A BIGGER SHARE OF VULNERABILITIES WERE SERIOUS IN THE FIRST TWO MONTHS OF THE YEAR

Until recently, the word “Hafnium” most commonly referred to an obscure atomic element—atomic number 72 in the Periodic Table of the Elements. It was named for the city where it was discovered in 1923—Copenhagen, Denmark, whose Latin name is Hafnia. Chemically similar to zirconium, it is used for control rods in nuclear reactors.

The post A BIGGER SHARE OF VULNERABILITIES WERE SERIOUS IN THE FIRST TWO MONTHS OF THE YEAR appeared first on Security Boulevard.

Read More

The post A BIGGER SHARE OF VULNERABILITIES WERE SERIOUS IN THE FIRST TWO MONTHS OF THE YEAR appeared first on Malware Devil.

https://malwaredevil.com/2021/05/13/a-bigger-share-of-vulnerabilities-were-serious-in-the-first-two-months-of-the-year/?utm_source=rss&utm_medium=rss&utm_campaign=a-bigger-share-of-vulnerabilities-were-serious-in-the-first-two-months-of-the-year

Network Security News Summary for Thursday May 13rd, 2021

Exposed ICS Trending Lower; FragAttack Vendor Bulletins; Adobe Acrobat 0Day

Number of industrial control systems on the internet is lower then in 2020…but still far from zero
https://isc.sans.edu/forums/diary/Number+of+industrial+control+systems+on+the+internet+is+lower+then+in+2020but+still+far+from+zero/27412/

Webcast: Ransoming Critical Infrastructure
https://www.sans.org/webcasts/119775

Links to FragAttacks Vendor Bulletins (in German)
https://www.heise.de/news/WLAN-Sicherheitsluecken-FragAttacks-Erste-Updates-6045116.html

Adobe Acrobat Patches
https://helpx.adobe.com/security/products/acrobat/apsb21-29.html

Sending Arbitrary Messages via FindMy
https://positive.security/blog/send-my

keywords: find my; apple; airtag; adobe; acrobat; patches; fragattacks; pipeline; ics

The post Network Security News Summary for Thursday May 13rd, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/network-security-news-summary-for-thursday-may-13rd-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-thursday-may-13rd-2021

Inside BNP Paribas’ Digital Banking Innovation: Cloud, Data, AI

Inside BNP Paribas’ Digital Banking Innovation: Cloud, Data, AI
michelle
Wed, 05/12/2021 – 14:34

Featuring BNP Paribas Global CIO Bernard Gavgani

May 12, 2021

The banking sector, for many decades, has relied on legacy processes and systems to serve its customers. But today, the rise of online banking, digital applications, and challenger banks has caused significant disruption across financial services.

The COVID-19 crisis has put pressure on banks to improve their digital offerings as lockdowns have forced customers to turn to online banking rather than physical, in-store experiences. Big banks, once kings of capital, are facing competitive pressure from both fintech and the technology giants, who are making great strides to offer a seamless digital financial services experience tied to their core platform, while managing a flurry of stringent regulations across the globe.  

The need to provide better, faster, and safer digital services to customers remains a powerful driver of digital transformation for banking institutions. This is especially true for BNP Paribas, the world’s seventh largest bank by total assets and the largest bank in Europe. 

Today, BNP Paribas is taking a bold approach towards harnessing data and technology to accelerate digital innovation in the banking industry. Read our interview with Global Chief Information Officer Bernard Gavgani as he reveals ways in which the organization strategically leverages data to elevate the customer experience, the most important AI initiatives at the bank, and more.

 

Data Company Podcast · Inside BNP Paribas’ Digital Banking Innovation: Cloud, Data, AI

Editor’s note: This interview was edited and condensed for brevity and clarity. 

Jedidiah Yueh: Bernard, you’re running one of the world’s biggest technology organizations as part of one of the world’s biggest banks. How important is it for you to keep pace and to innovate at the speed of the tech giants?

Bernard Gavgani: Digital transformation has never been as urgent as today, bringing new opportunities to constantly evolve our IT and to ensure interoperability within the chosen solutions. In such a fast changing environment, we see the emergence of new players in the banking industry, such as neobanks that are relying on technologies to compete with traditional players in the sector and are particularly agile and innovative. 

