YABH in the weekly cyber

Yet Another Big Hack in the weekly cyber with some tools and stuffs.

1 - Straight to the point : CVE-2023-34362 – Critical Zero-Day Vulnerability Found in Popular MOVEIt Transfer Software

2 - Developer ? Devops ? Devsecops ? Cloud people ? Clowd people ?

Building resilient and secure systems - Lessons from Devoxx Poland

Devoxx Poland is a developer first conference that invites software innovators from around the world present latest trends in the industry.

I'm a supporter of security and privacy by default and by design, this is very aligned with this !

3 - Americans should prepare for cyber sabotage from Chinese hackers, US official warns

Every organization plays a role in the security of the nation. Protecting your organization is also protecting the economy and the country.

A post by Orenda Security , and this mostly apply to Canada too obviously !

4 - How could the cloud secure physical infrastructure ! LOL

New OT Research Report: Need for Secure Remote Access is High, But Confidence in Existing Solutions is Low

5 - Also a good reminder ! Have you updated your CPE credits lately ? CPE stands for "Continuing Professional Education"

A Comprehensive Guide to Getting and Calculating Cybersecurity CPE Credits

These are usually needed to maintain your certifications, on my end, a good reminder to check my CPEs for both my ISO27001 and ISO27701 certs !

6 - Firmware vulnerabilities you don’t want in your product

After all, not to lead to such issue also means proper development and maintenance of the firmware.

If you are working on such (usually embedded systems), do you have proper controls in place ?

7 - As SAAS adoption grows, the security is getting worse, the risk rise, and the control is lost

Why High-Tech and Telecom Companies Struggle with SaaS Security

When switching to SAAS, aside of moving to a single point of failure without any recovery plan due to customer lock in, you'll have also tons of other challenges.

You'll need highly skilled dedicated teams, and you'll need tons of additional tools to keep up with the nightmare of the constantly evolving SAAS which jeopardize your risk posture every single day.

Thanks all for passing by, that's it for today. As usual, you hopefully patched all your products, and planned on resilience, as last week, as usual, tons of products got critical patches and exploits (barracuda, fortinet, the cloud and all)

Patch, reduce your attack surface, remove anything unused (on your infra, on your mobile, shrink your digital footprint).