'

Microsoft Patch Tuesday, December 2023 Edition

Microsoft Patch Tuesday, December 2023 Edition

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch batch. Still, four of the updates pushed … Read more

Atlassian patches critical remote code execution vulnerabilities in multiple products

Atlassian patches critical remote code execution vulnerabilities in multiple products

Atlassian has released urgent patches for several of its products to fix remote code execution and denial-of-service vulnerabilities. Flaws in Atlassian products have been exploited by hackers before, including shortly after a patch was released or even before a fix was available. In October, Atlassian released an emergency fix for a broken access control issue … Read more

Netskope and BT Partner to Provide Secure Managed Services to the Modern Hybrid Enterprise

Netskope and BT Partner to Provide Secure Managed Services to the Modern Hybrid Enterprise

Today, BT and Netskope have announced a partnership to bring Netskope’s Security Service Edge (SSE) capabilities to BT’s global customers. The partnership follows a number of large customer implementations where the two companies have already collaborated to successfully meet the security and access needs of large enterprises. BT’s data shows that hybrid working is now … Read more

New malware is using direct emails to hunt the head-hunters

New malware is using direct emails to hunt the head-hunters

TA4557, a threat actor tracked since 2018 to be sending job-themed email threats, has started a new technique of targeting recruiters with direct emails that ultimately lead to malware delivery, according to Proofpoint. The threat actor known for using More_eggs downloader as the malware dropper has previously only resorted to applying to jobs posted on … Read more

Snyk unveils new ASPM offering to help DevSecOps manage cloud application risks

Snyk unveils new ASPM offering to help DevSecOps manage cloud application risks

Developer security solution provider, Snyk, has launched an application security posture management (ASPM) offering, dubbed Snyk AppRisk, to help application security (AppSec) teams monitor and manage their cybersecurity programs better. The offering will feature a workbench, which will allow developers and security teams to collaborate and address cybersecurity challenges through asset discovery and risk-based prioritization. … Read more

New Microsoft Incident Response team guide shares best practices for security teams and leaders

New Microsoft Incident Response team guide shares best practices for security teams and leaders

As enterprise networks grow in both size and complexity, securing them from motivated cyberthreat actors becomes more challenging. The incident response process can be a maze that security professionals must quickly learn to navigate—which is no easy task. Surprisingly, many organizations still lack a coordinated incident response plan, and even fewer consistently apply it. Having … Read more