For the banking industry, we need to have a co-opetition posture, collaborating with some, while working actively with others to be more and more attractive. Digital is the answer. The bank of tomorrow must be modern and digital. 

BNP Paribas began its digitalization journey in 2013. In 2017, the bank realized that the private cloud structure was hammering the rapid development of digital banking functionalities. Companies using public clouds could get new computer servers or new storage to develop applications in minutes, while it took the bank several weeks to secure similar resources. It therefore seemed natural to us to embrace the movement of using the public cloud while finding solutions to preserve the sovereignty of our customer’s data and banking transactions.

Jedidiah Yueh: When you think about digital transformation as a complete journey, where do you see BNP Paribas? 

Bernard Gavgani: We have to provide efficient day-to-day banking for clients and a more digital personalized sales approach to deliver higher quality service. To remain attractive, we have to build new relationship models and find the perfect balance between human and digital. For example, we have launched many initiatives to support business transformation for the instant payment domains. Instant payment rollout is on track, thanks to the creation of the dedicated IT department to ensure both rationalization and security from the retail and corporate payment to the whole group.

We have also transformed our IT architecture by facilitating internal and external partnerships, launching the API program, and accelerating the move to the cloud. At the same time, we are strengthening IT security while maintaining a strong focus on data leakage prevention. BNP Paribas is accelerating its digital transformation journey in order to build the European bank of reference, even though we will have a long way to go.

Jedidiah Yueh: During COVID-19, we saw more and more privacy bills that were introduced or passed. How do these regulations impact the bank like BNP Paribas?

Bernard Gavgani: Regulations lead to increasingly important constraints, which for a certain number of them are contradictory with the very spirit of the digital transformation. As an example, banks are trying to find a good balance between cloud, public, private, hybrid, and the regulatory requirements. The question now is how do regulators impact innovation at the banks? 

Regulators need to set up to stay relevant in the digital economy. They need to drive a cashless digital economy, overcome a trend of increasingly complex regulatory requirements, protect the interests of the end customers and the country’s citizens, and define a business continuity plan to take into account crisis and security threats—all impacting the volatility of the global economy. To manage the increasing costs of compliance and facilitate innovation and market competition, we are implementing emerging technologies such as blockchain, artificial intelligence, robotics, and APIs.

Jedidiah Yueh: Can you talk about the importance of APIs to the bank?

Bernard Gavgani: Our IT department embraced APIs a long time ago, both internally and connected internal applications, but also externally to connect to our technology partners and suppliers. To drive internal efficiency and organization. 

More recently, we have started to embrace an API-first mindset, in which APIs are not only a question of connectivity but also a product. We are shifting to the paradigm, where APIs are a means to expose data and services, to carry a value proposition in a convenient package that is easy to consume with appropriate access rights and data protection.

Jedidiah Yueh: Bernard, you’re one of our most innovative customers, and you’ve actually built an extensive application on our platform and APIs. Talk to us about your open digital marketplace and your data agility products. 

Bernard Gavgani: The challenge of the open digital marketplace and data agility is the increasing capacity to the bank’s data teams to develop new models. We have a data producer, and we have a platform producer. Both expose their products to the open digital marketplace, a portal where data teams come to define and couple data and platforms. 

Data allows us to better know our customers, to manage continuous and consistent messaging between the customers and the bank, and build a highly personalized relationship with each customer. 

BNP Paribas must strengthen customers’ trust and protect data usage through optimal data privacy practices with an operating model relying on local empowerment and federated extensions. All this goes with APIs, so APIs are the fuel of our economy today.

Jedidiah Yueh: How important is data to the bank?

Bernard Gavgani: Data is a key asset for the bank, as all processes rely on data. Value will come from data manipulated, created, stored from and by our services to build services for our clients. 

Data is part of our DNA in our day-to-day lives. Our objective is to facilitate the usage of data to increase productivity and the performance. For example, without a robust scoring engine, we cannot give customers credit. Without algorithms, we cannot send efficient marketing campaigns. Without high quality data, we cannot detect potential risk, hence the importance of collecting and making the best use of our customer data. 

This is why BNP Paribas has invested into data management. Within our bank, a dedicated organization has been put in place around the data to ensure data integrity, quality, and fluidity, so that IT and the business closely cooperates to improve a common data strategy trajectory.

Jedidiah Yueh: There’s a lot of hype and promise around AI, machine learning, and deep learning. Tell us about the AI-as-a-service application you’ve built.

