The CISA has added two vulnerabilities to its list of actively exploited bugs. Specifically the code injection in the Spring Cloud Gateway library and the command injection flaw in Zyxel firmware for business firewalls and VPN devices.
Artur Kane, VP of Product for GoodAccess had this to say:
“Zero-day vulnerabilities are inevitable in SW and HW engineering. Sometimes this may be due to a flaw in the design, but often it is a goofy engineer who makes a wrong decision when under pressure to deliver on time. Attackers have loads of time to discover and access vulnerabilities. Then, such intelligence is sold on the dark web, hence it can spread rapidly in the community. Companies should look for such vendors who have a proven record of responding fast to zero-day vulnerabilities by issuing patches fast, who also have sufficient security certifications and standards. IT experts have options to mitigate the risk and impact in their hands too, by having regular vulnerability assessments and patching and updating programs in place. If the organization can’t meet such precautionary practices, they should also consider replacing their technologies with applications delivered as a SaaS, where there’s no self-hosted HW (with firmware) and/or software. Patching is done on the level of the application infrastructure and in most cases, much faster as it is in hands of the vendor. When all these processes fail, as they sometimes do, it is a good practice to implement processes that minimize breach impact (micro segmentations, zero trust access, etc.) and incident response and remedial action plans.”
I would make it part of your security process to check the CISA list of exploited bugs so that you know where to focus your efforts on so that you don’t get caught with your pants down, metaphorically speaking. Also, you should look at SaaS as this takes all the guesswork out of this.
Musk Claims That 20% Or More Of Twitter Accounts Are Bots…. WTF?
Posted in Commentary with tags Twitter on May 17, 2022 by itnerdYesterday an analyst suggested that Elon Musk may be looking for an off ramp from his attempt to buy Twitter by making the amount of bots on the platform an issue. Today he went further…. By Tweeting this:
Musk doesn’t say where he gets this 20% number from. But he is basically accusing Twitter’s current CEO Parag Agrawal of lying without using the word lying. That’s a very dangerous thing to say as Musk could get called on it if Twitter produces proof that backs up their claims. But the interesting point is that the deal cannot move forward until Twitter’s current CEO pony’s up proof. If he doesn’t, that’s Musk’s off ramp from the deal. Either that or is he trying to get a better deal.
This will be worth watching to see how this turns out.
3 Comments »