-
CMMC 2.0: key changes
PRIVACY PRIVACY Introduction Since my previous blog CMMC Readiness was published in September 2021, the Department of Defense (DoD) has made modifications to the program structure and requirements of the Cybersecurity Maturity Model Certification (CMMC) interim rule first published in September 2020. CMMC 2.0 was officially introduced in November 2021 with the goal of streamlining…
-
How to audit Microsoft Active Directory
PRIVACY PRIVACY If you have a traditional domain, it’s time to audit your Active Directory. In fact, it’s probably way past time. You probably have accounts that have been unchanged for years and might not have reviewed settings or registry entries. Attackers know that these domains have legacy settings that allow them to take greater…
-
HiQ v LinkedIn court ruling will have a material effect on privacy
PRIVACY PRIVACY The lawyers continue to gather their billable hours as the legal tussle between data science company hiQ Labs and LinkedIn plays out in the United States federal courts. The most recent update took place in the Ninth Circuit Court of Appeals, with Judge Marsha Berzon writing the opinion, where hiQ Labs was granted…
-
Nearly Three-Quarters of Firms Suffer Downtime from DNS Attacks
PRIVACY PRIVACY Digital transformation and remote working take their toll Read More
-
Euro Cops Bust $47m Money Laundering Operation
PRIVACY PRIVACY Funds were funnelled from invoice fraud and crypto scams Read More
-
Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions
PRIVACY PRIVACY Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say…
-
Microsoft gives mitigation advice for Follina vulnerability exploitable via Office apps
PRIVACY PRIVACY Attackers are actively exploiting an unpatched remote code execution (RCE) vulnerability in a Windows component called the Microsoft Support Diagnostic Tool (MSDT) through weaponized Word documents. Microsoft has responded with mitigation advice that can be used to block the attacks until a permanent patch is released. An exploit for the vulnerability, now tracked…
-
Microsoft Acknowledges Zero-Day, Follina Office Vulnerability, Suggests Fix
PRIVACY PRIVACY Microsoft released an advisory on Monday regarding the zero-day Office flaw dubbed ‘Follina’ . Read More
-
Connecting Cyber Risk to Business Risk
PRIVACY PRIVACY CIS worked with 4RS to develop an analysis tool that helps professionals solve the cyber risk to business risk challenge. Read More
-
Magniber Ransomware Now Targets Windows 11 Machines
PRIVACY PRIVACY Magniber ransomware upgraded to prompt fake Windows 11 updates Read More