News
-
Inside Ireland’s Public Healthcare Ransomware Scare
The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware. It also found affected hospitals had tens of thousands of outdated Windows…
-
Log4Shell: The race is on to fix millions of systems and internet-connected devices
Everyone is talking about Log4Shell, a zero-day remote code execution exploit in versions of log4j, the popular open source Java logging library. Read More
-
Top 10 Malware November 2021
In November 2021, the Top 10 stayed consistent with the previous month with the exception of Gh0st, Mirai, and Ursnif, which returned to the Top 10. The Top 10 Malware variants comprise 69% of the total malware activity in November 2021, decreasing 2% from October 2021. Shlayer and CoinMiner continue to lead the Top 10…
-
End-of-Support Software Report List
The importance of replacing software before its End-of-Support (EOS) is critical. EOS occurs when software updates, patches, and other forms of support are no longer offered, resulting in software becoming prone to future security vulnerabilities. Using unsupported software and firmware/hardware, puts organizations at risk in the following ways: Subsequent vulnerability disclosures place your organization at…
-
CIS Benchmarks December 2021 Update
The following CIS Benchmarks have been updated or released. We’ve highlighted the major updates below. Each Benchmark includes a full changelog that can be referenced to see all changes made. CIS F5 Networks Benchmark v1.0.0 This new Benchmark provides prescriptive guidance for establishing a secure configuration posture for F5 Networks. Thanks to the entire CIS F5…
-
Smashing Security podcast #255: Revolting receipts, a Twitter fandango, and shopkeeper cyber tips
“Demonically” possessed devices print out antiwork propaganda, advice on how to secure your store, and is Twitter’s new photo privacy policy practical? All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis. Read…
-
NSA Guidance: Zero Trust Applied to 5G Cloud Infrastructure: Parts 1 and 2
Part 1 of a 2-part series By: Kathleen M. Moriarty, CIS Chief Technology Officer and active participant in the Critical Infrastructure Partnership Advisory Council (CIPAC) Cross Sector Enduring Security Framework (ESF) Working Group The Critical Infrastructure Partnership Advisory Council (CIPAC) Cross Sector Enduring Security Framework (ESF) Working Group is an industry and government partnership which…
-
Hear from the Experts with these Cybersecurity Podcasts
The selection of podcasts – on everything from gaming to movies to sports – has exploded in recent years. Whatever topic you’re interested in, chances are there’s a show for you. So what if you’re looking to learn more about an important and complex subject like cybersecurity? Where should you start and whom can you…
-
Preventing the Most Common Cyber-Attacks with Cybersecurity Training
Many offices are operating with a hybrid of remote and in-person workspaces as the COVID-19 pandemic continues and evolves. Wherever your team is located, security continues to be everyone’s responsibility. A refresher course in cybersecurity is a great way to help employees get back in the swing, and re-establish security best practices they may have…
-
Why OAuth is so Important: An Interview with Justin Richer
This is the third article in this series by Kathleen Moriarty, CIS Chief Technology Officer. In this article, Moriarty interviews Justin Richer, an internet security expert with over two decades of experience, and author of “OAuth2 In Action,” as well as many OAuth (Open Authorization) extensions. Together they take a deep dive into authentication, authorization,…