guidance Archives - Cyber Security Minute

Microsoft Shares New Guidance in Wake of ‘Midnight Blizzard’ Cyberattack

Issued by: Dark Reading

Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A key focus of the guidance is on what organizations can do to protect against threat actors using malicious OAuth apps to hide their activity…

Malware & Threats

China theft of US agriculture sector trade secrets prompts government guidance

Issued by: CSO

If you didn’t think the agriculture and food sector is of national security significance, then the issuance of the Insider Risk Mitigation Guide by the National Counterintelligence and Security Center (NCSC) in conjunction with the Department of Defense’s Center for Development of Security Excellence (CDSE) should be the equivalent of the bat-signal shining over Gotham….

Software Security

Microsoft Publishes Guide to Securing Systems Vulnerable to Zerologon Attacks

Issued by: Security Week

Addressed on August 2020 Patch Tuesday, the flaw was identified in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) and can be abused by remote attackers to compromise Active Directory domain controllers and gain administrator access. To exploit the flaw, which is tracked as CVE-2020-1472, an unauthenticated attacker would need to run a specially crafted application…

Vulnerabilities

US transport agency guidance on vehicle cybersecurity irks lawmakers

Issued by: CIO Security

Guidance from the National Highway Traffic Safety Administration for improving motor vehicle cybersecurity has attracted criticism from lawmakers who said that mandatory security standards were required. “This new cybersecurity guidance from the Department of Transportation is like giving a take-home exam on the honor code to failing students,” said Senators Edward J. Markey, a Democrat…