Estimated Reading Time: < 1 minute
Curated daily news for March 4, 2021
Today’s articles include: Two critical reads on the Microsoft Exchange Zero-days, Qualys breached via Accellion, Malicious packages ‘Code Bomb’ major sites, Is cyber-insurance worth it?, and the difference between a SOC 2 and ISO27001.
Today’s two critical reads:
- CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
- Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
- Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit
- MalwareTech, WannaCry and Kronos – Understanding the Connections
- Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow
- Breaking Down SOC 2 and ISO 27001: Is One Really Better?
- Will Your Insurance Policies Step in After a Cyber-Attack?
- Gender diversity in cybersecurity, the key to getting ahead of hackers?
- The Different Flavors of Cyber Resilience
- Quantum firmware and the quantum computing stack
|Tool Of The Day|
|Threatspec – Continuous Threat Modeling, Through Code: Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by having developers and security engineers write threat modeling annotations as comments inside source code, then dynamically generating reports and data-flow diagrams from the code. This allows engineers to capture the security context of the code they write, as they write it. In a world of everything-as-code, this can include infrastructure-as-code, CI/CD pipelines, and serverless etc. in addition to traditional application code.|
Copyright © 2002-2021 John Masserini. All rights reserved.