The Weakest Link Revisited
A Bit of Security for November 13, 2024
My colleague Jonathan Care recently published a piece on the Insider Threat which completes an argument I’ve been working on for quite a while. Listen to this -
Let me know what you think in the comments below.
#cybersecuritytips #insiderthreat #weakestlink #securitybugs #UIdesign # #BitofSec
https://youtu.be/l3WgXGYPrug

Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure - Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and C... https://threatpost.com/unpatched-iot-ot-devices-threaten-critical-infrastructure/162275/ #criticalinfrastructure #operationaltechnology #internetofthings #vulnerabilities #medicaldevices #securitybugs #factories #unpatched #urgent/11 #takeover #armis #cdpwn #iot #ot

Microsoft Wraps Up a Lighter Patch Tuesday for the Holidays - Nine critical bugs and 58 overall fixes mark the last scheduled security advisory of 2020. https://threatpost.com/microsoft-patch-tuesday-holidays/162041/ #patchingpriority #vulnerabilities #securitypatches #exchangeserver #cloudsecurity #december2020 #patchtuesday #securitybugs #websecurity #sharepoint #microsoft #critical

Citrix SD-WAN Bugs Allow Remote Code Execution - The bugs tracked as CVE-2020–8271, CVE-2020–8272 and CVE-2020–8273 exist in the Citrix SD-WAN Cent... https://threatpost.com/citrix-sd-wan-bugs-remote-code-execution/161274/ #remotecodeexecution #vulnerabilities #cloudsecurity #cve-2020–8271 #cve-2020–8272 #cve-2020–8273 #securitybugs #websecurity #realmode #citrix #sd-wan

2 More Google Chrome Zero-Days Under Active Exploitation - Browser users are once again being asked to patch severe vulnerabilities that can lead to remote c... https://threatpost.com/2-zero-day-bugs-google-chrome/161160/ #stablechannelrelease #remotecodeexecution #activelyexploited #googleprojectzero #vulnerabilities #remoteattackers #cve-2020-16013 #cve-2020-16017 #zerodayproject #securitybugs #websecurity #freetype #zero-day #browser #windows #chrome #google #apple #linux #patch #mac

LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes - Popular chat apps, including LINE, Slack, Twitter DMs and others, can also leak location data and ... https://threatpost.com/linkedin-instagram-preview-link-rce-security/160600/ #thirdpartyinformationsharing #previewlinkfunction #remotecodeexecution #endtoendencryption #vulnerabilities #personalizedads #cloudsecurity #ipaddressleak #linkpreviews #locationdata #securitybugs #websecurity #instagram #facebook #linkedin #aline

Microsoft IE Browser Death March Hastens - Internet Explorer redirects more traffic to Edge Chromium browser as Microsoft warns of the upcomi... https://threatpost.com/ie-browser-death-march/160571/ #internetexplorer11 #microsoftedge87 #vulnerabilities #browsersupport #securityissues #microsoftedge #endofsupport #securitybugs #websecurity #end-of-life #ie-to-edge #transition #windowsxp #chromium #ie

Mobile Browser Bugs Open Safari, Opera Users to Malware - A set of address-spoofing bugs affect users of six different types of mobile browsers, with some r... https://threatpost.com/mobile-browser-bugs-safari-opera-malware/160326/ #vulnerabilities #addressspoofing #mobilesecurity #disinformation #mobilebrowsers #cve-2020-9987 #securitybugs #websecurity #rafayboloch #unpatched #phishing #malware #rapid7 #safari #apple #opera

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure - Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidel... https://threatpost.com/giggle-managing-expectations-vulnerability-disclosure/159039/ #vendor-researcherrelationship #vulnerabilitydisclosurepolicy #zerodayinitiative #vulnerabilities #bugbounty.patch #federalagencies #digitalshadows #securitybugs #90daywindow #government #bugbounty #facebook #whatsapp #mandate #hacks

