We have an active Zimbra exploit, in the wild, with espionage and “others” trying to get into +22: vulnerable systems. Everyone using Zimbra Collaboration (ZCS) who has not recently patched is at risk. Volexity Threat Research responsibly disclosed this risk on August 10th, 2022. Zero-Day exploitation was active on the disclosure day. Shadowserver is tracking Read More
Tag: vulnerability
Meaningful Security Conversations with your Vendors
How does any organization have productive and meaningful security conversations? This guide offers a simple and meaningful security conversation guide. These conversations would help the organization determine the real security risk from their vendors. This is an updated version of a set of questions Operators (and vendors) can use to have these meaningful conversations. With
Security Questions to ask Vendors
What security questions are you asking your vendors? The Bloomberg article, “How Russian Hackers Stole the Nasdaq,” is a sobering insight into today’s risk. It should be a wake-up call for all organizations in all parts of the world to understand that even the best security teams are facing an overwhelming threat. The focused expertise used by Read More
Huawei’s Customers Share Accountability
Vendors have a responsibility to deliver products to the best of their “security” capacity. At the same time the vendor’s customer have a responsibility to push for security accountability. Huawei’s Customers share accountability for the lack of security capabilities and capacity. Huawei responds to the DEFCON presentation …. “We are aware of the media reports Read More
Huawei Vulnerabilities – the Real Risk & what you should do now
The Facts: Two researchers from Recurity Labs – Felix Lindner (also known as “FX”) and Gregor Kopf – presented a talk at DEFCON titled: Hacking [Redacted] Routers. (see https://www.defcon.org/html/defcon-20/dc-20-speakers.html#FX). Their work examined the Huawei AR18 and AR28 routers. Exploitable vulnerabilities were discovered. Questions to the quality of the code were raised. A general concern in Read More