This week, two different organization’s in two different industry verticals suffered security incidents that either lost them tons of money, or tons of time. What do they both have in common, and what can we learn from them? Watch today’s video to find out! (Episode Runtime: 3:26 ) Direct YouTube Link: https://www.youtube.com/watch?v=crBB4CU-cTs EPISODE REFERENCES: Ransomware infects Israel Energy Authority and disrupts network – ComputerWorld Cyber criminals steal $55M from an aerospace manufacturer – IBTimes A article on the changes in phishing emails – IT Pro Portal — Corey Nachreiner, CISSP ( @SecAdept )
Original release date: January 25, 2016 The Internal Revenue Service (IRS) has released the tenth in a series of tips intended to help the public protect personal and financial data online and at home. This tip describes steps tax preparers can take to protect sensitive information. Recommendations include conducting a full scan of all computer drives and files, making sure that tax preparers’ security software updates automatically, and using robust security software that helps block malware and viruses
Original release date: January 25, 2016 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT).
Summary In March 2015, a Network Configuration Leak vulnerability was disclosed to Ring as part of FortiGuard's Responsible Disclosure process. The vulnerability existed on their first internet-connected doorbell, Doorbot v1.0 but other posts o…
Summary On the patch Tuesday of this month, Microsoft patched 3 Office vulnerabilities in MS16-004.
Today, Qualys disclosed two new vulnerabilities in the popular secure shell application, OpenSSH. One of the flaws is pretty serious, but only affects the OpenSSH client
Original release date: January 14, 2016 OpenSSH version 7.1p2 has been released to address vulnerabilities in versions 5.4 through 7.1p1. Exploitation of one of these vulnerabilities may allow a remote attacker to obtain sensitive information from an affected system. Users and administrators are encouraged to review the OpenSSH Release Notes and Vulnerability Note VU#456088 and apply the necessary update.