Bernard Gavgani: Digital intelligence is a powerful driver of growth and innovation. It’s key to reaching operational excellence, customer satisfaction, and value creation. We’re also advising new ways of working with our customers more efficiently and leveraging AI to manage our IT and IT department. 

Jedidiah Yueh: There are so many places where you can apply machine learning. What are the most important areas that you could apply the technology as you look into the future?

Bernard Gavgani: Between September 2017 and June 2020, the number of AI use cases have increased by 3.5 times. Those going into production increased from 12 to 31. Use cases are mostly articulated around enhancing operational workflow and customer knowledge. 

Jedidiah Yueh: You’ve been with BNP Paribas for over 20 years now. How has your perspective changed over that time?

Bernard Gavgani: Our industry is now changing with new players, such as GAFA, neobanks, fintech. To meet the many challenges in the banking world, BNP Paribas is evolving its traditional model to adopt new technologies, offer new services while guaranteeing capability and interactivity with all the systems—all in the secure environment. IT is the heart of such significant transformations.

In today’s fast changing environment, IT is now at the heart of the bank strategy to deeply transform the banking sector. We can say that IT will definitely become the symbol of the bank of tomorrow.

 

About the Speakers

Bernard Gavgani 
Since 2018, he has been Group Chief Information Officer. He is a graduate of the Massachusetts Institute of Technology – Sloan School of Management and holds an Executive MBA from the Ecole des Hautes Etudes Commerciales (HEC) in Paris.

Jedidiah Yueh
Jedidiah Yueh started his career as a high school teacher. He is the bestselling author of Disrupt or Die, a book that refutes conventional ideas on innovation with proven frameworks from Silicon Valley. Prior to his book, Jed put his frameworks to the test, leading two waves of disruption in data management, first as founding CEO of Avamar (sold to EMC in 2006 for $165M). Avamar pioneered data de-duplication and generated over $5B in cumulative sales. After Avamar, Jed founded Delphix, which provides a data platform to enable digital transformation for over 30% of the Global 100 and has surpassed $100 million in ARR. In 2013, the San Francisco Business Times named Jed CEO of the Year. Jed has over 30 patents in data management and graduated Phi Beta Kappa, magna cum laude with a degree in English and psychology from Harvard.

The post Inside BNP Paribas’ Digital Banking Innovation: Cloud, Data, AI appeared first on Security Boulevard.

Read More

The post Inside BNP Paribas’ Digital Banking Innovation: Cloud, Data, AI appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/inside-bnp-paribas-digital-banking-innovation-cloud-data-ai/?utm_source=rss&utm_medium=rss&utm_campaign=inside-bnp-paribas-digital-banking-innovation-cloud-data-ai

Despite Heightened Breach Fears, Incident Response Capabilities Lag

Many organizations remain unprepared to detect, respond, and contain a breach, a new survey shows.

The post Despite Heightened Breach Fears, Incident Response Capabilities Lag appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/despite-heightened-breach-fears-incident-response-capabilities-lag/?utm_source=rss&utm_medium=rss&utm_campaign=despite-heightened-breach-fears-incident-response-capabilities-lag

Four compliance considerations for government bidding

The complexity of government procurement can be intimidating, but a strong compliance program tailored to the risks applicable to your…

The post Four compliance considerations for government bidding appeared first on Entrust Blog.

The post Four compliance considerations for government bidding appeared first on Security Boulevard.

Read More

The post Four compliance considerations for government bidding appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/four-compliance-considerations-for-government-bidding/?utm_source=rss&utm_medium=rss&utm_campaign=four-compliance-considerations-for-government-bidding

Researchers Unearth 167 Fake iOS & Android Trading Apps

The apps are disguised as financial trading, banking, and cryptocurrency apps from well-known and trusted organizations.

The post Researchers Unearth 167 Fake iOS & Android Trading Apps appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/researchers-unearth-167-fake-ios-android-trading-apps/?utm_source=rss&utm_medium=rss&utm_campaign=researchers-unearth-167-fake-ios-android-trading-apps

10 Exploits Cybersecurity Professionals are Concerned About

The post 10 Exploits Cybersecurity Professionals are Concerned About appeared first on Digital Defense, Inc..

The post 10 Exploits Cybersecurity Professionals are Concerned About appeared first on Security Boulevard.

