在本期防御性安全播客中,我们讨论了云凭证窃取、SharePoint漏洞利用、不断演变的恶意软件技术,以及供应商网络尽职调查的重要性。他们反思了管理密钥的挑战、自动更新的影响,以及在日益增长的网络威胁面前需要强大的风险管理实践。
链接:
- https://www.bleepingcomputer.com/news/security/hackers-steal-15-000-cloud-credentials-from-exposed-git-config-files/
- https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-rce-bug-exploited-to-breach-corporate-network/
- https://thehackernews.com/2024/11/5-most-common-malware-techniques-in-2024.html
- https://www.theregister.com/2024/11/06/windows_server_2025_surprise/
- https://databreaches.net/2024/11/08/nist-publishes-guide-on-due-diligence-for-cyber-supply-chain-risk-management/