Microsoft Patch Tuesday, December 2021 Edition
Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is...
Inside Ireland’s Public Healthcare Ransomware Scare
The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually...
Log4Shell: The race is on to fix millions of systems and internet-connected devices
Everyone is talking about Log4Shell, a zero-day remote code execution exploit in versions of log4j, the popular open source Java logging library. Read More
Smashing Security podcast #255: Revolting receipts, a Twitter fandango, and shopkeeper cyber tips
"Demonically" possessed devices print out antiwork propaganda, advice on how to secure your store, and is Twitter's new photo privacy policy practical? All this and...
Microsoft Azure Security Benchmark v3 is now mapped to CIS Critical Security Controls v8
We are pleased to announce the release of the Azure Security Benchmark (ASB) v3 with mappings to the CIS Critical Security Controls (CIS Controls) v8....
Authentication and Authorization Using Single Sign-On
By: Kathleen M. Moriarty, CIS Chief Technology Officer In order to prevent credential theft from phishing attacks, there is a push for multi-factor authentication (MFA)....
End of Life Update: CIS-CAT Pro Assessor v3
CIS-CAT Pro is a tool used to evaluate the cybersecurity posture of a system against the recommended policy settings outlined in the CIS Benchmarks. Following...
Drupal core – Moderately critical – Cross Site Scripting – SA-CORE-2021-011
Project: Drupal core Date: 2021-November-17 Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default Vulnerability: Cross Site Scripting Description: The Drupal project uses the CKEditor library for WYSIWYG...
How to Meet the Shared Responsibility Model with CIS
In 2020, the shift to a global remote workforce demonstrated just how difficult securing a cloud environment can be. Now organizations face the challenge of...