Read More

The post 10 Exploits Cybersecurity Professionals are Concerned About appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/10-exploits-cybersecurity-professionals-are-concerned-about-2/?utm_source=rss&utm_medium=rss&utm_campaign=10-exploits-cybersecurity-professionals-are-concerned-about-2

Putting The Spotlight on DarkSide

Incident responders share insight on the DarkSide ransomware group connected to the recent Colonial Pipeline ransomware attack.

The post Putting The Spotlight on DarkSide appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/putting-the-spotlight-on-darkside/?utm_source=rss&utm_medium=rss&utm_campaign=putting-the-spotlight-on-darkside

End-to-End IoT Device Security: What You Need to Know

In the course of reading this article, you’ll likely interact with several connected devices. And you probably wouldn’t have even given it a second thought if we hadn’t just called it out.

The post End-to-End IoT Device Security: What You Need to Know appeared first on Security Boulevard.

Read More

The post End-to-End IoT Device Security: What You Need to Know appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/end-to-end-iot-device-security-what-you-need-to-know/?utm_source=rss&utm_medium=rss&utm_campaign=end-to-end-iot-device-security-what-you-need-to-know

66% of CISOs Feel Unprepared for Cyberattacks

More than half of CISOs surveyed are more concerned about a cyberattack in 2021 than in 2020, researchers report.

The post 66% of CISOs Feel Unprepared for Cyberattacks appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/66-of-cisos-feel-unprepared-for-cyberattacks/?utm_source=rss&utm_medium=rss&utm_campaign=66-of-cisos-feel-unprepared-for-cyberattacks

Researchers Flag e-Voting Security Flaws

Paper ballots and source-code transparency are recommended to improve election security.
Read More

The post Researchers Flag e-Voting Security Flaws appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/researchers-flag-e-voting-security-flaws/?utm_source=rss&utm_medium=rss&utm_campaign=researchers-flag-e-voting-security-flaws

Chart Topping Threats – How Attacks will Rage in 2021 – Artsiom Holub, Austin McBride – ESW #227

Cyberattackers have not been slowed down by the worldwide pandemic. Phishing, cryptojacking, and trojans all continue to dominate the cybersecurity threat charts. It’s critical to know what security issues are most likely to crop up within your organization and their potential impacts. The challenge is that the most active threats change over time as the prevalence of different attacks ebb and flows. Register to learn about key threat trends facing businesses like yours in 2021. We’ll be joined by Data Scientist, Austin McBride, and Security Researcher, Artsiom Holub. We’ll tackle tough questions and take a deeper dive into recent threats to help you craft a strategy that helps you investigate threats, simplify operations, and scale security.

Segment Resources:
What attacks aren’t you seeing?
The modern cybersecurity landscape: Scaling for threats in motion
Cloud Security Buyers Guide

This segment is sponsored by Cisco Umbrella.

Visit https://securityweekly.com/ciscoumbrella to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw227

The post Chart Topping Threats – How Attacks will Rage in 2021 – Artsiom Holub, Austin McBride – ESW #227 appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/chart-topping-threats-how-attacks-will-rage-in-2021-artsiom-holub-austin-mcbride-esw-227/?utm_source=rss&utm_medium=rss&utm_campaign=chart-topping-threats-how-attacks-will-rage-in-2021-artsiom-holub-austin-mcbride-esw-227

Vulnerable Protocols Leave Firms Open to Further Compromises

Companies may no longer have Internet-facing file servers or weakly secured Web servers, but attackers that get by the perimeter have a wide-open landscape of vulnerability.

The post Vulnerable Protocols Leave Firms Open to Further Compromises appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/vulnerable-protocols-leave-firms-open-to-further-compromises/?utm_source=rss&utm_medium=rss&utm_campaign=vulnerable-protocols-leave-firms-open-to-further-compromises

Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales

A new type of fraud is spiking across the platform: Selling fake vax records to people who want to lie their way into places where proof of vaccine is required.
Read More

The post Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/telegram-fraudsters-ramp-up-forged-covid-19-vaccine-card-sales/?utm_source=rss&utm_medium=rss&utm_campaign=telegram-fraudsters-ramp-up-forged-covid-19-vaccine-card-sales

How to prevent Magecart attacks

The global e-commerce economy continues to grow with nearly $26.7 trillion spent in 2020. Website owners have an obligation to protect their sites, their data, and their customers to ensure the integrity of online transactions. They face increasing pressure to safeguard against browser-side attacks like Magecart.

