Since it is October and it is Cybersecurity Awareness month, I like to acknowledge this event at least once – so why not do a top 3 items to be worried about? Out of the myriad of items to discuss from past discussions: #1 Phishing and spam attacks through email, text, or any level (social … Read more
NSA has a cybersecurity advisory It says that Pulse SecureTM, Palo Alto GlobalProtectTM, and Fortinet FortigateTM VPN(Virtual Private Network) products have vulnerabilities 3 of them VPN CVEs being currently exploited include but may not be limited to: CVE-2019-11510 and CVE-2019-1153 which allow for remote arbitrary file downloads and remote code execution on Pulse Connect Secure … Read more
Technewsworld has an interesting article: Cybersecurity Conundrum: Who’s Responsible for Securing IoT Networks? I do not want to focus on the IoT(Internet of Things) angle, instead pointing the spotlight at the responsibility of the Cyber breach (assuming they get breached): {Global research and advisory firm Gartner predicts that, by 2024, 75 percent of CEOs will … Read more
Zerologon Patches Roll Out Beyond Microsoft What if you have an older server? Like a Windows Server 2008? The Zerologon was a problem that was patched in August on a patch Tuesday of course. Race to patch as Microsoft confirms Zerologon attacks in the wild article also from ComputerWeekly.com Bottom line is that the vulnerability … Read more
Are we being too complacent in our feeling of “nothing will happen to us” with regard to Cybersecurity? 2 stories tie this theme together: Phishing awareness training wears off after a few months Apparently retraining is required after 6 months. Ransomware and Observations from Recent IR investigations Businesses are still getting ransomware, not how it … Read more