WhatsApp Discloses 6 Bugs via Dedicated Security Site - The company committed to more transparency about app flaws, with an advisory page aimed at keeping... https://threatpost.com/whatsapp-discloses-6-bugs-dedicated-security-site/158962/ #dedicatedsecurityadvisorysite #vulnerabilities #mobilesecurity #cve-2020-1890 #securitybugs #transparency #websecurity #disclosure #mobileapps #facebook #security #whatsapp #patches #flaws #bugs #chat

Large Orgs Plagued with Bugs, Face Giant Patch Backlogs - Vulnerability management continues to challenge businesses, as they face tens of thousands of bugs... https://threatpost.com/large-orgs-plagued-bugs-patch-backlogs/158433/ #vulnerabilitymanagement #mostrecentthreatlists #patchprioritization #ponemoninstitute #vulnerabilities #cloudsecurity #cloudpatches #databreaches #securitybugs #ibmx-force #backlog #survey

Meetup Critical Flaws Allow ‘Group’ Takeover, Payment Theft - Researchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week... https://threatpost.com/critical-meetup-website-flaws-takeover-payment-theft/157934/ #crosssitescripting #blackhatusa2020 #vulnerability #securitybugs #websecurity #websiteflaw #blackhat #meetup #hacks #flaws #patch #csrf #xss

Bluetooth Bugs Allow Impersonation Attacks on Legions of Devices - A host of unpatched security bugs that allow BIAS attacks affects Bluetooth chips from Apple, Inte... more: https://threatpost.com/bluetooth-bugs-impersonation-devices/155886/ #securecommunicationsprotocols #impersonationattacks #devicecompromise #vulnerabilities #mobilesecurity #securitybugs #longtermkey #knobattack #bluetooth #laptops #phones #bias #iot

WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover - Severe CSRF to XSS bugs open the door to code execution and complete website compromise. more: https://threatpost.com/wordpress-page-builder-bugs-takeover/155659/ #securityvulnerabilities #vulnerabilities #securitybugs #sitetakeover #websecurity #pagebuilder #siteorigin #wordpress #webpages #patches #plugin #csrf #xss

‘Unbreakable’ Smart Lock Draws FTC Ire for Deceptive Security Claims - Tapplock catches heat for patched vulnerabilities -- because of its claims that its smart locks ca... more: https://threatpost.com/unbreakable-smart-lock-ftc-deceptive-security-claims/154600/ #deceptivesecuritypractices #deceptivesecurityclaims #internetofthings #vulnerabilities #ftccomplaint #securitybugs #unbreakable #government #smartlock #tapplock #hacks #iot

WordPress, Apache Struts Attract the Most Bug Exploits - An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019. more: https://threatpost.com/wordpress-apache-struts-most-bug-exploits/153927/?utm_source=rss&utm_medium=rss&utm_campaign=wordpress-apache-struts-most-bug-exploits #securityvulnerabilities #weaponizationrate #vulnerabilities #inputvalidation #spotlightreport #codeinjection #cybersecurity #mostexploited #apachestruts #securitybugs #websecurity

Medtronic Patches Implanted Device, CareLink Programmer Bugs - The medical device giant has issued fixes for bugs first disclosed in 2018 and 2019. more: https://threatpost.com/medtronic-patches-implanted-device-carelink/152533/ #criticalinfrastructure #carelinkprogrammers #implanteddevices #vulnerabilities #cve-2018-10596 #medicaldevices #cve-2018-5446 #cve-2018-5448 #cve-2019-6538 #cve-2019-6540 #securitybugs #healthcare #medtronic #patches #crt-d #icd #mri #sdn

No surprises in the top 25 most dangerous software errors - An in-depth study of reported bugs has produced a list of the top 25 bug categories in software to... more: https://nakedsecurity.sophos.com/2019/09/19/no-surprises-in-the-top-25-most-dangerous-software-errors/ #commonvulnerabilitiesandexposures #commonweaknessenumeration #cross-sitescripting #securitythreats #vulnerability #securitybugs #bufferflaws #mitre #cves #cwe #xss