The post How to prevent Magecart attacks appeared first on Security Boulevard.

Read More

The post How to prevent Magecart attacks appeared first on Malware Devil.

https://malwaredevil.com/2021/05/12/how-to-prevent-magecart-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-prevent-magecart-attacks

Microsoft May 2021 Patch Tuesday, (Tue, May 11th)

This month we got patches for 55 vulnerabilities. Of these, 4 are critical, 3 were previously disclosed and none is being exploited according to Microsoft.

One of the critical vulnerabilities which requires special attention this month is a remote code execution (RCE) on HTTP Protocol Stack (CVE-2021-31166). An unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. This vulnerability requires no user authentication or interaction – thus, it is considered a wormable vulnerability. The vulnerability affects different versions of Windows 10, Windows Server 2004 and Windows Server 20H2 and has a CVSS score of 9.8.

A second critical vulnerabilities addressed this month is RCE affecing Hyper-V on virtually all supported Windows versions (CVE-2021-28476). Microsoft’s advisory states that the issue a guest VM to force the Hyper-V host’s kernel to read from an arbitrary, potentially invalid address. In most circumstances, this would result in a denial of service of the Hyper-V host due to reading an unmapped address, but it may also could lead to other types of compromise of the Hyper-V host’s security. The CVSS for this vulnerability is 9.9. 

The other two critical vulnerabilities are a RCE on OLE Automation (CVE-2021-31194) associated with a CVSS of 7.50 and a Scripting Engine Memory Corruption Vulnerability (CVE-2021-26419) affecting Internet Explorer 11 with a CVSS of 6.40. None of four critical vulnerabilities was previously disclosed. 

See my dashboard for a more detailed breakout: (https://patchtuesdaydashboard.com).

 

Description

CVE
Disclosed
Exploited
Exploitability (old versions)
current version
Severity
CVSS Base (AVG)
CVSS Temporal (AVG)

.NET and Visual Studio Elevation of Privilege Vulnerability

%%cve:2021-31204%%
Yes
No
Less Likely
Less Likely
Important
7.3
6.4

Common Utilities Remote Code Execution Vulnerability

%%cve:2021-31200%%
Yes
No
Less Likely
Less Likely
Important
7.2
6.7

Dynamics Finance and Operations Cross-site Scripting Vulnerability

%%cve:2021-28461%%
No
No
Less Likely
Less Likely
Important
6.1
5.5

HTTP Protocol Stack Remote Code Execution Vulnerability

%%cve:2021-31166%%
No
No
More Likely
More Likely
Critical
9.8
8.5

Hyper-V Remote Code Execution Vulnerability

%%cve:2021-28476%%
No
No
Less Likely
Less Likely
Critical
9.9
8.6

Microsoft Accessibility Insights for Web Information Disclosure Vulnerability

%%cve:2021-31936%%
No
No
Less Likely
Less Likely
Important
7.4
6.7

Microsoft Bluetooth Driver Spoofing Vulnerability

%%cve:2021-31182%%
No
No
Less Likely
Less Likely
Important
7.1
6.2

Microsoft Excel Information Disclosure Vulnerability

%%cve:2021-31174%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Microsoft Exchange Server Remote Code Execution Vulnerability

%%cve:2021-31195%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

%%cve:2021-31198%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Exchange Server Security Feature Bypass Vulnerability

%%cve:2021-31207%%
Yes
No
Less Likely
Less Likely
Moderate
6.6
5.8

Microsoft Exchange Server Spoofing Vulnerability

%%cve:2021-31209%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability

%%cve:2021-28455%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

Microsoft Office Graphics Remote Code Execution Vulnerability

%%cve:2021-31180%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft Office Information Disclosure Vulnerability

%%cve:2021-31178%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Microsoft Office Remote Code Execution Vulnerability

%%cve:2021-31175%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31176%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31177%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31179%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Microsoft SharePoint Information Disclosure Vulnerability

