iTWire - Search results

1. Proofpoint says threat actor deploying malicious code on media sites: (Security); ... - I never knew how the rogue adverts were getting inserted. https://t.co/tVIJxvCdOh — Kevin Beaumont (@GossiTheDog) November 2, 2022 "We track this actor as #TA569. TA569 historically removed and reinstated ...; Created on 03 November 2022
2. OpenSSL patches released, UK sec expert's judgment justifie: (Security); ... British security expert Kevin Beaumont not to get carried away by hype over the expected announcement, as iTWire reported. The project said it had released advisories about "CVE-2022-3786 (“X.509 Email ...; Created on 02 November 2022
3. UK sec guru plays down hype over new OpenSSL vulnerability: (Security); British security researcher Kevin Beaumont has played down the hype over a recent announcement about a critical flaw in the open-source cryptographic library OpenSSL from Red Hat Linux. The advisory is ...; Created on 31 October 2022
4. Facebook parent Meta sees US$800b in market value wiped after bad 3Q: (Market); ... for the quarter came in at US$4.4 billion, compared to US$9.2 billion for the corresponding quarter in 2021. i wonder when things went wrong at Facebook pic.twitter.com/ZLqG9vHWWQ — Kevin Beaumont ...; Created on 28 October 2022
5. Massive leak of Microsoft customer data claimed to be biggest B2B spill: (Security); ... that this data was only the first part of the leak. The total amount of data was from more than 150,000 companies in 123 different countries, SOCRadar said in a post. British security guru Kevin ...; Created on 20 October 2022
6. LinkedIn kicks out infosec expert, then restores his profile: (Security); Professional networking site LinkedIn has reinstated British security guru Kevin Beaumont's account, after kicking him off the platform for unspecified reasons. Beaumont told iTWire that LinkedIn had ...; Created on 14 October 2022
7. Fortinet authentication bypass flaw being exploited in the wild: (Security); ... immediately validating your systems against the following indicator of compromise in the device's logs: user="Local_Process_Access"," the advisory said. Well-known British security guru Kevin Beaumont ...; Created on 12 October 2022
8. Microsoft fails to fix Exchange zero-days in October Patch Tuesday release: (Security); ... updates for vulnerabilities in Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019. As iTWire reported, based on tweets from British security expert Kevin Beaumont, the two zero-days ...; Created on 12 October 2022
9. Microsoft changes mitigation guidance for zero-days, but tells no one: claim: (Security); Microsoft has changed a portion of the advice it issued for mitigation of two bugs in its Exchange Server product, but made no mention of the change, well-known British security researcher Kevin Beaumont ...; Created on 05 October 2022
10. Microsoft investigating two zero-days affecting Exchange Server: (Security); ... https://t.co/USUC17pMTa — Kevin Beaumont (@GossiTheDog) September 30, 2022 British security expert Kevin Beaumont was the first to mention the issue in a series of tweets this morning that iTWire ...; Created on 30 September 2022
11. Researcher warns of new zero-day in Microsoft Exchange under exploit: (Security); Reports are emerging that a new zero-day exists in Microsoft Exchange and that it is being exploited in the wild, a well-known security researcher has warned. Kevin Beaumont said in a series of tweets ...; Created on 30 September 2022
12. Microsoft patches 55 flaws, Follina fix finally released: (Security); ... like CVE for providers. https://t.co/3cXCUet8UK pic.twitter.com/hVQ1YPdFqq — Kevin Beaumont (@GossiTheDog) June 14, 2022 "On the subject of Microsoft’s troubling pattern of dismissing legitimate security ...; Created on 15 June 2022
13. New Linux backdoor BPFDoor found on systems, method of access unknown: (Security); British security researcher Kevin Beaumont has listed details about a backdoor that is claimed to infect Linux systems, with the consulting firm PwC having documented it as well. Both claim the threat ...; Created on 13 May 2022
14. Microsoft's May diet: patches for 73 flaws, including two zero-day: (Security); ... requires an attacker to be seated as an attacker-in-the-middle. Patch Tuesday later pic.twitter.com/8aReJepxKv — Kevin Beaumont (@GossiTheDog) May 10, 2022 "In addition to patching this flaw, organisations ...; Created on 11 May 2022
15. Lapsus$ breaches software consultancy firm Globant, steals source code: (Security); ... are asking for information regarding LAPSUS. pic.twitter.com/G1JDiLrizv — Kevin Beaumont (@GossiTheDog) March 30, 2022 Of itself, the company says on its website: "We are a digitally native company ...; Created on 31 March 2022
16. UK police arrest seven teens allegedly connected to Lapsus$: (Security); ... spinning this as insider access and SIM hijacking to press in anonymous briefings. 95% of the incidents are directly related to zero trust and security service vendors. — Kevin Beaumont (@GossiTheDog) ...; Created on 25 March 2022
17. Okta knew about breach in January, kept mum until Lapsus$ post: (Open Sauce); ... zero trust. pic.twitter.com/pGP6f56sfg — Kevin Beaumont (@GossiTheDog) March 23, 2022 He cited a critical 2018 SAML vulnerability, CERT VU#475445, found by Duo that "allowed user impersonation that ...; Created on 24 March 2022
