March 11, 2024 at 12:30AM
Microsoft took six months to patch a rootkit vulnerability in Windows discovered by North Korean hackers Lazarus Group. Avast researchers notified Microsoft of an admin-to-kernel exploit, but Microsoft did not prioritize the matter, waiting until February’s patch Tuesday to fix the issue. Critical vulnerabilities were also found in recent Apple security updates. Additionally, the NSA and cybersecurity agencies have issued tips on mitigating cloud security risks, while a new pilot program aims to train Jordanian women in cybersecurity.
The key takeaways from the meeting notes are as follows:
1. Microsoft’s delayed response to addressing rootkit vulnerabilities discovered by cybersecurity researchers
2. Critical vulnerabilities in Apple’s iOS and iPadOS versions 17.4 and 16.7.6, some of which are actively exploited
3. Security flaws in access control devices, Chirp access management product, and Cisco Secure Client
4. NSA and Cybersecurity and Infrastructure Security Agency’s cloud security mitigation tips
5. Training initiative for Jordanian women in cybersecurity, aimed at promoting diversity and inclusivity in the workforce
Let me know if you need further details or analysis on any of these topics.