Security News
Designed to help organizations proactively and continuously identify, manage and remediate millions of AD Attack Paths, BloodHound Enterprise gives IT Ops and SecOps professionals the tools needed to dramatically and measurably improve AD security posture with minimal effort. As a largely unseen, unmanaged and growing problem for enterprises, AD Attack Paths are used by attackers to gain control of systems and data, impersonate users, abuse legitimate access to non-AD systems and much more.
US President Joe Biden today issued a national security memorandum designed to help strengthen the security of critical infrastructure by setting baseline performance goals for critical infrastructure owners and operators. It directs the Department of Homeland Security's CISA and the Department of Commerce's NIST, in collaboration with other federal agencies, to develop cybersecurity performance goals and guidance for critical infrastructure orgs.
The bug is in Hyper-V's network switch driver and affects Windows 10 and Windows Server 2012 through 2019. The two researchers found the bug together and disclosed it privately to Microsoft.
I was fortunate to be in Military/Federal Government service for over 30 years spending the last 17 years working in the Cybersecurity and Infrastructure Security Agency whose central mission is the security of our nation's critical infrastructure and working with other critical Departments and Agencies that share a similar mission such as the Department of Energy, Department of Defense, Transportation Administration, and Health and Human Services to name a few. Our Nation's cyber and physical infrastructure underpins our national and economic security, public health, and safety, and provides the critical functions our citizens depend on in their everyday lives.
An unauthenticated OS command injection vulnerability in the Sunhillo SureLine application could allow an attacker to execute arbitrary commands with root privileges, according to security researchers with the NCC Group. Sunhillo is an established name in aerial vehicle surveillance and tracking, and SureLine represents the core software that powers the company's surveillance tools and products.
The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems, and grants for state and local governments. One of the bills focusing on critical infrastructure is the Cybersecurity Vulnerability Remediation Act, which aims to authorize the DHS's Cybersecurity and Infrastructure Security Agency to assist owners and operators of critical infrastructure with mitigation strategies against serious vulnerabilities.
Atlassian has dropped a patch for a critical vulnerability in many versions of its Jira Data Center and Jira Service Management Data Center products, which can lead to arbitrary code execution. Atlassian is a platform that's used by 180,000 customers to engineer software and manage projects, and Jira is its proprietary bug-tracking and agile project-management tool.
Software development and collaboration solutions provider Atlassian on Wednesday informed customers that it has patched a critical code execution vulnerability affecting some of its Jira products. According to Atlassian, security researcher Harrison Neal discovered that Jira Data Center - including Software Data Center and Core Data Center - and Jira Service Management Data Center software development products are affected by a critical flaw related to missing authentication for the Ehcache RMI network service.
Needless to say, Geyer has a lot to say about the threat ransomware poses to OT, ICS and critical infrastructure. How to prepare for the future of ransomware risk management.
Patches released this week by Dell for its OpenManage Enterprise product address multiple critical-severity vulnerabilities. A systems management and monitoring application, Dell OpenManage Enterprise provides administrators with a comprehensive view of Dell EMC servers, network switches, and storage in their environment.