18. Identity provider Okta says investigating claims of breach: (Security); ... — Kevin Beaumont (@GossiTheDog) March 17, 2022 Lapsus$ is said to be based in Brazil. On Tuesday, as iTWire reported, the group claimed it had it leaked the source of Microsoft products such as Bing ...; Created on 22 March 2022
19. First Samsung breach, now Microsoft: Lapsus$ makes bold claim: (Security); ... will tell." Microsoft has had multiple code signing certs leaked, not just source code. https://t.co/YkRjCk7X6z — Kevin Beaumont (@GossiTheDog) March 22, 2022 Callow said Lapsus$ was believed ...; Created on 22 March 2022
20. Log4j attacks remain low-key compared to infosec industry hype: (Security); ... code that mean even if they did fix the core failure, it would still be completely ineffective." The hype led another UK expert, Kevin Beaumont, to create a graph to poke fun at the situation. In one ...; Created on 22 December 2021
21. Logging library flaw opens software from different vendors to RCE: (Security); ... disclosed. However, don’t see evidence of mass exploitation until after public disclosure. — Matthew Prince ? (@eastdakota) December 11, 2021 In a tweet on Saturday, British infosec expert Kevin Beaumont ...; Created on 13 December 2021
22. Microsoft finally takes down malware from OneDrive, O365 platforms: (Security); Software behemoth Microsoft appears to have finally reacted to the goading of British security expert Kevin Beaumont over the fact that the company plays host to malware on its OneDrive and Office365 platforms. ...; Created on 20 October 2021
23. Sec expert warns against believing chatter around REvil disappearance: (Security); ... — Kevin Beaumont (@GossiTheDog) October 18, 2021 REvil went offline in July for the first time, after the ransomware had been used to attack about 60 managed service providers, using a zero-day flaw ...; Created on 20 October 2021
24. Multiple threat actors using OneDrive in campaigns: infosec expert: (Security); Information security expert Kevin Beaumont has continued highlighting the way in which Microsoft hosts ransomware on its own properties, pointing out that there are multiple threat actors using OneDrive ...; Created on 19 October 2021
25. Infosec expert Beaumont slams Microsoft over hosting malware 'for years: (Security); ... world’s best malware hoster for about a decade, due to O365. pic.twitter.com/95Riv0kmDg — Kevin Beaumont (@GossiTheDog) October 15, 2021 "Check out Microsoft’s average reaction time (to abuse reports). ...; Created on 17 October 2021
26. Cyber insurance should not cover ransoms: Australian officials: (Security); ... Russia. pic.twitter.com/HKosYQvOhq — Kevin Beaumont (@GossiTheDog) October 11, 2021 The report made no mention of the fact that practically all ransomware attacks are made on systems running Microsoft' ...; Created on 12 October 2021
27. Relief as Microsoft set to disable Excel 4.0 macros as default: (Security); A Microsoft announcement that the company would be disabling macros as a default feature in Excel 4.0 has been greeted as a step that "would really help defenders". British security expert Kevin Beaumont ...; Created on 08 October 2021
28. Facebook kept to its motto: it moved fast and broke things: (Security); ... British security expert Kevin Beaumont summed up Janardhan's longer post in a few words: "Facebook have issued an RCA for this. It backs up my thread. "One engineer issued a command, which took down the ...; Created on 06 October 2021
29. Facebook starts to come back, but Cloudflare tells the tale: (Security); ... and I imagine some turbulence as devices reconnect etc. — Kevin Beaumont (@GossiTheDog) October 4, 2021 On checking their database of BGP updates, the duo found a number of routing changes made by ...; Created on 05 October 2021
30. BGP woes: Facebook, Instagram and WhatsApp disappear from the Web: (Security); ... expert Kevin Beaumont said in a tweet: "Also heard this. Facebook have lost their LAN/WAN due to networking woes so there are a ton of knock on impacts. This Monday today as we are not glued to a network ...; Created on 05 October 2021
31. Software agent used by Microsoft Azure exposes Linux VMs to numerous flaws: (Security); ... As the presence of the agent is unknown to the owner of the VM, and Microsoft has no auto update mechanism for these agents, it has to be manually upgraded, British security expert Kevin Beaumont said ...; Created on 16 September 2021
32. Microsoft hit by 20th zero-day attack this year, no patch for flaw yet: (Security); ... Guard for Office is an E5 only feature and isn’t used to open docs by default. pic.twitter.com/IiaCic9EWJ — Kevin Beaumont (@GossiTheDog) September 7, 2021 As mitigation, the company said: "Disabling ...; Created on 08 September 2021
33. Accenture denies any impact from LockBit ransomware hit: (Security); ... 12 August, well-known British security researcher Kevin Beaumont tweeted that the attackers had already started leaking encrypted data claimed to be from Accenture. However, the company, which has nearly ...; Created on 17 August 2021
