-
IRS Will Soon Require Selfies for Online Access
PRIVACY PRIVACY If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification…
-
Oracle January 2022 Critical Patch Update Addresses 266 CVEs
PRIVACY PRIVACY Oracle addresses 266 CVEs in its first quarterly update of 2022 with 497 patches, including 25 critical updates. Background On January 18, Oracle released its Critical Patch Update (CPU) for January 2022, the first quarterly update of the year. This CPU contains fixes for 266 CVEs in 497 security updates across 39 Oracle…
-
Supply chain vulnerability allows attackers to manipulate SAP transport system
PRIVACY PRIVACY A supply chain vulnerability in the SAP transport system that allows attackers to infiltrate the change management or software deployment process has been identified by a cybersecurity provider based in Germany. A patch has been published by SAP SE to fix the issue that threatens all SAP environments that share a single transport…
-
The 2021 Threat Landscape Retrospective: Targeting the Vulnerabilities that Matter Most
PRIVACY PRIVACY A review of the year in vulnerabilities and breaches, with insights to help guide cybersecurity strategy in 2022 and beyond. “We do not learn from experience… we learn from reflecting on experience.” – John Dewey, American philosopher We all know that the best way to improve is by debriefing, especially when it comes…
-
The Prometheus traffic direction system is a major player in malware distribution
PRIVACY PRIVACY Cybercrime is fueled by a complex ecosystem of criminal groups that specialize on different pieces of the final attack chains experienced by victims. There are the malware developers, the access brokers, the spammers, the private information sellers, the botnet operators, the malvertizers and more. One service that is often overlooked but still plays…
-
Are Fake COVID Testing Sites Harvesting Data?
PRIVACY PRIVACY Over the past few weeks, I’ve seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results. Speculation centered around data harvesting, but that didn’t make sense because it was far too labor…
-
Exploring influences on SSC grades for insurance companies
PRIVACY PRIVACY This blog was written by an independent guest blogger. There are more online stores and services available than ever, and you are able to shop for almost anything online whether it’s groceries or insurance. There are many ways to protect yourself while browsing the internet, and one of those ways is to choose…
-
Microsoft’s Pluton security processor tackles hardware, firmware vulnerabilities
PRIVACY PRIVACY While this year’s Consumer Electronics Show was impacted by COVID, it didn’t stop Lenovo from announcing the first Microsoft Pluton-powered Windows 11 PCs. First announced in 2020, the Pluton is a security processor that Microsoft developed in partnership with AMD and Qualcomm to provide what they called “chip to cloud” security. Pluton is…
-
Russian cyberattacks on Ukraine raise IT security concerns
PRIVACY PRIVACY This past week has seen an inundation of notifications concerning Russia’s overt and covert efforts to set “their” stage to provide it with a pretext to invade Ukraine once again. The realpolitik of the Russian efforts and the media focus is on the likelihood of Russia taking this course of action. These preparatory…
-
How chaos engineering can help DevSecOps teams find vulnerabilities
PRIVACY PRIVACY The words “chaos” and “engineering” aren’t usually found together. After all, good engineers keep chaos at bay. Yet lately software developers are deploying what they loosely call “chaos” in careful amounts to strengthen their computer systems by revealing hidden flaws. The results aren’t perfect – anything chaotic can’t offer guarantees– but the techniques…