@HowardITWC profile picture
Howard Solomon @HowardITWC

I'm a Toronto-based freelance IT writer and podcaster specializing in cybersecurity.

Joined January 2009
  • Tweets 4,163
  • Following 306
  • Followers 2,338
2 Photos and videos
Canada's privacy commissioner finds X launched image generation tool without safeguards against non-consensual sexual deepfake images solomonh.substack.com/p/cana… #cybersecurity
1
35
From me: Does Canada's new AI strategy get a yawn or thumbs up from CSOs? solomonh.substack.com/p/cana… #cybersecurity #artificialintelligence
1
21
From me: Hole in GitHub's browser-based VSCode editor could lead to stolen token csoonline.com/article/418099… #cybersecurity

Hole in GitHub’s browser-based VSCode editor could lead to stolen token

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its publication they should notify vendors about a bug.

csoonline.com
1
32
From me: Employees are unknowingly inviting tech support impersonators into firms: FBI csoonline.com/article/417786… #cybersecurity

Employees are unknowingly inviting tech support impersonators into firms, says FBI

The warning is a sign to CSOs that training on physical as well IT security awareness is vital to protect enterprises from data theft.

csoonline.com
23
From me: Why Cisco admins need to fix critical hole in Secure Workload now csoonline.com/article/417591… #cybersecurity

Critical vulnerability in Cisco Secure Workload rated at maximum severity

The easily exploited hole could give an unauthenticated threat actor site admin privileges, even across tenant boundaries.

csoonline.com
45
From me: Details of the Drupal update admins are rushing to install csoonline.com/article/417532… #cybersecurity

Drupal admins rushing to patch maximum severity SQL injection vulnerability

IT environments using Symfony and Twig also need to update.

csoonline.com
71
From me: Contractor's public GitHub account exposed US gov't and CISA credentials csoonline.com/article/417330… #cybersecurity

Contractor’s public GitHub account exposed GovCloud and CISA credentials

‘This kind of exposure happens with alarming frequency,’ said an expert; here’s what CSOs and CIOs should do to protect employees’ and contractors’ GitHub repositories.

csoonline.com
50
From me: What's really behind data breaches? Read the the latest Verizon Data Breach Investigations Report solomonh.substack.com/p/the-… #cybersecurity
20
New from me: Address the Exchange Server vulnerability now csoonline.com/article/417190… #cybersecurity

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

Already being exploited, this is a ‘mitigate right now’ emergency, says one expert.

csoonline.com
46
From me: Meet Fragnesia, the third Linux kernel vulnerability in a month csoonline.com/article/417140… #cybersecurity

Meet Fragnesia, the third Linux kernel vulnerability in a month

Called a ‘significant vulnerability,’ it’s similar to Dirty Frag; vendors are scrambling to release patches.

csoonline.com
1
27
From me: Lessons learned about poor off-boarding of employees: An insider attack csoonline.com/article/417098… #cybersecurity

Fired employee sought AI help to hide deletion of hosting firm’s customer data

Lessons learned the hard way: Criminal cases reveal holes in one company’s off-boarding processes, which allowed one person to retain access to the firm’s IT systems.

csoonline.com
28
From me: What CSOs need to know about May Patch Tuesday csoonline.com/article/417034… #cybersecurity

May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA

Admins with Dynamics 365 on-prem should also take note of a “severe” vulnerability that allows remote code execution.

csoonline.com
1
29
From me: 13 critical holes in vm2 JavaScript sandbox csoonline.com/article/416856… #cybersecurity

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Developers are urged to upgrade to latest version of the vm2 library to plug all vulnerabilities.

csoonline.com
26
New from me: 5 years after the Ransomware Task Force report, experts say progress is slowing solomonh.substack.com/p/the-… #cybersecurity
1
1
142
From me: Malicious pgserve, automagik developer tools found in npm registry csoonline.com/article/416225… #cybersecurity

Malicious pgserve, automagik developer tools found in npm registry

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ‘a complete organizational takeover’.

csoonline.com
1
32
From me: Have you patched Apache ActiveMQ? csoonline.com/article/416153… #cybersecurity

Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole...

Now that an attacker can use an LLM to weaponize a bug the minute it's found, taking 12 days to patch ‘is essentially a suicide note for your network,’ says an expert.

csoonline.com
1
43
From me: Flawed Cisco update threatens to stop APs from getting further patches csoonline.com/article/416050… #cybersecurity

Flawed Cisco update threatens to stop APs from getting further patches

Logs in wireless access point flash memory grow by 5MB a day in certain IOS XE devices until space runs out.

csoonline.com
2
52
From me: Cisco issues 3 advisories for critical vulnerabilities csoonline.com/article/415982… #cybersecurity

Cisco Webex SSO flaw needs manual certificate update to fix

The cloud-based Webex service has already been patched, but admins must replace an identity provider certificate in Webex Control Hub to complete the fix.

csoonline.com
1
38
From me: April Patch Tuesday roundup csoonline.com/article/415870…

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

This month’s threat landscape is ‘defined by immediate, real-world exploitation rather than just theoretical vulnerabilities,’ says an incident response manager.

csoonline.com
1
22
From me: Hackers exploit unpatched Adobe Reader hole for months csoonline.com/article/415685… #cybersecurity

Hackers have been exploiting an unpatched Adobe Reader vulnerability for months

The exploit has been fingerprinting compromised computers to enable possible future attacks.

csoonline.com
1
39
Load more