This week in infosec brought several zero-days and patches to quickly follow. With zero-days and critical vulnerabilities dropping daily it's important to stay up to date in our ever-changing and evolving industry. Brinqa also had an action-packed week attending InfoSec Europe and Secure World Chicago.
Ticketfly yanks website offline to recover from cyberattack
“In a statement posted on the Ticketfly landing page, the company said that a "series of recent issues" has led the firm to believe that it is the "target of a cyber incident."
Security Lags in Enterprise Cloud Migration
“Loud security is falling farther behind as companies migrate more and more of their workloads to public cloud infrastructures.”
New vulnerabilities give cybercriminals 7 days to compromise your network
“Cybercriminals have a 7-day window of opportunity to use vulnerabilities against a target Web site before their activity is likely to be detected or stopped with a patch, according to new research that suggests the rapid time to exploit is keeping defenders continually on the back foot.”
Over 115,000 Drupal sites still vulnerable to critical flaw
“Two months after a "highly critical" security flaw was found in Drupal, a widely used web-based content management system, most of the million-plus sites thought to be affected have patched their servers.”
'Strutting' Past the Equifax Breach: Lessons Learned
“In hindsight, there were two likely causes for last year's massive breach: the decision to use Apache Struts, and a failure to patch in a timely fashion. Both are still a recipe for disaster.”
Adobe Patches Flash Zero-Day
“Adobe has issued a security update for Flash Player today to patch a zero-day vulnerability exploited by attackers in the wild.
The vulnerability was discovered and independently reported by several security firms —ICEBRG, Tencent, and two security divisions from Chinese cyber-security giant Qihoo 360."
Cisco fixes critical bug that exposed networks to hackers
“A "critical"-rated bug in one of Cisco's network access management devices could have allowed hackers to remotely break into corporate networks.”
Patches Available for Dangerous Bugs in Popular Brand of IP Cameras
"Chinese firm Foscam has published firmware updates to address three vulnerabilities in multiple models of IP-based cameras. The flaws, when exploited, allow an attacker to take control of vulnerable cameras, and especially those left connected online via a public IP address."
Jump-Start Your Management of Known Vulnerabilities
"Organizations must manage known vulnerabilities in web applications. When it comes to application security, the Open Web Application Security Project (OWASP) Foundation Top 10 is the primary source to start reviewing and testing applications."
Brinqa @ Secure World Chicago
We had a busy week even making our way to a stateside conference!
Brinqa @ InfoSec Europe
We had a busy week even making our way to a stateside conference!
