Threat Level as of JANUARY 2021

MS ISAC Last Mnt Alert Level May 2019

For JANUARY 2021, the Cyber Threat Alert Level has has been evaluated and because of COVID-19 Pandemic, has remained in the "GUARDED" security levels.

Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.

MS ISAC Last Mnt Hot Topics MAR2020 2
MS ISAC Last Mnt Hot Topics MAR2020 3
MS ISAC Last Mnt Hot Topics MAR2020
MS ISAC Last Mnt Alert Map May 2019

"Knowledge about your enemies will help you win. Thus, treat threat intelligence with the respect it deserves and use it to protect your organization from all the relevant adversaries."

- How to Collect, Refine, Utilize and Create Threat Intelligence, October 2016, Gartner

Are you living in a SMART HOME?

SMART HOMES based on the IoT (Internet of Things - Amazon Alexa, Google Siri, Ring Doorbell etc) provide comfort & convenient management of our complicated life, however, SMART HOMES are also the largest threat to our privacy and risk of identity theft --

RSS Threats with IoTs

RSS IoT For All

  • How IoT Data Powers Maintenance Management Functions January 26, 2021
    The post How IoT Data Powers Maintenance Management Functions appeared first on IoT For All As sensor and network technologies advance, IoT data can help asset-intensive industries optimize their maintenance management functions. The post How IoT Data Powers Maintenance Management Functions appeared first on IoT For All.
  • How to Create a Bulletproof IoT Network to Shield Your Connected Devices January 25, 2021
    The post How to Create a Bulletproof IoT Network to Shield Your Connected Devices appeared first on IoT For All There's no magic bullet to secure IoT devices, but it's possible to create a network that protects connected devices from cybersecurity attacks. The post How to Create a Bulletproof IoT Network to Shield Your Connected […]
  • Implementing Automation Technologies in 2021 January 25, 2021
    The post Implementing Automation Technologies in 2021 appeared first on IoT For All Manufacturers are experiencing the merging of digital and physical worlds––a new wave of technology innovation that will fundamentally alter the way they operate. The post Implementing Automation Technologies in 2021 appeared first on IoT For All.
  • Crop Health Management with IoT-Enabled Precision Agriculture January 22, 2021
    The post Crop Health Management with IoT-Enabled Precision Agriculture appeared first on IoT For All IoT-enabled crop health management is a game-changer to alleviate the pain points of traditional agriculture.‍ The post Crop Health Management with IoT-Enabled Precision Agriculture appeared first on IoT For All.
  • WiFi 6: Is it the End-All Be-All of Connectivity? January 22, 2021
    The post WiFi 6: Is it the End-All Be-All of Connectivity? appeared first on IoT For All With current network policies already struggling to keep up with connectivity demands, WiFi 6 is likely to be the answer to consumer IoT device problems. The post WiFi 6: Is it the End-All Be-All of Connectivity? appeared first […]

NIST National Vulnerabilty Database

Search the NIST database for a known vulnerability now ---

RSS National Vulnerability Database

  • CVE-2021-2122 (mysql) January 20, 2021
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable […]
  • CVE-2021-2101 (one-to-one_fulfillment) January 20, 2021
    Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical […]
  • CVE-2021-2100 (one-to-one_fulfillment) January 20, 2021
    Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical […]
  • CVE-2021-2096 (istore) January 20, 2021
    Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in […]
  • CVE-2021-2086 (vm_virtualbox) January 20, 2021
    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly […]
  • CVE-2021-2094 (one-to-one_fulfillment) January 20, 2021
    Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability […]
  • CVE-2021-2088 (mysql) January 20, 2021
    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang […]
  • CVE-2021-2084 (crm_technical_foundation) January 20, 2021
    Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the […]
  • CVE-2021-2090 (email_center) January 20, 2021
    Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability […]
  • CVE-2021-2098 (email_center) January 20, 2021
    Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability […]