%%cve:2021-31171%%
No
No
Less Likely
Less Likely
Important
4.1
3.6

Microsoft SharePoint Remote Code Execution Vulnerability

%%cve:2021-31181%%
No
No
More Likely
More Likely
Important
8.8
7.7

Microsoft SharePoint Server Information Disclosure Vulnerability

%%cve:2021-31173%%
No
No
Less Likely
Less Likely
Important
5.3
4.8

Microsoft SharePoint Server Remote Code Execution Vulnerability

%%cve:2021-28474%%
No
No
More Likely
More Likely
Important
8.8
7.7

Microsoft SharePoint Spoofing Vulnerability

%%cve:2021-31172%%
No
No
Less Likely
Less Likely
Important
7.1
6.2

%%cve:2021-28478%%
No
No
Less Likely
Less Likely
Important
7.6
6.6

%%cve:2021-26418%%
No
No
Less Likely
Less Likely
Important
4.6
4.0

Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability

%%cve:2021-31184%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

OLE Automation Remote Code Execution Vulnerability

%%cve:2021-31194%%
No
No
Less Likely
Less Likely
Critical
8.8
7.7

Scripting Engine Memory Corruption Vulnerability

%%cve:2021-26419%%
No
No
More Likely
More Likely
Critical
6.4
5.8

Skype for Business and Lync Remote Code Execution Vulnerability

%%cve:2021-26422%%
No
No
Less Likely
Less Likely
Important
7.2
6.3

Skype for Business and Lync Spoofing Vulnerability

%%cve:2021-26421%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Visual Studio Code Remote Code Execution Vulnerability

%%cve:2021-31211%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31214%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability

%%cve:2021-31213%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Visual Studio Remote Code Execution Vulnerability

%%cve:2021-27068%%
No
No
Less Likely
Less Likely
Important
8.8
7.7

Web Media Extensions Remote Code Execution Vulnerability

%%cve:2021-28465%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows CSC Service Information Disclosure Vulnerability

%%cve:2021-28479%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

%%cve:2021-31190%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Container Manager Service Elevation of Privilege Vulnerability

%%cve:2021-31165%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31167%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31168%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31169%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

%%cve:2021-31208%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Desktop Bridge Denial of Service Vulnerability

%%cve:2021-31185%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Graphics Component Elevation of Privilege Vulnerability

%%cve:2021-31170%%
No
No
More Likely
More Likely
Important
7.8
6.8

%%cve:2021-31188%%
No
No
More Likely
More Likely
Important
7.8
6.8

Windows Media Foundation Core Remote Code Execution Vulnerability

%%cve:2021-31192%%
No
No
Less Likely
Less Likely
Important
7.3
6.4

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

%%cve:2021-31191%%
No
No
Less Likely
Less Likely
Important
5.5
4.8

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

%%cve:2021-31186%%
No
No
Less Likely
Less Likely
Important
7.4
6.4

Windows SMB Client Security Feature Bypass Vulnerability

%%cve:2021-31205%%
No
No
Less Likely
Less Likely
Important
4.3
3.8

Windows SSDP Service Elevation of Privilege Vulnerability

%%cve:2021-31193%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows WalletService Elevation of Privilege Vulnerability

%%cve:2021-31187%%
No
No
Less Likely
Less Likely
Important
7.8
6.8

Windows Wireless Networking Information Disclosure Vulnerability

%%cve:2020-24587%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

Windows Wireless Networking Spoofing Vulnerability

%%cve:2020-24588%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

%%cve:2020-26144%%
No
No
Less Likely
Less Likely
Important
6.5
5.7

—
Renato Marinho
Morphus Labs| LinkedIn|Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Microsoft May 2021 Patch Tuesday, (Tue, May 11th) appeared first on Malware Devil.

https://malwaredevil.com/2021/05/11/microsoft-may-2021-patch-tuesday-tue-may-11th/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-may-2021-patch-tuesday-tue-may-11th

A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm

Trinity Cyber takes a new spin on some traditional network-security techniques, but can its approach catch on widely?

The post A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm appeared first on Malware Devil.

https://malwaredevil.com/2021/05/11/a-startup-with-nsa-roots-wants-silently-disarming-cyberattacks-on-the-wire-to-become-the-norm/?utm_source=rss&utm_medium=rss&utm_campaign=a-startup-with-nsa-roots-wants-silently-disarming-cyberattacks-on-the-wire-to-become-the-norm

BloodHound Enterprise vs. BloodHound Open-Source

As we’re continuing to approach our summer launch, many of you have asked us for a simple breakdown of BloodHound Enterprise vs BloodHound free and open-source (FOSS). There’s quite a lot to detail as the two products are built around two completely different use cases for different target audiences — BloodHound FOSS is designed to identify Attack Paths to exploit, BloodHound Enterprise is designed to continuously and comprehensively manage Attack Path risk. However, we did our best to boil down everything in the table below for clarity.