34. US, Australia operations of globe's biggest meat processor hit by attac: (Security); ... of the world." Well-known British security boffin Kevin Beaumont put out the following series of tweets which, while humorous, seem quite relevant. How ransomware incidents go as a thread, for those ...; Created on 02 June 2021
35. Ransomware Task Force blows hot air aplenty, says little that's ne: (Open Sauce); ... fans. — Kevin Beaumont (@GossiTheDog) April 29, 2021 It is testimony to Microsoft's clout in the security industry and its ability to spin and hire the best PR people that it has not invited the wrath ...; Created on 30 April 2021
36. Software auditing tool maker Codecov breached, upload script modified: (Security); ... good reason for something like this). — Kevin Beaumont (@GossiTheDog) April 16, 2021 Codecov has about 19,000 customers, among them Hewlett Packard Enterprise, IBM, Procter & Gamble, GoDaddy, The ...; Created on 21 April 2021
37. FireEye finds SonicWall zero-days being exploited in the wild: (Security); ... to stop scaring up sales and start fixing their products. It's not unique to SonicWall. — Kevin Beaumont (@GossiTheDog) April 20, 2021 "The system was quickly identified as a SonicWall Email Security ...; Created on 21 April 2021
38. Pulse Secure VPN device remotely exploitable due to vulnerability: (Security); ... isn't listed anywhere on their customer website homepage. pic.twitter.com/QZzjR4UshB — Kevin Beaumont (@GossiTheDog) April 20, 2021 A total of 12 malware families were being tracked in connection with ...; Created on 21 April 2021
39. Four more remotely exploitable bugs found in Microsoft Exchange Server: (Security); ... — Kevin Beaumont (@GossiTheDog) April 13, 2021 Commenting on the vulnerabilities, Satnam Narang, staff research engineer with security shop Tenable, said the four vulnerabilities had been rated 'Exploitation ...; Created on 14 April 2021
40. Marketing first, tech second: Microsoft pushes firmware security to sell new hardware: (Open Sauce); ... last year that it says will prevent firmware from being tampered with. "So is this just an attempt to divert attention and sell more PCs, or should businesses be more worried?" Kevin Beaumont, a Microsoft ...; Created on 09 April 2021
41. Nine still mum on network attack details as recovery continues: (Security); ... British sec researcher Kevin Beaumont also had many good things to say about their response. The Norsk attack had one similarity to Nine – the CEO had just started in his job. Cluley had this to say: "I’ve ...; Created on 05 April 2021
42. Channel Nine morning show goes ahead a day after network attack: (Security); ... — Kevin Beaumont (@GossiTheDog) March 24, 2021 One of the company's main newspaper websites, The Age Online, appeared to be only partially updated this morning, judging by the stories that were online ...; Created on 29 March 2021
43. Yet another Windows ransomware strain appears on the scene: (Security); ... exclude *.sys files pic.twitter.com/nUVUJTbcGO — Kevin Beaumont (@GossiTheDog) March 23, 2021 "As we saw with DearCry ransomware, this can lead to the release of prototype, rushed or poor quality code ...; Created on 24 March 2021
44. NYT reporter's infosec book: a worthy tale, but poorly tol: (Open Sauce); ... is tracking zero day vulnerabilities, exploits and usage for a living, and it's not nearly as glamorous, prevalent or interesting as pop culture would have you believe. — Kevin Beaumont (@GossiTheDog) ...; Created on 14 March 2021
45. ESET says more threat groups using Microsoft zero-days in attacks: (Security); ... coin miners and bug bounty for now — we’re in the realms of APTs spraying the internet for fun/access. pic.twitter.com/kFcuHmBZHA — Kevin Beaumont (@GossiTheDog) March 3, 2021 Those who did find breaches ...; Created on 04 March 2021
46. Four zero-day exploits used to attack Microsoft Exchange Server: (Security); ... Exchange Server, aka Outlook Web App. *Patches available now, action required to apply* Full remote code execution, without authentication. https://t.co/SPBbzT2iY9 — Kevin Beaumont (@GossiTheDog) ...; Created on 03 March 2021
47. SolarWinds quietly pulls customer page after news of global attack: (Security); ... executive Kevin Mandia said in a blog post on Sunday (Monday AEDT) that the compromise of public and private sector bodies was executed through the Orion network monitoring product sold by SolarWinds. ...; Created on 15 December 2020
48. SolarWinds product used to attack private, public sector: FireEye claim: (Security); ... corruption of software supply chains, using software that runs on Windows. Chief executive Kevin Mandia said in a blog post on Sunday (Monday AEDT) that the compromise was executed through the Orion ...; Created on 14 December 2020
49. Sophos tight-lipped about data breach, no lessons learnt from WannaCry bungle: (Open Sauce); ... it. Alas, in these days of social media, there is always an individual or two who spots these attempts to cover one's arse. British security researcher Kevin Beaumont was the one who exposed Sophos and ...; Created on 28 November 2020
50. Iran wrongly blamed for Internet outage caused by Cloudflare error: (Networking); An Internet outage in the US on Friday, which was blamed on Iran by a Twitter account known as AS-Source News that has now been deleted, was due to a configuration error on Friday made by Cloudflare staff, ...; Created on 18 July 2020

Services

Company

Connect