RSS National Vulnerability Database

  • CVE-2021-21275 January 25, 2021
    The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.
  • CVE-2021-21272 January 25, 2021
    ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the downloaded gzipped tarballs to be automatically […]
  • CVE-2021-23901 January 25, 2021
    An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view […]
  • CVE-2020-17532 January 25, 2021
    When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
  • CVE-2020-12514 January 22, 2021
    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
  • CVE-2020-12512 January 22, 2021
    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
  • CVE-2020-12513 January 22, 2021
    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
  • CVE-2020-12525 January 22, 2021
    M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
  • CVE-2020-12511 January 22, 2021
    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
  • CVE-2021-21270 January 22, 2021
    OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.

RSS Tenable Product Security Advisories

  • [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities December 21, 2020
    Tenable.sc leverages third-party software to help provide underlying functionality. Two separate third-party components (jQuery and OpenSSL) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues. […]
  • [R1] Nessus 8.13.0 Fixes One Third-party Vulnerability December 7, 2020
    Nessus leverages third-party software to help provide underlying functionality. One of the third-party components (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled jQuery components to address the potential impact of these issues. […]
  • [R1] Nessus Network Monitor 5.12.1 Fixes One Vulnerability November 5, 2020
    A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.
  • [R1] Nessus 8.12.1 Fixes One Vulnerability October 29, 2020
    A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials […]
  • [R2] Nessus Agent 8.2.0 Fixes One Vulnerability October 29, 2020
    A vulnerability in Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.
  • [R1] Nessus 8.11.1 Fixes One Vulnerability August 20, 2020
    Nessus versions 8.11.0 and earlier were found to be maintaining sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session.
  • [R1] Nessus 8.11.0 Fixes One Vulnerability July 10, 2020
    Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue.
  • [R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerability June 2, 2020
    Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL components to address the potential impact of […]
  • [R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities April 28, 2020
    Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain a multiple vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled library to address the potential impact of […]
  • [R2] Tenable.sc 5.14.0 Fixes Multiple Vulnerabilities April 13, 2020
    Tenable.sc leverages third-party software to help provide underlying functionality. One third-party component (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues. Tenable.sc versions 5.14.0 […]

RSS The State of Security

  • A Look at the Legal Consequence of a Cyber Attack January 26, 2021
    Is your system 100% ready to face the severest cyber-attack and mitigate the risk of a possible data breach? If you are unsure about your cyber-safety structure, then it’s time to upgrade it. Otherwise, you could be at risk of lengthy legal battles that result in hefty fines. Beyond that, the cost in terms of […]
  • Tripwire Products: Quick Reference Guide January 25, 2021
    Here at The State of Security, we cover everything from breaking stories about new cyberthreats to step-by-step guides on passing your next compliance audit. But today we’d like to offer a straight-forward roundup of the Tripwire product suite. Get to know the basics of Tripwire’s core solutions for FIM, SCM, VM and more. Without further […]
  • 4 Steps for Assessing Your NERC CIP Compliance Program January 25, 2021
    The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) Standards are a cybersecurity compliance framework designed to protect utility organizations. Adhering to these guidelines is essential—falling short will leave your environment vulnerable to malicious actors and can result in some hefty fines. NERC CIP is a burdensome set of standards, so when it […]
  • NIST Cybersecurity Framework – The Key to Critical Infrastructure Cyber Resiliency January 25, 2021
    In the digital age, organizations and the missions and business processes they support rely on information technology and information systems to achieve their mission and business objectives. Not only is technology used to efficiently enable businesses to carry out operational activities, but it is also the backbone for the United States’ critical infrastructure. Although technology […]
  • Google Chrome wants to fix your unsafe passwords January 21, 2021
    Most security breaches are the result of one thing: sloppy password practices. Too many people make the mistake of choosing weak passwords, or reusing passwords that they have used elsewhere on the internet – making life too easy for malicious hackers trying to gain unauthorised access. So I was pleased to see Google announce that […]
  • Tome las riendas de su responsabilidad en un modelo de responsabilidad compartida en la nube. January 21, 2021
    “Pasa a la nube” ha sido la respuesta vez más común en los últimos años para abordar el problema de cómo manejar cantidades masivas de datos. Por un lado, es comprensible, usar infraestructura propiedad de un tercero con equipos dedicados a implementar la seguridad desde su diseño, pruebas continuas y la validación suena atractivo. Sin […]
  • Five Things Security and Development Teams Should Focus on in 2021 January 21, 2021
    As we say goodbye to 2020 and spend time reflecting on the industry changes, reassess our workflows and procedures in order to identify where 2021 will bring us, it’s a brilliant time to also address our security practices and ways we can bring improvement to those, as well. After considering the top challenges I saw […]
  • Improving Your Security Posture with the Pipeline Cybersecurity Initiative January 20, 2021
    A few years ago, I worked alongside some oil commodity traders. Environmental concerns aside, I never realized how many parts were required to get the oil out of the ground, not to mention everything else that finally resulted in the production of refined products that surround our lives. As a cybersecurity professional, I was more interested […]
  • Data Classification Is Data Storage January 20, 2021
    ‘Business’ is a verb that practically means the movement of data. If you aren’t sharing data – keeping the books, sharing ideas and stats about sales, getting the correct information regarding the customer or data to the customer – then you aren’t doing much business. But organizations need to protect their data along the way. […]
  • U.S. National Cybersecurity Plan Promises to Safeguard Maritime Sector January 19, 2021
    The U.S Government released on January 5, 2021, a cybersecurity plan to secure the nation’s maritime sector against cybersecurity threats that could endanger national security. The Maritime Cyber Environment With International Maritime Organization’s (IMO) mandate “to ensure that cyber risks are appropriately addressed in existing safety management systems” and the increasing number of cyber-attacks against maritime […]