We also recently did a webinar and live Q&A just covering the differences in data collection if you’re looking for more information on that topic specifically.

Missed our BloodHound Enterprise announcement webinar? You can also sign up to receive updates as we push them here.

BloodHound Enterprise vs. BloodHound Open-Source was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read More

The post BloodHound Enterprise vs. BloodHound Open-Source appeared first on Malware Devil.

https://malwaredevil.com/2021/05/11/bloodhound-enterprise-vs-bloodhound-open-source/?utm_source=rss&utm_medium=rss&utm_campaign=bloodhound-enterprise-vs-bloodhound-open-source

Webinar: Cybereason vs. DarkSide Ransomware

Colonial Pipeline was recently the victim of a devastating attack that shut down U.S. operations across the East Coast, threatening an already tenuous economic recovery effort. This attack against critical infrastructure by the DarkSide Ransomware gang highlights the urgent need for better ransomware prevention, detection and response.

The post Webinar: Cybereason vs. DarkSide Ransomware appeared first on Security Boulevard.

Read More

The post Webinar: Cybereason vs. DarkSide Ransomware appeared first on Malware Devil.

https://malwaredevil.com/2021/05/11/webinar-cybereason-vs-darkside-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=webinar-cybereason-vs-darkside-ransomware

Colonial Pipeline attack expected to trigger imminent hardening of cybersecurity rules for federal agencies

The ransomware attack on Colonial Pipeline last week caused the White House to hold emergency meetings to possibly strengthen a planned Executive Order on cybersecurity that could be released in the coming days or weeks, the New York Times reported.

The Executive Order–currently a draft–could place new restrictions on businesses that develop software and sell it to the federal government, such as the requirements to use multi-factor authentication and to access federal databases only when completely necessary. Such a strategy seemed like an appropriate response several months ago, when cybercriminals believed to be working with the Russian government infiltrated nine federal agencies by first hacking into the IT management company SolarWinds.

But the recent attack on Colonial Pipeline reveals that new rules meant only for federal contractors could still leave broad swaths of the American public at risk. Complicating the issue is that, while President Joe Biden has taken a harder stance against Russian cyberaggression than the past administration, the attack on Colonial Pipeline has no confirmed connection to the Russian government.

“I’m going to be meeting with President Putin, and so far there is no evidence based on, from our intelligence people, that Russia is involved, although there’s evidence that the actors’ ransomware is in Russia,” Biden said this week.

According to multiple reports of the planned Executive Order, companies that sell their products to the government could have to implement several new cybersecurity measures.

Such companies would have to use multi-factor authentication and they would have to encrypt data that belongs to federal government clients. The government would also begin using a “zero-trust” model with these contractors, meaning that such contractors would only gain access to federal systems on a “need-to-know” basis. Further, contractors would also have to notify government customers of any cyberbreach, bringing new transparency to the government about ongoing and increasingly frequent cybercrimes.

In speaking with Reuters, a spokeswoman for the National Security Council explained the importance of such a requirement, noting that the SolarWinds attack showed that “the federal government needs to be able to investigate and remediate threats to the services it provides the American people early and quickly.”

She continued: “Simply put, you can’t fix what you don’t know about.”

According to The New York Times, companies that violate these rules would have their products banned from being sold to the federal government. For many companies that count the federal government as their largest client, such a ban could serve as a revenue death knell.

Finally, the Executive Order could create a “cybersecurity incident review board” to investigate major cyberattacks in the US, and the Order could ask victims of cyberattacks to work with the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency when responding to attacks.

The post Colonial Pipeline attack expected to trigger imminent hardening of cybersecurity rules for federal agencies appeared first on Malware Devil.

https://malwaredevil.com/2021/05/11/colonial-pipeline-attack-expected-to-trigger-imminent-hardening-of-cybersecurity-rules-for-federal-agencies-5/?utm_source=rss&utm_medium=rss&utm_campaign=colonial-pipeline-attack-expected-to-trigger-imminent-hardening-of-cybersecurity-rules-for-federal-agencies-5