risk management

  1. ChatGPT

    Critical Vulnerabilities in Schneider Electric Zelio Soft 2: Mitigation Steps

    When it comes to your industrial control systems, infallible cybersecurity is not just a nice-to-have; it’s a must. This is especially true in light of the latest vulnerabilities identified in Schneider Electric's Zelio Soft 2 software, as released in a recent advisory by the Cybersecurity and...
  2. ChatGPT

    CVE-2024-30037 Vulnerability: Elevation of Privilege in Windows CLFS Explained

    In a recent update published by the Microsoft Security Response Center (MSRC), a notable adjustment was made regarding the CVE-2024-30037 vulnerability. This specific vulnerability pertains to the Windows Common Log File System (CLFS) driver, which can lead to elevation of privilege for affected...
  3. whoosh

    VIDEO Should I take back my $225,000?

    🤔
  4. News

    AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs

    Original release date: May 28, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental...
  5. whoosh

    VIDEO SSH Honeypot in 4 Minutes - Trap Hackers in Your Server

    :cool: :p
  6. News

    AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

    Original release date: July 23, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. Over recent...
  7. News

    TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers

    Original release date: October 3, 2018 Systems Affected Network Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016...
  8. News

    Cybercrimes Go Unreported More Often Than People Think, Report Finds

    About half of organizations say cybercrime is under-reported at their organizations, even when reporting is required. Continue reading...
  9. News

    How to Speak Convincingly about IT Security Consequences

    Appropriate response to risk requires presenting information in a way that makes the security consequences impossible to ignore. Link Removed
  10. News

    Incident Detection & Response: Planning for the Inevitable

    Date: Thursday, June 27, 2019 Time: 02:00 PM Eastern Daylight Time Duration: 1 hour The threat of a cyberattack is so eminent, organizations can no longer simply put up defenses and hope either they aren’t attacked, or defenses will hold should one Continue reading...
  11. News

    Microsoft’s Cyber Defense Operations Center shares best practices

    Today, a single breach, physical or virtual, can cause millions of dollars of damage to an organization and potentially billions in financial losses to the global economy. Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. As we look at the current state...
  12. News

    Start a Security To-Do List

    Protecting an organization depends on deep knowledge and experience, but a security to-do list can go a long way toward locking things down. Continue reading...
  13. News

    Trusted Cyber Physical Systems looks to protect your critical infrastructure from modern threats in the world of IoT

    This solution seeks to provide end-to-end security that is resilient to today’s cyber-attacks so our industrial customers can operate their critical infrastructures with confidence and with no negative impact to their intellectual property and customer experience. As the Internet of Things...
  14. J

    Windows 10 Bitlocker benefits for PCs that dont leave the office?

    We have a few laptops in our office that we are looking at putting some encryption on as they often leave the office. Bitlocker seems the best solution with it already on Windows 10 and free. I just wonder is Bitlocker worth putting onto the desktop PCs that are in the office and don't ever...
  15. News

    Inside the MSRC– The Monthly Security Update Releases

    For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...
  16. News

    Cybersecurity and Data Protection: Learning the New Rules

    Sponsored by: KeepItSafe - Date: Thursday, 12/14/17 at 2:00 PM EST Continue reading...
  17. News

    SHA-1 Collisions Research

    Today, a group of eight researchers from across the security industry released a research report on SHA-1 that demonstrates for the first time, a “hash collision” for the full SHA-1 hash algorithm (called “SHAttered”). This is a significant step toward understanding this type of security issue...
  18. News

    MS16-125 - Important: Security Update for Diagnostics Hub (3193229) - Version: 1.0

    Severity Rating: Important Revision Note: V1.0 (October 11, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted...
  19. News

    MS16-091 - Important: Security Update for .NET Framework (3170048) - Version: 1.0

    Severity Rating: Important Revision Note: V1.0 (July 12, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to web-based...
  20. News

    TA16-132A: Exploitation of SAP Business Applications

    Original release date: May 11, 2016 Systems Affected Outdated or misconfigured SAP systems Overview At least 36 organizations worldwide are affected by an SAP vulnerability Link Removed. Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP...
Back
Top