RSS Attacks!

  • IOTW: Another Solarigate Target Identified by Microsoft January 22, 2021
    Microsoft’s investigation into Solarigate, has identified yet another victim. Mimecast is a cloud-based email management system that incorporates security, archiving, and other services into the Offic...
  • Nation State Cyber Security Behavior January 21, 2021
    An unprecedented opportunity for public and private cyber security collaboration has arrived. The opportunity for corporate cyber security executives to gain more holistic threat intelligence through...
  • IOTW: As The SolarWinds Hack Investigation Continues, New Insights Reveal A New... January 15, 2021
    The ongoing investigation into the SolarWinds cyber attack reveals a possible suspect—and it wasn’t the notorious Russian hacking group preliminary reports first assumed.
  • 2021 Threat Intelligence Top Actions January 12, 2021
    On the eve of 2021, the SolarWinds attack took place. CISO minds will be focused all year long on the fallout. But it is clear now that the human intelligence about threat intelligence from the global...
  • IOTW: Russian Hack Deeper And Wider Than First Anticipated January 8, 2021
    SolarWinds' Orion update is currently inside of thousands of public and private institutions. Some have remediated the vulnerability. But Microsoft itself has noted in a statement that their investiga...
  • IOTW: US Treasury &amp; Commerce Departments, DHS, NIH &amp; Others Significantly Expose... January 6, 2021
    Russian operatives are now equipped with the very tools that were built to keep them out. The DHS, FBI, and CISA are working together to counter the attack, which Russia denies.
  • 2020 Top Breaches: Part IV January 5, 2021
    2021 will look like 2020. Automated ransomware and Ransomware-as-a-Service attacks are picking up steam. The Life Sciences & Healthcare industry continue to be a central focus of malicious actors. Fed...
  • 2020 Top Breaches: Part III January 4, 2021
    10 Breaches: Q3, 2020 focused a light on global state adversaries attacking US government/election entities. Ransomware attacks, payments and RaaS all made news. And insider threats along with more ad...
  • 2020 Top Breaches: Part II December 23, 2020
    The pandemic has been a breeding ground for quick cyber wins around the healthcare industry, the distribution of government money and the education space due to collaboration platforms.
  • 2020 Top Breaches: Part I December 22, 2020
    If you can truly remember what life was like pre-pandemic in Q1, 2020- you're in the minority. Our lives have all changed. And the cyber security discipline is completely different. We've gone from an...

