October 2024

Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast

Oct 6, 2024

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The preview versions of this release have been in the news due to many innovations and one controversial feature. Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability … More → The post Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast appeared first on Help Net Security.
http://news.poseidon-us.com/TF2lPl

OSC launches $1 billion loan program to strengthen industrial base

Oct 4, 2024

The direct loans, ranging from $10 million to $150 million, will support the development of facilities producing technologies across 31 technology areas. The post OSC launches $1 billion loan program to strengthen industrial base first appeared on Federal News Network.
http://news.poseidon-us.com/TF0rZf

Federal retirement backlog no longer top challenge for OPM, but IG says customer service issues remain

Oct 4, 2024

While there have been some improvements, OPM continues to face the challenge of addressing customer service satisfaction in federal Retirement Services. The post Federal retirement backlog no longer top challenge for OPM, but IG says customer service issues remain first appeared on Federal News Network.
http://news.poseidon-us.com/TF0q3T

100+ domains seized to stymie Russian Star Blizzard hackers

Oct 4, 2024

Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor. “Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks, and non-governmental organizations (NGOs) core to ensuring democracy can thrive – by deploying spear-phishing campaigns to exfiltrate sensitive information and interfere in their activities,” Steven Masada, Assistant General Counsel at Microsoft’s Digital Crimes Unit, explained. … More → The post 100+ domains seized to stymie Russian Star Blizzard hackers appeared first on Help Net Security.
http://news.poseidon-us.com/TDzwDw

New infosec products of the week: October 4, 2024

Oct 4, 2024

Here’s a look at the most interesting products from the past week, featuring releases from Balbix, Halcyon, Metomic, Red Sift, SAFE Security, Veeam Software, and Legit Security. SAFE X equips CISOs with integrated data from all their existing cybersecurity products SAFE X delivers CISOs real-time business impact insights into their cybersecurity posture, enabling better decision-making and risk prioritization. Powered by AI, it delivers instant answers on an organization’s cyber risk posture and offers personalized risk … More → The post New infosec products of the week: October 4, 2024 appeared first on Help Net Security.
http://news.poseidon-us.com/TDzCyT

ISC Stormcast For Friday, October 4th, 2024 https://isc.sans.edu/podcastdetail/9166, (Fri, Oct 4th)

Oct 3, 2024

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/TDz8c9

MSPB nearing full elimination of 5-year appeals backlog

Oct 3, 2024

By the end of fiscal 2025, MSPB expects to fully eliminate the remaining federal employee appeals cases that built up during the five-year lack of quorum. The post MSPB nearing full elimination of 5-year appeals backlog first appeared on Federal News Network.
http://news.poseidon-us.com/TDyrDy

Material Takeoff (MTO) in Construction: A Quick How-to Guide

Oct 3, 2024

Whether you call it a material takeoff, quantity takeoff, construction takeoff or simply takeoff, the reference remains the same. Material takeoff is part of a detailed and effective construction cost estimate. The more accurately you can forecast your construction project… Read More The post Material Takeoff (MTO) in Construction: A Quick How-to Guide appeared first on ProjectManager.
http://news.poseidon-us.com/TDyq00

Private US companies targeted by Stonefly APT

Oct 3, 2024

Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. About Stonefly Also known as Andariel and OnyxFleet, Stonefly has been linked to the linked to the Reconnaissance General Bureau (RGB), a North Korean military intelligence agency. Assessed structure of DPRK cyber operations in 2024 (Source: Mandiant) “APT45 relies on a mix of publicly available tools … More → The post Private US companies targeted by Stonefly APT appeared first on Help Net Security.
http://news.poseidon-us.com/TDxwVS

ISC Stormcast For Thursday, October 3rd, 2024 https://isc.sans.edu/podcastdetail/9164, (Thu, Oct 3rd)

Oct 2, 2024

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/TDxBqP