FISA

 Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day. CVE-2023-28252 | Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2023-28252 is an EoP vulnerability in the Windows Common Log File System (CLFS) Driver, a logging service used by kernel-mode and user-mode applications.  It was assigned a CVSSv3 score of 7.8. This vulnerability is a post-compromise flaw, meaning an attacker could exploit it after gaining access to a vulnerable target.  Successful exploitation would elevate an attacker’s privileges SYSTEM. According to Microsoft, it was exploited in the wild as a zero day.  Its discovery is attributed to Genwei Jiang of Mandiant and Quan Jin with DBAPPSecurity WeBin Lab. CVE-2023-28252 is the second CLFS Driver EoP vulnerability to be exploited in the wild in 2023, as CVE-2023-23376 was disclosed in the February 2023 Patch Tuesday.  It is the fourth known CLFS EoP vulnerability to be exploited...

Trellix leverages AWS for Extended Detection and Response (XDR) Zero trust (ZT) is a concept adopted by many organizations built on the principle of "never  trust, always verify." No implicit trust is granted to assets or user accounts based solely on their network location or asset ownership. But how can SOC teams know what the user is accessing is within policy, and how can they verify this when managing access to multiple security systems? SOC teams are dealing with the unexpected and increased security risks. SOC teams are fighting to protect their organizations on any given day, even more so as users are accessing corporate applications from home, the office, and while traveling. With the increased attack surface, the bad guys can sneak into the corporate network more easily. How can we make things easier for security professionals? This is where AWS and Trellix make it easier for you to see and respond to risks across your organization. As customers try to keep pace w...

Zero Trust You’ve heard about it. A lot. But there are quite a few nuances when it comes to how Zero Trust security is defined and discussed. Is it a platform or a principle? It’s one of those terms that’s so widely cited that it has the tendency these days to elicit eye rolls within the cybersecurity industry and to be referred to as a buzzword by those sitting at the cool kids’ lunch table. At its core, though,  Zero Trust  is a strategic cybersecurity model enabled to protect modern digital business environments, which increasingly include public and private clouds, SaaS applications, DevOps and robotic process automation (RPA). It’s a critical framework, and every organization should adopt it and understand the fundamentals of how it works. Identity-based Zero Trust solutions like  single sign-on  (SSO) and  multi-factor authentication  (MFA) are designed to ensure that only authorized individuals, devices and applications can access an organization's s...