November 4, 2024 at 10:06AM In July, a major tech outage caused $5.4 billion in damages, prompting a critical reevaluation of automatic updates and the C-I-A triad (Confidentiality, Integrity, Availability). The CrowdStrike incident emphasizes the need for better vendor transparency, rigorous testing, and a balanced focus to enhance cybersecurity resilience and trust. ### Meeting Takeaways … Read more
October 31, 2024 at 10:44AM Microsoft has resolved launch issues for certain apps on Windows 10 22H2 following the September 2024 preview cumulative update. Non-admin users may encounter failures with apps like Quick Assist and Teams. A Known Issue Rollback (KIR) will automatically apply the fix, with guidance available for enterprise-managed devices. ### Meeting Takeaways: … Read more
October 30, 2024 at 10:05AM The text discusses the paradox of cybersecurity tools, which, while essential for protection, can cause major disruptions when mishandled. High-profile outages from CrowdStrike and Verizon highlight the need for careful management and testing of updates, resilience planning, and continuous vigilance to mitigate risks and minimize impact during failures. ### Meeting … Read more
October 28, 2024 at 08:52AM Microsoft has implemented mitigations for recently identified downgrade attacks affecting the Windows Update process, addressing security vulnerabilities. The company shared more details regarding these attacks following the rollout of these protective measures. **Meeting Takeaways:** 1. **Subject Matter**: Microsoft has addressed security concerns related to recently disclosed downgrade attacks. 2. **Focus**: … Read more
October 16, 2024 at 01:42AM GitHub has released security updates for Enterprise Server (GHES) addressing a critical vulnerability (CVE-2024-9487) that could enable unauthorized access via SAML SSO. The flaw has a CVSS score of 9.5. Additional vulnerabilities were also patched. Users are urged to update to the latest versions for enhanced security. ### Meeting Takeaways … Read more
October 15, 2024 at 10:24AM A public dispute has erupted between WP Engine and WordPress founder Matt Mullenweg over the Advanced Custom Fields (ACF) plug-in, following Mullenweg’s decision to fork ACF into Secure Content Fields (SCF). This has led to user confusion regarding updates, security issues, and potential legal actions between the companies. ### Meeting … Read more
October 13, 2024 at 02:30PM Multiple vulnerabilities affecting visionOS 2 on Apple Vision Pro have been addressed in a September 2024 update. Issues include improved checks for root access, race conditions, out-of-bounds reads, cross-origin data exfiltration, denial-of-service risks, and unauthorized Bluetooth access. Users are encouraged to update to enhance security. **Meeting Takeaways: Security Updates for … Read more
October 9, 2024 at 11:43AM Multiple security vulnerabilities in the Manufacturing Message Specification (MMS) protocol pose risks for industrial environments, potentially enabling device crashes and remote code execution. Key libraries affected were patched in 2022, but gaps in security for modern technology versus outdated protocols persist. Additional vulnerabilities in other systems were also reported. ### … Read more
October 9, 2024 at 08:12AM The Consumer Cyber Readiness Report reveals that while consumers acknowledge cyber threats, their adoption of security measures is low. Only 28% have identity theft protection, 54% use malware protection, and just 10% utilize encryption. There’s slight progress in software updates, but many remain uncertain about their security tools. ### Meeting … Read more
October 8, 2024 at 07:40PM Patch Tuesday released 117 Microsoft patches, addressing serious vulnerabilities including CVE-2024-43572, a high-risk flaw allowing unauthorized code execution, and CVE-2024-43573, a moderate spoofing issue. Adobe and SAP also issued numerous updates, with notable concerns in BusinessObjects and Apache Log4j related to their respective vulnerabilities. ### Meeting Takeaways **Patch Tuesday Overview … Read more