had mixed success adjusting to the changes and uncertainty it has brought. While COVID-19 caught many businesses...

MDR Vendor Must-Haves, Part 7: Managed Response Actions

This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Security teams face unprecedented challenges as the threat landscape expands in scope and complexity. More...

Dolby DAX2 API Vulnerability - Lenovo Support US

No description provided...

Lenovo XClarity Controller (XCC) Information Disclosure Vulnerability - Lenovo Support US

No description provided...

Zero Trust: The Mobile Dimension

After embarking on a second unforeseen year of mass remote work, everyone is now accessing corporate resources through the cloud. To help enable this, organizations are introducing new technologies into their standard workflows. The COVID-19 pandemic presented a new realm of unmarked territory as...

How to Vaccinate Against the Poor Password Policy Pandemic

Data breaches remain a constant threat, and no industry or organization is immune from the risks. From Fortune 500 companies to startups, password-related breaches continue to spread seemingly unchecked. As a result of the volume of data breaches and cybersecurity incidents, hackers now have acce...

How to Vaccinate Against the Poor Password Policy Pandemic

Data breaches remain a constant threat, and no industry or organization is immune from the risks. From Fortune 500 companies to startups, password-related breaches continue to spread seemingly unchecked. As a result of the volume of data breaches and cybersecurity incidents, hackers now have acce...

CloudBees Jenkins Role-based Authorization Strategy Plugin Improper Privileges Vulnerability

Jenkins Role-based Authorization Strategy is Jenkins open source an application plugin . The plugin is used to add a new role-based mechanism to manage user rights . A privilege impropriety vulnerability exists in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier versions. An...

Jenkins Matrix Authorization Strategy Access Control Error Vulnerability

Jenkins Matrix Authorization Strategy is a Jenkins open source application plugin . The plug-in in Jenkins to achieve fine-grained access control . An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permissions to nested...

CVE-2021-21624

CVE-2021-21624 is an in-product permission-check flaw in Jenkins Role-based Authorization Strategy Plugin (3.1 and earlier). The issue lets users who have Item/Read on nested items access those items even if they lack Item/Read for parent folders. Public materials (OSV, GHSA, NVD) corroborate the...

Jenkins Matrix Authorization Strategy 安全漏洞

Jenkins Matrix Authorization Strategy is a Jenkins open source application plugin . The plug-in in Jenkins to achieve fine-grained access control . An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permissions to nested...

NSA Releases Guidance on Zero Trust Security Model

The National Security Agency NSA has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a coordinated system management strategy that...

Building a Holistic VRM Strategy That Includes the Web Application Layer

Building security into your overall vulnerability risk management VRM strategy is a must-do in the age of the all-important web app. Between security and IT-Ops teams, there are a number of steps in the VRM process, including asset identification, enumeration, prioritization, and remediation. How...

Becoming resilient by understanding cybersecurity risks: Part 3—a security pro’s perspective

In part two of this blog series on aligning security with business objectives and risk, we explored the importance of thinking and acting holistically, using the example of human-operated ransomware, which threatens every organization in every industry. As we exited 2020, the Solorigate attack...

5 Security Lessons for Small Security Teams for the Post COVID19 Era

A full-time mass work from home WFH workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about. Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy w...

Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites

A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug CVE-2021–1801...