RSS Network Threats

RSS Mobile Device Threats

  • Security Standards For 5G March 24, 2020
    Gartner predicts that the 5G enterprise IoT endpoint installed base will more than triple between 2020 and 2021, from 3.5 million units in 2020 to 11.4 million units in 2021. By 2023, the enterprise 5...
  • RSAC2020: IoT Is Officially Part Of Enterprise Mobility March 6, 2020
    Risk that comes from mobile and IoT devices must be factored into the enterprise security program. Security leaders need to be looking at those risks holistically and strategically, rather than operat...
  • Email Phishing Overshadows Risk Of Mobile Malware January 2, 2020
    Like the mobile device’s counterpart, workstations and laptops, many loaded malware campaigns begin with phishing attempts. Cyber Security Hub developed a market report to explore the perceptions, cha...
  • Incident Of The Week: FaceApp Now Viral For Security Risks July 19, 2019
    FaceApp has become popular for its ability to take a photo of anyone’s face and age it, or transform its features. Developed by a Russian-based company, it has gone viral because many are questioning...
  • BYOD Rules And The Future Of Medical Data Security April 24, 2019
    Healthcare organizations have always been extremely attractive targets to cyber criminals, so the increasing use of personal or third party mobile devices highlights a need for the implementation of m...
  • Incident Of The Week: Group FaceTime Glitch Exposes Privacy Breach February 1, 2019
    According to The New York Times, on Jan. 19, a 14-year-old from Arizona discovered a glitch using FaceTime, Apple’s video chatting software — he could eavesdrop on his friend’s phone before his friend...
  • 5 Reasons To Use Biometrics To Secure Mobile Devices January 24, 2019
    It is no secret that mobile devices are under attack. From phishing scams to a host of other issues, mobile devices are increasingly seen as a vulnerability in the enterprise, and as an easy target fo...
  • 7 Mobile Security Bloggers To Follow January 15, 2019
    With new enterprise mobile device security threats and vulnerabilities being discovered on a frequent basis, it helps to read analysis from numerous industry leaders.
  • 11 Ways To Boost Your Mobile Device Security Now January 11, 2019
    Since mobile devices can represent an enormous security risk, enterprises need to be aware of every solution. Here are 11 initiatives from IQPC's Enterprise Mobility Exchange, to enhance mobile device...
  • Palo Alto Networks CSO Talks Risk Metrics, Algorithms &amp; Automation October 30, 2018
    On the May 14 episode of “Task Force 7 Radio,” host George Rettas sat down with Palo Alto Networks CSO, Rick Howard, to outline risk management, the security kill-chain and much more.

