Intellian has signed a new contract worth 71.1 billion won (approx. $61 million) with satellite operator SES, to build antennas for the O3b mPOWER medium Earth orbit (MEO) satellite network, to be located 8000 km above the Earth’s equator.

The deal covers antennas for both terrestrial and marine use in various sizes.

SES plans to introduce the O3b mPOWER service in the first half of next year, launching additional satellites to supplement its existing O3b service.

The new satellite network is expected to provide communication services between 50Mbps and 20Gbps using the Ka-band frequency, through a total of 20 medium-orbit communication satellites located 8000km above the Earth’s equator.

SOURCE READ THE FULL ARTICLE

Intellian to build SES MEO antennas in $61m deal

actively exploited in the wild.

Apache Software Foundation has released HTTP Web Server 2.4.51 to address an actively exploited path traversal vulnerability (CVE-2021-41773) that was only partially addressed with a previous release.

An attacker can trigger the flaw to map URLs to files outside the expected document root.

“A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root.” reads the advisory. “If files outside of the document root are not protected by “require all denied” these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts.”

The vulnerability affects only version 2.4.49, earlier versions are not impacted. A few days ago, Apache released Apache HTTP 2.4.50 to address the CVE-2021-41773

Immediately after the release of the Apache HTTP 2.4.50 experts disclosed that the exploitation of the flaw could lead to remote code execution when the mod_cgi module was loaded and the default “Require all denied” option was missing.

According to an updated advisory, Apache released version 2.4.51 to definitively fix the vulnerability. This new path traversal flaws is tracked as CVE-2021-42013.

“It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives,” announced Apache in an updated advisory. “If files outside of these directories are not protected by the usual default configuration “require all denied”, these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.”

The vulnerability was reported by Juan Escobar from Dreamlab Technologies, Fernando Muñoz from NULL Life CTF Team, and Shungo Kumasaka.

The United States Computer Emergency Readiness Team (US-CERT) warns of ongoing active scanning of Apache HTTP Server CVE-2021-41773 and CVE-2021-42013 that could lead to imminent exploitation, for this reason, the US-CERT urges organizations to immediately patch their installs.

SOURCE READ THE FULL ARTICLE

Apache rolled out a new update in a few days to fix incomplete patch for an actively exploited flaw

The Dutch government announced that it will not tolerate cyberattacks that pose a risk to its national security and will employ intelligence or military services to counter them.

Cyberespionage and sabotage attacks, and also ransomware attacks against critical infrastructure and government offices will trigger the response of the Dutch authorities, explained Ben Knapen, Dutch Minister of Foreign Affairs.

The Dutch Minister added that the response to severe cyber attacks could be escalated, an attack against a critical response will require the rapid reply of the cyber defense, a response that disregards diplomatic relations between the countries involved.

Knapen highlighted the difficulty of attributing a ransomware operation to a specific threat actor, it explained that it is very complex to demonstrate that a non-state actor carries out the operation on the explicit instruction of or under the control of a state. As a result, the legal attribution of an act of a non-state actor to a state is usually not easy.

“For several years, the threat of ransomware attacks has been increasing around the world. A broad explanation of this threat is included in the Cyber Security Assessment Netherlands (CSBN) 2021, which was shared with the Chamber in June by the Minister of Justice and Security. One of the conclusions of CSAN 2021 is that cybercrime can affect national security if an attack causes massive damage, for example by disrupting vital processes. In a number of cases, cybercriminals enjoy the protection of the state from which they operate or there is cooperation.” Knapen wrote in a letter to the Dutch Parliament. “Due care principle In situations where attribution appears not to be possible in a legal sense, it may be desirable to look into a possible violation of the due care principle in the context of state liability law. The principle of due care means that states are expected to take into account the rights of other states when exercising their sovereignty. States have a duty to act when they have knowledge of the use of their territory in a way that harms the rights of a third state. Failure to comply with this obligation is a violation of an international law obligation.”

SOURCE READ THE FULL ARTICLE

https://securityaffairs.co/wordpress/123113/security/the-netherlands-war-ransomware-operations.html?utm_source=rss&utm_medium=rss&utm_campaign=the-netherlands-war-ransomware-operations

There has never been a more important time to listen. “Seek first to understand,” is a lesson I picked up early in my career that has generally proved effective in many situations as a leader, colleague and employee. (Not to mention at home as a partner, father, and friend; it’s a versatile maxim.) Eighteen months into this pandemic, given that the experience and effects of COVID-19 are simultaneously something that is universally shared and individually experienced, it’s more useful than ever to listen before you leap.

