Hacking burnout: Addressing stress among security professionals
All too often, people feel they need to push their personal limits at work, at the expense of their mental, physical and emotional health. How can leadership combat burnout across security teams by prioritizing an employee’s well-being?
ISC StormCast for Friday, September 24th, 2021
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
https://isc.sans.edu/forums/diary/Excel+Recipe+Some+VBA+Code+with+a+Touch+of+Excel4+Macro/27864/
Windows Platform Binary Table Weakness
https://eclypsium.com/2021/09/20/everyone-gets-a-rootkit/
Apple Patches Older iOS/MacOS Versions
https://support.apple.com/en-us/HT201222
Broken Digital Signatures Used to Foil Malware Detection
https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/
ISC StormCast for Thursday, September 23rd, 2021
An XML-Obfustcated Office Document (CVE-2021-40444)
https://isc.sans.edu/forums/diary/An+XMLObfuscated+Office+Document+CVE202140444/27860/
Exchange Autodiscovering Leaks Credentials
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
Nagios Vulnerabilities
https://claroty.com/2021/09/21/blog-research-securing-network-management-systems-nagios-xi/
Apple Deprecating TLS 1.0/1.1
https://developer.apple.com/news/?id=bv8ur34d
5 cybersecurity threats for businesses in 2021—and 3 tips to combat them
Whether you build up in-house expertise or find a trusted outside partner, cybersecurity can no longer be a project set on the back burner. Let’s walk through five prevalent cybersecurity threats for businesses, along with three helpful tips to combat them.
ISC StormCast for Wednesday, September 22nd, 2021
A First Look at Apple’s iOS 15 “Private Relay” feature
https://isc.sans.edu/forums/diary/A+First+Look+at+Apples+iOS+15+Private+Relay+feature/27858/
macOS Finder Security Feature Bypass Leads to Possible RCE
https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/
VMWare vCenter Advisory
https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html
NetGear Circle Parental Control Vulnerablity
https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
University of Wisconsin adds cybersecurity degree
The Wisconsin university’s Whitewater campus hosts the Cybersecurity Center for Business which provides training programs for organizations in the area, offers an online M.S. in cybersecurity, and has just launched a B.S. in the field.
5 minutes with Kat Kemper – Using security technology within healthcare to minimize risk, increase efficiency and reduce costs
At HCA Healthcare, Kat Kemper, Director of Physical Security, has built the enterprise security program from the ground up, developing and implementing physical security measures to support patient care, privacy and overall security goals.
ISC StormCast for Tuesday, September 21st, 2021
OMIGOD Exploits Captured in the Wild.
https://isc.sans.edu/forums/diary/OMIGOD+Exploits+Captured+in+the+Wild+Researchers+responsible+for+half+of+scans+for+related+ports/27852/
Apple iOS/iPadOS/tvOS 15 Updates (and WatchOS, Xcode, Safari)
https://support.apple.com/en-us/HT201222
ManageEngine ADSelfService Plus Exploited
https://us-cert.cisa.gov/ncas/alerts/aa21-259a
Embrace a holistic approach to vulnerability management
Identifying and scanning is an important aspect of vulnerability management, but it’s just one piece of the puzzle. Organizations failing to see the full vulnerability picture need to embrace a holistic approach with their vulnerability management program.
