We all know that security and safety on the internet is important but may not necessarily know what is happening behind the scenes to allow us to browse around the internet or connect to a remote resource securely. Typically, the everyday user browsing on the internet knows to look for two things when accessing a website...
As a system administrator during the early days of the “cloud revolution” I found the “cloud” metaphor an interesting choice to frame the technology stack. Clouds, in my mind, were “woolly” and hard to pin down as opposed to the omnipresent, always-available things that IT marketers were suggesting cloud services would be.
At the end of 2018, 30 million small businesses were operating in the United States, many of which relied on a variety of technologies to deliver their services. No matter how small in size or how new on the startup scene, these growing companies often face the same cyber risks that large and well-established companies face.
In the past year, adoption of DevOps has increased by nearly 10 percent. Most business owners realize that in order to bring together the marketing and IT side of their business together during the development of new software or web-based apps, they have to use the DevOps and Agile methodologies.
Microsoft has partnered up with the U.S. National Institute of Standards and Technology (NIST) to create a guide designed to make enterprise patch management simpler. Microsoft originally worked with partners from the Center for Internet Security (CIS), the Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA), as well as customers.
The risk to supply chain assets due to malware is huge and the build, test and production environments are always at risk of suffering a malware attack. What ensues is failure of existing detection methods failure and compromise of software development lifecycle. Environments are often exposed to all imaginable vectors of attack caused by insider contamination due to malicious third-party software components. The production environment is at a high risk too.
Diligent taxpayers are being increasingly targeted by con artists who are well-versed in manipulating the revenue system. The crooks usually impersonate IRS (U.S. Internal Revenue Service) officials, sending fake emails or messages on social media in an attempt to defraud the targeted individuals of their money. Unfortunately, lots of people fall for these scams, and the malefactors are raking in significant profits. Below is a list of the prevalent tax swindles doing the rounds nowadays.
The time at ML:0 can be eye-opening form many organizations. There are generally a lot of assets discovered that are new or had been forgotten about. Almost every organization discovers their own Methuselah; this is the system that has been around forever and performs some important tasks but has not been updated in years. The system admins are scared to touch it for fear of breaking something.
Defense in depth is a cyber security strategy that uses a series of layered, redundant defensive measures to protect sensitive data, personally identifiable information (PII) and information technology assets. If one security control fails, the next security layer thwarts the potential cyber attack. This multi-layered approach reduces the cyber threat of a particular vulnerability exploit being successful, improving the security of the system as a whole and greatly reducing cybersecurity risk.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Amazing, if not scary selection of news items this week. However, I’m going to pick out three curious and on the face of it ones that would otherwise fly past without interest. The first, and its a subject that really interests me: How do the scammers succeed at social engineering so frequently? Perhaps we can learn a little bit more from this one.
