Month: August 2024
People-Search Site Removal Services Largely Ineffective Consumer Reports has a new study of people-search site removal services, concluding that they don’t really work: As a whole, people-search removal services are largely ineffective. Private information about each participant on the people-search sites decreased after using the people-search removal services. And, not surprisingly, the removal services did…
Read More
The Cloud Security Alliance has released its list of top cloud threats for 2024. Plus, CISA and the FBI published a guide for determining if a software product was built “secure by design.” Meanwhile, find out how AI can transform offensive security. And the latest on the Royal ransomware gang, the CIS Benchmarks and TikTok’s…
Read More
Critical vulnerability in Cisco Smart Software Manager On-Prem exposes systems to unauthorized password changes, exploit code now available. Background On July 17, 2024, Cisco published an advisory for a for a critical vulnerability in Cisco’s Smart Software Manager On-Prem (SSM On-Prem): CVE Description CVSSv3 CVE-2024-20419 Cisco Smart Software Manager On-Prem Password Change Vulnerability 10 Analysis…
Read More
What it does: FAIR provides a model for understanding, analyzing, and quantifying cyber risk and operational risk in financial terms, according to the Fair Institute. It’s unlike risk assessment frameworks that focus their output on qualitative color charts or numerical weighted scales. Instead it builds a foundation for developing a robust approach to information risk…
Read More
Action1’s expertise in patch management aligns well with CrowdStrike’s current need to enhance its update mechanisms. By integrating Action1’s technology into its platform, CrowdStrike could significantly improve the testing and deployment of updates, something it faced widespread criticism for in the months following the Falcon goof-up. Implications for customers The $1 billion valuation is a…
Read More
Aug 09, 2024Ravie LakshmananNational Security / Identity Theft The U.S. Department of Justice (DoJ) on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a “laptop farm” to help get North Koreans remote jobs with American and British companies. Matthew Isaac Knoot is charged with conspiracy to cause damage to protected computers, conspiracy…
Read More
Aug 09, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data. The agency said it has seen adversaries “acquire system configuration files by leveraging available protocols or software on devices,…
Read More
Business Security Cyber insurance is not only a safety net, but it can also be a catalyst for advancing security practices and standards 08 Aug 2024 • , 3 min. read If there was ever any doubt about the relationship between cybersecurity and the cyber insurance industry, then Black Hat USA 2024 dispelled it. A…
Read More
CrowdStrike’s ‘apology alone in these circumstances is vastly inadequate,’ Delta’s attorney said in a letter Thursday. Delta Air Lines and CrowdStrike’s war of words over responsibility and compensation concerning the July 19 faulty update that downed about 8.5 million Microsoft Windows machines continues to unfold publicly with well-known attorney David Boies, representing Delta, firing back…
Read More
“This is a massive game changer, providing us for the first time a SOC (Security Operations Center) and high-quality security talent that is 24/7 responding to threats and managing customer cyber environments,” said Fulcrum IT Partners President Kyle Lanzinger. Fulcrum IT Partners, the $1 billion international solution provider behemoth, is adding more security services muscle…
Read More