RSS Threats From Malware

RSS Threats to Data

RSS Cloud Threats

RSS Executive Decisions

  • Better Secure Access Decision Making January 26, 2021
    Gain buy-in from key stakeholders throughout the process of evolving the secure access enterprise journey. Provide insight from business leaders to solution providers throughout the sales process to e...
  • The Path To Customer Identity Access Management Maturity January 25, 2021
    Cyber security of the average global corporate enterprise has exponentially improved in recent years. In recent months unprecedented disruption and innovative threats have been unleashed. As identity...
  • 2021 Cyber Security User Awareness Top Action Items January 20, 2021
    It goes beyond user awareness. It goes beyond cyber security psychology. There are fundamental ways to embed a cyber security consciousness into the fiber of your organization. With that consciousness...
  • 2021 Top Action Items on Zero Trust January 19, 2021
    We’re now in a reality that has bad actors coming in through code updates and then moving laterally. Zero Trust began as hype (as all technology does) and evolved to the plateau of productivity in Q4...
  • The Future of Cyber Economics January 14, 2021
    "F.U.D." won't get you increased budgetNoting how budget requests not only reduce risk but enable business are key discussion points to have with the Board. Speaking in the language of the Board is of...
  • 2021 Cyber Security Automation Top Action Items January 13, 2021
    Budgets are flat or down thus finding monetary resources for new tools is especially difficult at the moment. At the same time, threat actors are utilizing more and more automation tools to breach org...
  • Cyber Security Resilience January 7, 2021
    Business Continuity Planning and Security Resiliency Programming and Planning is not simply an initiative for one moment in time, it's a living breathing resource that must be continually refined. Dre...
  • The Ultimate Vendor Risk Assessment Checklist January 4, 2021
    Vendor risk assessments are essential to truly understand the security, privacy, and compliance programs of the third parties you work with. As a result, nearly every organization endures an endless b...
  • Cyber Security Resolute Resolutions January 3, 2021
    the silver linings are beginning to add up for those taking notice. The future of work which was going to take 3-5 more years occurred in 3-5 weeks earlier this year. That future of work has hurdled c...
  • Achieving Cyber Resilience: Connecting the Dots Beyond Cybersecurity December 21, 2020
    Gain knowledge on how to achieve cyber resilience in an increasingly digitized world. Gain quick tips on how to get the board’s attention and approval on Cyber Security investments. And finally, deep...

RSS Security Strategy

  • Patchwork of Privilege June 26, 2020
    Product marketing manager from Thycotic, Erin Duncan, discusses privilege in this Digital Summit session. Erin sets the stage with this: “We know that cyber attackers are utilizing new technology and...
  • Identity Access, Endpoint Security &amp; User Productivity June 25, 2020
    No matter where you currently are on the “return” continuum, some form of accentuated remote work, it seems- it’s here to stay. The days of 30%ish of your workforce remotely accessing your systems som...
  • Reducing Threat Impact With CIS Controls June 3, 2020
    Lane Roush, vice-president of Presales Systems Engineering at Arctic Wolf Networks, discusses CIS roles, controls, and tools in this digital summit session.
  • Detecting And Responding At The Speed Of Business May 28, 2020
    Tim Condello, the global technology leader for Siemplify, details how to detect and respond to threats at the speed of business in this fun, informative 2020 Cyber Security Summit session.
  • Best Practices For Thriving In An Ambiguous World May 28, 2020
    Christine Vanderpool is the VP of IT security and the chief information security officer for Florida Crystals Corporation and ASR Group.. When she started, there was no defined cyber security strategy...
  • Implementing A Layered Approach To Phishing And Whaling May 27, 2020
    During this digital summit panel, Suresh Chawdhary, head of security & privacy for Nokia, stresses the importance of a layered, multi-pronged cyber security approach to best protect from phishing and...
  • What Is The Current State Of Cyber Security May 27, 2020
    Michael Oberlaender joins host George Rettas on this episode of Task Force 7. Michael is a globally recognized thought leader, author, publisher, and speaker. With three decades of IT experience, Mic...
  • Enable Secure Velocity At Scale: DevOps Automation With Identity May 14, 2020
    Ivan Dwyer, group product marketing manager with Okta, begins this virtual session by acknowledging the challenges of security professionals as an increasing number of organizations adopt cloud and De...
  • Protecting People from the #1 Threat Vector May 4, 2020
    The FBI reported losses attributed to business email compromise (BEC) and Email Account Compromise (EAC) totalling over $26B between July 2016 and July 2019. While the scale of losses is staggering, h...
  • Scaling Enterprise Threat Detection And Response Is The Theme Of Cyber Security... April 20, 2020
    Cyber Security Hub has united experts from every aspect of this space to present their most compelling case studies and real-world advice. By the end of the event, you will have the tools necessary to...

