『Daily DefSec Brief』のカバーアート

Daily DefSec Brief

Daily DefSec Brief

著者: Jerry Bell
無料で聴く

A daily podcast covering the important cyber security news that IT and security teams need to know.

2026 Jerry Bell
政治・政府
エピソード
  • Daily DefSec Brief - Cyber Security News for July 16 2026
    2026/07/16
    1. CISA adds actively exploited Oracle E-Business Suite flaw to KEV, feds have until Saturday — CVE-2026-46817 — CISA KEV https://www.cisa.gov/known-exploited-vulnerabilities-catalog · BleepingComputer https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-oracle-flaw-by-saturday/ 2. Zoom patches critical Windows account-takeover flaw — CVE-2026-53412, CVE-2026-53409, CVE-2026-53410, CVE-2026-53411 — BleepingComputer https://www.bleepingcomputer.com/news/security/zoom-warns-of-critical-account-takeover-vulnerability/ · The Hacker News https://thehackernews.com/2026/07/zoom-patches-critical-windows-flaw-that.html 3. F5 ships out-of-band patch for critical NGINX flaw — CVE-2026-42533 — SecurityWeek https://www.securityweek.com/f5-patches-multiple-nginx-big-ip-vulnerabilities/ 4. Russian-speaking group trojanizes WebEx, Zoom, MobaXterm installers to push Starland RAT — UAT-11795 — Cisco Talos https://blog.talosintelligence.com/uat-11795-deploys-novel-starland-rat-and-bespoke-wldr-c2-implant-in-financially-motivated-campaign/ · BleepingComputer https://www.bleepingcomputer.com/news/security/russian-hackers-trojanize-webex-zoom-apps-to-push-starland-malware/ Also mentioned: - New Spirals ransomware encrypts victim network in under 24 hours — BleepingComputer https://www.bleepingcomputer.com/news/security/new-spirals-ransomware-encrypts-victim-network-in-under-24-hours/ - JetBrains patches six vulnerabilities across TeamCity, YouTrack, and IntelliJ IDEA — Cyber Security News https://cybersecuritynews.com/jetbrains-patched-vulnerabilities/ - Cisco patches authenticated privilege-escalation chain in Catalyst SD-WAN — Cisco PSIRT https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx - Firefox and Chrome ship critical patches, two Firefox bugs with public exploit code — The Hacker News https://thehackernews.com/2026/07/firefox-chrome-adobe-and-vmware-updates.html
    続きを読む 一部表示
    4 分
  • Daily DefSec Brief - Cyber Security News for July 15 2026
    2026/07/15
    1. CISA adds SharePoint and AD FS zero-days to KEV, deadline Friday — CVE-2026-56164, CVE-2026-56155 (also CVE-2026-32201, CVE-2026-45659, CVE-2026-58644, CVE-2026-55040) — CISA KEV https://www.cisa.gov/known-exploited-vulnerabilities-catalog · CISA advisory https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-urges-sharepoint-hardening-after-new-exploitations · Rapid7 https://www.rapid7.com/blog/post/ve-cve-2026-55040-microsoft-sharepoint-jwt-token-authentication-bypass-fixed 2. SonicWall SMA1000 flaws added to KEV, same Friday deadline — CVE-2026-15409, CVE-2026-15410 — CISA KEV https://www.cisa.gov/known-exploited-vulnerabilities-catalog 3. Progress confirms ShareFile zero-day, patches out, service restored — CVE TBD (see Progress advisory) — BleepingComputer https://www.bleepingcomputer.com/news/security/progress-confirms-sharefile-zero-day-flaw-behind-storage-zone-shutdown/ · SecurityWeek https://www.securityweek.com/progress-confirms-zero-day-vulnerability-behind-sharefile-disruption/ 4. Cursor IDE auto-runs a malicious git.exe on opening a repo — no CVE assigned — The Hacker News https://thehackernews.com/2026/07/cursor-flaw-lets-malicious-cloned.html · Dark Reading https://www.darkreading.com/application-security/cursor-ide-malicious-code-poisoned-repos Also mentioned: - RabbitMQ patches OAuth-secret and cross-tenant queue flaws — The Hacker News https://thehackernews.com/2026/07/rabbitmq-flaws-could-leak-oauth-secrets.html - ESET finds 11 Microsoft-signed Linux UEFI shims bypassing Secure Boot — The Hacker News https://thehackernews.com/2026/07/11-old-microsoft-signed-linux-uefi.html - Compromised @asyncapi npm packages shipping a botnet loader — The Hacker News https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html - Adobe patches eight critical ColdFusion vulnerabilities — SecurityWeek https://www.securityweek.com/adobe-patches-critical-coldfusion-vulnerabilities/
    続きを読む 一部表示
    4 分
  • Daily DefSec Brief - Cyber Security News for July 14 2026
    2026/07/14
    1. CISA adds 18-year-old Cisco IOS flaw to KEV catalog — CVE-2008-4128 — CISA KEV — https://www.cisa.gov/known-exploited-vulnerabilities-catalog 2. Microsoft maps a year of ShinyHunters-style OAuth abuse against Salesforce and SaaS apps — no CVE — Microsoft Security — https://www.microsoft.com/en-us/security/blog/2026/07/13/defending-saas-based-applications-against-shinyhunters-oauth-abuse/ 3. SAP patches critical NetWeaver memory corruption flaw — CVE-2026-44747 (CVSS 9.9) — Cyber Security News — https://cybersecuritynews.com/sap-security-update-july-2026/ 4. ServiceNow fixes unauthenticated sandbox-escape RCE in AI Platform — CVE-2026-6875 — Cyber Security News — https://cybersecuritynews.com/servicenow-remote-malicious-code/ Also mentioned: - Google and Microsoft pull ModHeader extension over hidden history collector — The Hacker News — https://thehackernews.com/2026/07/google-and-microsoft-pull-modheader.html - CISA GitHub leak: admin keys and credentials exposed for six months — Krebs on Security — https://krebsonsecurity.com/2026/07/lessons-learned-from-cisas-recent-github-leak/ - 148 npm packages disguised as school Wi-Fi tools built a browser DDoS botnet — The Hacker News — https://thehackernews.com/2026/07/148-npm-packages-disguised-as-student.html - Forg365 phishing-as-a-service targets Microsoft 365 — The Hacker News — https://thehackernews.com/2026/07/forg365-phaas-targets-microsoft-365.html
    続きを読む 一部表示
    5 分
adbl_web_anon_alc_button_suppression_t1
まだレビューはありません