CIS Benchmarks December 2021 Update
The following CIS Benchmarks have been updated or released. We’ve highlighted the major updates below. Each Benchmark includes a full changelog that can be referenced...
Smashing Security podcast #255: Revolting receipts, a Twitter fandango, and shopkeeper cyber tips
"Demonically" possessed devices print out antiwork propaganda, advice on how to secure your store, and is Twitter's new photo privacy policy practical? All this and...
NSA Guidance: Zero Trust Applied to 5G Cloud Infrastructure: Parts 1 and 2
Part 1 of a 2-part series By: Kathleen M. Moriarty, CIS Chief Technology Officer and active participant in the Critical Infrastructure Partnership Advisory Council (CIPAC)...
Hear from the Experts with these Cybersecurity Podcasts
The selection of podcasts – on everything from gaming to movies to sports – has exploded in recent years. Whatever topic you’re interested in, chances...
Preventing the Most Common Cyber-Attacks with Cybersecurity Training
Many offices are operating with a hybrid of remote and in-person workspaces as the COVID-19 pandemic continues and evolves. Wherever your team is located, security...
Why OAuth is so Important: An Interview with Justin Richer
This is the third article in this series by Kathleen Moriarty, CIS Chief Technology Officer. In this article, Moriarty interviews Justin Richer, an internet security...
Microsoft Azure Security Benchmark v3 is now mapped to CIS Critical Security Controls v8
We are pleased to announce the release of the Azure Security Benchmark (ASB) v3 with mappings to the CIS Critical Security Controls (CIS Controls) v8....
Authentication and Authorization Using Single Sign-On
By: Kathleen M. Moriarty, CIS Chief Technology Officer In order to prevent credential theft from phishing attacks, there is a push for multi-factor authentication (MFA)....
End of Life Update: CIS-CAT Pro Assessor v3
CIS-CAT Pro is a tool used to evaluate the cybersecurity posture of a system against the recommended policy settings outlined in the CIS Benchmarks. Following...
Drupal core – Moderately critical – Cross Site Scripting – SA-CORE-2021-011
Project: Drupal core Date: 2021-November-17 Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default Vulnerability: Cross Site Scripting Description: The Drupal project uses the CKEditor library for WYSIWYG...