RSS InfoSecurity Magazine

RSS Application and Cybersecurity Blog

  • Computer-Based Training: January 2021 Release in Review January 22, 2021
    To remain current with technology and threat trends, we update our training every quarter.  While we enjoy showing off our new content, it’s just as  important for our customers to understand why we separate and conjoin and how learners consume certain topics.  Customer feedback, internal SME reviews, and research on industry and technology trends also […]
  • Extending Security Knowledge to the Cloud January 21, 2021
    Cloud Clash 2020 Wrap-Up
  • Through the Eyes of a Cybersecurity CEO: Trends For 2021 January 14, 2021
      Advice for Executives to Watch Next Year 2020 completely changed the way workforces operate. Digital transformation went from an emerging trend to a necessity for survival. Certain industries were brought to their knees: some didn’t make it, while others thrived. One of those industries that thrived was cyber crime. As millions scrambled and were […]
  • Ed Talks: A 2020 Retrospective December 17, 2020
    Last August, we kicked off a monthly talk show series called Ed TALKS (edtalks.io). Each month I bring cybersecurity leaders together to debate various topics. We took December off to recover from the end-of-year madness ☺ but we'll be back at it again in January 2021. 
  • Testing the security of NFC and RFID December 10, 2020
    Editor’s note: original source [https://maxfieldchen.com/posts/2020-05-07-Attacking-NFC-and-RFID.html] Testing the security of NFC and RFID With the Proxmark by your side, badges will be laid bare. If an engagement has an NFC or RFID component, the Proxmark is the most thorough and complete tool for the job. You can use it to evaluate card type, demonstrate card cloning […]

RSS Naked Security

RSS Cyber security

RSS Cyber Security

  • Is there any research paper about finding shared members between two groups? January 23, 2021
    I am looking for some exemplary techniques to identify shared members among multiple groups. For example, there is an organziation with 100 customers and another one with 200 users. I assume there are some shared members between them, but I don't know who are the shared members. But there should be some way to identitfy […]
  • Red Balloon January 23, 2021
    I realized that these are 7z encrypted headers. I tried to convert HEC to ACII but it turns out 7z and then some confusion. Please help me! https://preview.redd.it/bhsqajkk73d61.jpg?width=839&format=pjpg&auto=webp&s=8a08d3f553686af2b4b0cbcf476714e9f61f8665 submitted by /u/Neither_Advantage981 [link] [comments]
  • Cybersecurity School January 23, 2021
    I am looking online for the best cybersecurity programs and see multiple websites showing list of programs but the lists do not match. I am looking for a reference of the schools from a nonbiased group that places the schools in order. If you have this please let me know or send the link submitted […]
  • Security + January 19, 2021
    I passed my Security + Exam today! I didn't get a raving score, but I passed it on the first try! I am beyond excited! submitted by /u/Kali_Torvalds [link] [comments]
  • What are the true differences or benefits of choosing Palo Alto (Prisma) over Zscaler Cloud UTM's? January 17, 2021
    Both solutions offer basically the same features, why would i want to pay double-price for Palo Alto cloud solution over Zscaler's? I've compared both and really do not see a big difference other than the price. They both seem to offer the same protection and both have good reputations in the industry. submitted by /u/PrimaryWatercress759 […]
  • CISA tells agencies to consider ad blockers to fend off 'malvertising' January 15, 2021
    submitted by /u/Forsaken_Meeting [link] [comments]
  • New To Cyber Security January 13, 2021
    Hello, I'm interested in learning cyber security, though I have 0 experience in it and don't know where to start, except from the languages that are used in it. I also don't know if it is worth learning cyber security... Long story short: Is it worth to learn cyber security? If so, where and how […]
  • TLS 1.3 and decryption on public networks January 12, 2021
    Google throws up various different answers, and I'm finding them a little confusing, so would prefer an answer in a fairly plain not overly geeky format. If (on your own device) you log into a public network (say at an employer or organisation) that has a log in screen where you have to register and […]
  • .xlsm file security January 10, 2021
    Hello. I received an xlsm file from a source that I somewhat know but that I definitely don’t trust. I operate in a legal industry that is filled with scammers...guess most industries do. Anyways, I’m interested in having the file scanned for anything out of the ordinary. I called a few local it firms and […]
  • Trying to understand Forward Secrecy: what exactly is a session? January 6, 2021
    In Forward Secrecy, does a "session" have to be short-lived, or can it also include the entire length of the conversation? If a session is made multiple times, what changes between the sessions to create a new symmetric key? Thanks! EDIT: I'm specifically looking at Diffie-Hellman key exchange, in which I suppose you could change […]

