When it comes to securing email, most network admins focus on inbound security threats. This is understandable considering the threat viruses, malware, phishing and spear-phishing attacks pose to an organisation. But inbound threats aren’t the only threat organisations need to protect against. Outbound email poses a significant risk as well. Should an email server become compromised it can send out SPAM messages to all your contacts.
In part one of this series, I addressed what DoD contractors could be doing to prepare for the CMMC security level rating. In part two of the series, I want to discuss our customers’ concerns about the possible impacts of having their company’s security rating made public. According to the CMMC FAQ, all companies conducting business with the DoD must be certified (not just those who handle CUI), and the level of certification for each company will be made public.
Indicator of compromise or IOC is a forensic term that refers to the evidence on a device that points out to a security breach. In this article, we discussed how IOC can be useful for your cyber security team.
Digital technologies have been transforming our world for the past few decades. For instance, the Internet of Things (IoT) and cloud computing have induced an evolution in the way we as society live our everyday lives as well as how many enterprises conduct business. This evolution has started to enter the industrial realm, most notably the Industrial Internet of Things (IIoT) and Industry 4.0 and how these forces have driven other innovative ideas such as smart factories.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. After a long occasional rumble of consumer network devices failing the basics of security, a huge storm of failures were highlighted across a swath of devices this week. If you are thinking of going shopping for a network device you had better take a look at this first.
WannaCry is a ransomware cryptoworm cyber attack that targets computers running the Microsoft Windows operating system. It was initially released on 12 May 2017. The ransomware encrypted data and demanded ransom of $300 to $600, paid in the cryptocurrency Bitcoin. WannaCry is also known as WannaCrypt, WCry, Wana Decrypt0r 2.0, WanaCrypt0r 2.0 and Wanna Decryptor.
The Sarbanes-Oxley Act of 2002 (SOX) designates management review controls (MRCs) as one of the required internal controls. MRCs are the reviews of key financial information conducted by a company’s management to assess its reasonableness and accuracy. They are a key aspect of a public company’s internal control over financial reporting (ICFR).
Detectify Crowdsource hacker, Alyssa Herrera, is a full-time bug bounty hacker and web application security researcher who works to protect organizations. She was one of several Crowdsource hackers to submit a working proof of concept for File Disclosure in Pulse Secure Connect (CVE-2019-11510). This guest blog post will walk through how she developed an exploitable-payload for this vulnerability.
Domain hijacking is the act of changing the registration of a domain name without the permission of the original owner, or by abuse of privileges on domain hosting and domain registrar systems. Domain name hijacking is devastating to the original domain name owner's business with wide ranging effects.
