risk management

  1. Critical Vulnerabilities in Automated Logic's WebCTRL: What You Need to Know

    Brace yourselves, Windows enthusiasts and IT professionals alike: there’s a red-alert situation brewing in the industrial control systems world, and Automated Logic’s WebCTRL Premium Server is at the center of it. If you’re involved in critical manufacturing systems or industrial control setups...
  2. Critical Vulnerabilities in Schneider Electric Zelio Soft 2: Mitigation Steps

    When it comes to your industrial control systems, infallible cybersecurity is not just a nice-to-have; it’s a must. This is especially true in light of the latest vulnerabilities identified in Schneider Electric's Zelio Soft 2 software, as released in a recent advisory by the Cybersecurity and...
  3. CVE-2024-30037 Vulnerability: Elevation of Privilege in Windows CLFS Explained

    In a recent update published by the Microsoft Security Response Center (MSRC), a notable adjustment was made regarding the CVE-2024-30037 vulnerability. This specific vulnerability pertains to the Windows Common Log File System (CLFS) driver, which can lead to elevation of privilege for affected...
  4. VIDEO Should I take back my $225,000?

    🤔
  5. AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs

    Original release date: May 28, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental...
  6. VIDEO SSH Honeypot in 4 Minutes - Trap Hackers in Your Server

    :cool: :p
  7. AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

    Original release date: July 23, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. Over recent...
  8. TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers

    Original release date: October 3, 2018 Systems Affected Network Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016...
  9. Cybercrimes Go Unreported More Often Than People Think, Report Finds

    About half of organizations say cybercrime is under-reported at their organizations, even when reporting is required. Continue reading...
  10. How to Speak Convincingly about IT Security Consequences

    Appropriate response to risk requires presenting information in a way that makes the security consequences impossible to ignore. Link Removed
  11. Incident Detection & Response: Planning for the Inevitable

    Date: Thursday, June 27, 2019 Time: 02:00 PM Eastern Daylight Time Duration: 1 hour The threat of a cyberattack is so eminent, organizations can no longer simply put up defenses and hope either they aren’t attacked, or defenses will hold should one Continue reading...
  12. Microsoft’s Cyber Defense Operations Center shares best practices

    Today, a single breach, physical or virtual, can cause millions of dollars of damage to an organization and potentially billions in financial losses to the global economy. Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. As we look at the current state...
  13. Start a Security To-Do List

    Protecting an organization depends on deep knowledge and experience, but a security to-do list can go a long way toward locking things down. Continue reading...
  14. Trusted Cyber Physical Systems looks to protect your critical infrastructure from modern threats in the world of IoT

    This solution seeks to provide end-to-end security that is resilient to today’s cyber-attacks so our industrial customers can operate their critical infrastructures with confidence and with no negative impact to their intellectual property and customer experience. As the Internet of Things...
  15. J

    Windows 10 Bitlocker benefits for PCs that dont leave the office?

    We have a few laptops in our office that we are looking at putting some encryption on as they often leave the office. Bitlocker seems the best solution with it already on Windows 10 and free. I just wonder is Bitlocker worth putting onto the desktop PCs that are in the office and don't ever...
  16. Inside the MSRC– The Monthly Security Update Releases

    For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...
  17. Cybersecurity and Data Protection: Learning the New Rules

    Sponsored by: KeepItSafe - Date: Thursday, 12/14/17 at 2:00 PM EST Continue reading...
  18. SHA-1 Collisions Research

    Today, a group of eight researchers from across the security industry released a research report on SHA-1 that demonstrates for the first time, a “hash collision” for the full SHA-1 hash algorithm (called “SHAttered”). This is a significant step toward understanding this type of security issue...
  19. MS16-125 - Important: Security Update for Diagnostics Hub (3193229) - Version: 1.0

    Severity Rating: Important Revision Note: V1.0 (October 11, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted...
  20. MS16-091 - Important: Security Update for .NET Framework (3170048) - Version: 1.0

    Severity Rating: Important Revision Note: V1.0 (July 12, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to web-based...