RSS Cyber Attacks, Cyber Crime and Cyber Security

RSS Krebs on Security

  • DDoS-Guard To Forfeit Internet Space Occupied by Parler January 21, 2021
    Parler, the beleaguered social network advertised as a "free speech" alternative to Facebook and Twitter, has had a tough month. Apple and Google removed the Parler app from its stores, and Amazon blocked the platform from using its hosting services. Parler has since found a home in DDoS-Guard, a Russian digital infrastructure company. But now […]
  • New Charges Derail COVID Release for Hacker Who Aided ISIS January 19, 2021
    A hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. The new charges have derailed plans to deport him under compassionate release because of the COVID-19 pandemic.
  • Joker’s Stash Carding Market to Call it Quits January 18, 2021
    Joker's Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it's closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers.
  • Microsoft Patch Tuesday, January 2021 Edition January 13, 2021
    Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited by malware or miscreants to seize remote […]
  • SolarWinds: What Hit Us Could Hit Others January 12, 2021
    New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company's software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the […]
  • Ubiquiti: Change Your Password, Enable 2FA January 11, 2021
    Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely […]
  • Sealed U.S. Court Records Exposed in SolarWinds Breach January 7, 2021
    The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.
  • All Aboard the Pequod! January 7, 2021
    Like countless others, I frittered away the better part of Jan. 6 doomscrolling and watching television coverage of the horrifying events unfolding in our nation's capital, where a mob of President Trump supporters and QAnon conspiracy theorists was incited to lay siege to the U.S. Capitol. For those trying to draw meaning from the experience, […]
  • Hamas May Be Threat to 8chan, QAnon Online January 5, 2021
    In October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas. New research shows DDoS-Guard relies on data centers provided by a U.S.-based publicly traded company, […]
  • Happy 11th Birthday, KrebsOnSecurity! December 30, 2020
    Today marks the 11th anniversary of KrebsOnSecurity! Thank you, Dear Readers, for your continued encouragement and support! With the ongoing disruption to life and livelihood wrought by the Covid-19 pandemic, 2020 has been a fairly horrid year by most accounts. And it’s perhaps fitting that this was also a leap year, piling on an extra […]

