Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AT&T Alien Labs has seen a number of reports of active exploitation of a vulnerability in Microsoft Sharepoint (CVE-2019-0604). One report by the Saudi Cyber Security Centre appears to be primarily targeted at organisations within the kingdom. An earlier report by the Canadian Cyber Security Centre identified similar deployment of the tiny China Chopper web-shell to gain an initial foothold.

MITRE ATT&CK is a comprehensive knowledge base and complex framework of over 200 techniques that adversaries may use over the course of an attack. While MITRE’s full ATT&CK framework is publicly available, it can be characterized into 3 key elements.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. After last week’s news about a part of Docker Hub being exposed, things have got just a little bit worse. One of the most popular images has a root account vulnerability. Now, with someone knowing what people have, and that there is a potential hole, a target list becomes massively reduced…

Today, software is being developed at a breakneck speed. Agile development and the aggressive adoption of DevOps is leading to an abundance of functionality and feature sets, or pieces of code pushed out to consumers at a record pace. These one-click opportunities may indeed get us what we want, however, the game remains the same. The Achilles Heel is security vulnerabilities, regardless of technology maturity or speed of release.

In the world of cyber warfare, the internet has become a vital part of every walk of life. When it comes to downloading a file from the internet to your laptop or PC, you cannot be guaranteed a 100% safety due to the existence of fast and sophisticated cyber threats. Security vulnerabilities, data breaches, viruses, and malware have become very common and result in exploitation of the originality, integrity, and authenticity of any file you download from the internet.

On 18th April 2019, @ATTCyber gathered a panel of CISOs (and recovering CISOs) for a tweetchat to discuss some of the questions that we’ve always wanted to put to senior security folk. The virtual panel consisted of Thom Langford, Quentyn Taylor, James Gosnold, Andy Rose and Raj Goel; with participation from many others. Below I’ve summed up some of the key discussion points around each questions.

Modern digital & cloud technology underpins the shift that enables businesses to implement new processes, scale quickly and serve customers in a whole new way. Historically, organisations would invest in their own IT infrastructure to support their business objectives, and the IT department’s role would be focused on keeping the ‘lights on.’ To minimize the chance of failure of the equipment, engineers traditionally introduced an element of redundancy in the architecture.

When it comes to sorting through project information, most construction professionals waste more time than you think searching for the right data. In fact, it eats up around 5.5 hours a week on average, according to a recent study by FMI.