I have found the most rewarding moments are when you listen not just as a leader but also as a learner. With so many sources of education available, it’s tempting to gloss over the one right in front of you: your team.

Here are four examples where I recently learned from the people I lead. And remember, it doesn’t have to be a new piece of information to count as learning; the point is to be ready to adapt to something new.

1. Create a safe space

Demonstrate that you can hold a safe space for any kind of conversation. Be emotionally, mentally, and physically present (if you’re on video) to focus on the person in front of you, and what they want to talk about. Someone recently thanked me for creating a safe space after a conversation about a path to promotion, and while my initial response was to reply, “It’s a pleasure and it’s my job,” it made me think that if such a seemingly standard discussion requires a safe space, what about all the conversations currently not being had about more potentially sensitive topics?

It made me think about additional conversations we should be having about mental health, grief, anxiety, uncertainty, being overwhelmed, handling the return to work, among many others. As leaders, we must find ways to build trust and provide opportunities for our teams and colleagues to thrive.

2. Encourage open conversations

One of the ways to encourage more open conversation is to lean in. A usual weekly one-on-one coaching meeting recently opened with “How are you doing?” When I answered “Good!” the question came back, “How are you really doing?” I must have looked tired, maybe it was a Monday, either way it was an excellent question. It caught me off guard, as I was not really “Good,” rather more “Meh,” and we proceeded to have a really honest, open, authentic conversation both about some minor irritants I had experienced that day, and the importance of talking about such things together.

We are undergoing a seismic shift in our professional, social, and family lives. It’s one thing to say that “It’s OK to not be OK.” It’s quite another to model how this should work in practice. It’s OK to say you are not OK. Gently pressing on a topic in a non-confrontational way, perhaps with a time-bound get-out clause, can really open up a valuable discussion. The simple, but powerful, question: “How are you really doing, today?” Might help someone let off a little steam about current events and avert an explosion caused by bigger issues.

3. Get to know your team all over again

It can be hard to calibrate how much social interaction to try and foster as a distributed team all stuck WFH; weekly happy hours in crazy hats seems too much, never seems too distant. It’s impossible to get right, and it’s vital to try.

During a recent team discussion, someone randomly asked a teammate, a former Wall Street trader, about his opinion of our quarterly earnings call. The person asking the question did not know about his finance background, despite having been colleagues for almost two years. Once all the jokes had died down and we had agreed to stage a version of Mad Money on a subsequent team call, it made me think about all the connections that could break unless we protect them, such as small pieces of personal information that would get shared in an office or at a dinner, that help build familiarity (and inform team jokes and rituals).

Leaders need to find time for these group interactions and for one-on-one meetings that are more than just status updates. Another colleague advocates setting up quick introductory Webex meetings with people she meets in peripheral situations through the course of work to get to know them better, with no agenda except networking. Two years ago, I might have dismissed this as a distraction; now I think it’s vital and I do the same.

4. Listen to the most important member of the team: you

Whether you’re the leader, or the loudest person, or the longest-serving team member who everyone goes to for advice; whoever you are, check in with yourself. Make like a parent on a plane who is told to put their own oxygen mask on before attending to their family in case of emergency.

Self-care takes many forms and it’s worth remembering it can be as simple as taking one big meaningful breath. It could be the first breath of the morning, or between meetings to help context shift, or in the middle of a frustrating moment to help avoid being overwhelmed or when you walk out of your door for exercise. Whatever it is, whenever during the day it is, focus on your breath, fill your lungs to bursting, be in the moment, realize that there is always something to be grateful for (even if the only thing you can think of is the breath you are currently experiencing) and shut out the noise. Hold that breath for a moment, then a moment longer and then, as you exhale, let something go. Say goodbye to a worry or a negative thought and turn your mind toward things you’re grateful for.

I am grateful for the team I get to work with every day, and I love learning from them about how we can focus on the present, reflect on our past, and plan for our future.

At Cisco, we are leading a more inclusive future for all. To learn more about our open positions around the world, click here.

SOURCE READ THE FULL ARTICLE

https://blogs.cisco.com/security/4-keys-to-create-a-thriving-cybersecurity-team-for-long-term-success