RSS WeLiveSecurity

  • Week in security with Tony Anscombe January 22, 2021
    ESET research analyzes the Vadokrist banking trojan – Beware smishing scams – WhatsApp postpones privacy policy changes The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
    Editor
  • Why do we fall for SMS phishing scams so easily? January 22, 2021
    Here’s how to spot scams where criminals use deceptive text messages to hook and reel in their marks The post Why do we fall for SMS phishing scams so easily? appeared first on WeLiveSecurity
    Jake Moore
  • Vadokrist: A wolf in sheep’s clothing January 21, 2021
    Another in our occasional series demystifying Latin American banking trojans The post Vadokrist: A wolf in sheep’s clothing appeared first on WeLiveSecurity
    ESET Research
  • DNSpooq bugs expose millions of devices to DNS cache poisoning January 20, 2021
    Security flaws in a widely used DNS software package could allow attackers to send users to malicious websites or to remotely hijack their devices The post DNSpooq bugs expose millions of devices to DNS cache poisoning appeared first on WeLiveSecurity
    Amer Owaida
  • FBI warns of voice phishing attacks stealing corporate credentials January 19, 2021
    Criminals coax employees into handing over their access credentials and use the login data to burrow deep into corporate networks The post FBI warns of voice phishing attacks stealing corporate credentials appeared first on WeLiveSecurity
    Amer Owaida
  • WhatsApp delays privacy policy update after confusion, backlash January 18, 2021
    Millions of people flock to Signal and Telegram as WhatsApp scrambles to assuage users' concerns The post WhatsApp delays privacy policy update after confusion, backlash appeared first on WeLiveSecurity
    Amer Owaida
  • Week in security with Tony Anscombe January 15, 2021
    ESET research dissects targeted malware attacks in Colombia – What parents hope to get out of parental controls – Privacy risks of new mesh Wi-Fi routers The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
    Editor
  • What’s your attitude to parental controls? January 15, 2021
    Nobody said parenting was easy, but in the digital age it comes with a whole slew of new challenges. How do parents view the role of parental monitoring in children's online safety? The post What’s your attitude to parental controls? appeared first on WeLiveSecurity
    Tony Anscombe
  • CES 2021: Car spying – your insurance company is watching you January 14, 2021
    Your ‘networked computer on wheels’ has a privacy problem – when it comes to your data, you may not really be in the driver’s seat The post CES 2021: Car spying – your insurance company is watching you appeared first on WeLiveSecurity
    Cameron Camp
  • Hackers leak stolen COVID‑19 vaccine documents January 13, 2021
    The documents related to COVID-19 vaccine and medications were stolen from the EU's medicines agency last month The post Hackers leak stolen COVID‑19 vaccine documents appeared first on WeLiveSecurity
    Amer Owaida

RSS We Live CyberSecurity Feed

  • Week in security with Tony Anscombe January 22, 2021
    ESET research analyzes the Vadokrist banking trojan – Beware smishing scams – WhatsApp postpones privacy policy changes The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
  • Why do we fall for SMS phishing scams so easily? January 22, 2021
    Here’s how to spot scams where criminals use deceptive text messages to hook and reel in their marks The post Why do we fall for SMS phishing scams so easily? appeared first on WeLiveSecurity
  • Vadokrist: A wolf in sheep’s clothing January 21, 2021
    Another in our occasional series demystifying Latin American banking trojans The post Vadokrist: A wolf in sheep’s clothing appeared first on WeLiveSecurity
  • DNSpooq bugs expose millions of devices to DNS cache poisoning January 20, 2021
    Security flaws in a widely used DNS software package could allow attackers to send users to malicious websites or to remotely hijack their devices The post DNSpooq bugs expose millions of devices to DNS cache poisoning appeared first on WeLiveSecurity
  • FBI warns of voice phishing attacks stealing corporate credentials January 19, 2021
    Criminals coax employees into handing over their access credentials and use the login data to burrow deep into corporate networks The post FBI warns of voice phishing attacks stealing corporate credentials appeared first on WeLiveSecurity
  • WhatsApp delays privacy policy update after confusion, backlash January 18, 2021
    Millions of people flock to Signal and Telegram as WhatsApp scrambles to assuage users' concerns The post WhatsApp delays privacy policy update after confusion, backlash appeared first on WeLiveSecurity
  • Week in security with Tony Anscombe January 15, 2021
    ESET research dissects targeted malware attacks in Colombia – What parents hope to get out of parental controls – Privacy risks of new mesh Wi-Fi routers The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
  • What’s your attitude to parental controls? January 15, 2021
    Nobody said parenting was easy, but in the digital age it comes with a whole slew of new challenges. How do parents view the role of parental monitoring in children's online safety? The post What’s your attitude to parental controls? appeared first on WeLiveSecurity
  • CES 2021: Car spying – your insurance company is watching you January 14, 2021
    Your ‘networked computer on wheels’ has a privacy problem – when it comes to your data, you may not really be in the driver’s seat The post CES 2021: Car spying – your insurance company is watching you appeared first on WeLiveSecurity
  • Hackers leak stolen COVID‑19 vaccine documents January 13, 2021
    The documents related to COVID-19 vaccine and medications were stolen from the EU's medicines agency last month The post Hackers leak stolen COVID‑19 vaccine documents appeared first on WeLiveSecurity