Security Bulletin

This is a guest diary by John Moutos

The agency aims to burn down the backlog of vulnerabilities waiting to be added to the National Vulnerabilities Database via additional funding, third-party contract, and partnership with CISA.

CISO recounts how his wife’s dental practice was hit in the Change Healthcare attack and what the industry needs to do moving forward.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Sideloading apps is now possible on iOS devices, forcing Apple to add some security features in an attempt to mitigate the dangers of loading unknown apps.

The AI company revoked exposed tokens and made several security changes in response.

Because of the role the Confluence Server plays in managing documentation and knowledge data bases, the researchers recommend users upgrade to patch CVE-2024-21683 as soon as possible.

As always, Russian APTs are hoping to foment unrest by stoking existing societal divides and fears, this time around the Olympics and EU politics; and, concerns remain around physical disruption.