Sans news bites for January 17, 2023

Sans News bites has quite a bit of info that might be of interest to the general public.

They’ve got an article or two about the Norton Life Lock breach Kim sent yesterday, info on why flights were delayed for several hours which was similar to the Colonial Pipeline ordeal, and of course other odds and ends that might be of interest to you.

Top of the news

• • Hackers Compromised CircleCI Engineer’s Laptop to Gain Elevated Privileges
• • Patch Zoho ManageEngine RCE Vulnerability
• • Norton LifeLock Password Manager Accounts Were Compromised

CircleCI was straight forward. Commentary throughout this newsletter gives them credit for their up front reporting on this issue. If you can’t be up front with your customers, then why bother?

This is what I had done during the Christmas break between a blog post and mentioning it in a podcast. They call it transparency in this field, and more companies need to be aware of it.

As for the Norton Life Lock ordeal, they remind us in this newsletter about the Lastpass breach, another company in which I don’t remember along with this.

No matter what manager, make sure you’re as secure as you can. I have since changed my password manager’s iterations from 5,000 to a million at least, the recommendation mentioned by Security Now’s Steve Gibson.

The rest of the news

• Hack the Pentagon 3.0
• Why a NOTAM Outage Grounds Flights
• Hackers are Exploiting an Old Intel Driver Flaw
• CISA Publishes a Dozen ICS Advisories
• ShipManager Suffers Ransomware Attack
• HHS’s HC3 Brief on Royal and Black Cat Ransomware

To view the newsletter, use this link to view the January 17, 2023 Sans News Bites Newsletter and let us know what interested you!

Thanks so much for reading, participating and learning with us.