Author: nlqip

Introduction In part one of this series, we noted the three most important things you can do immediately to guard against identity theft. In part two, we discuss why protecting your identity matters and additional steps you can take. The widespread unemployment benefits fraud that occurred throughout the United States during the COVID-19 pandemic provided…

Read More

“I don’t think you could point to another large technology company that’s ever done something like this: 60 percent margin. And that’s not ‘up to’ 60 percent, but actually 60 percent,” Google’s Kevin Ichhpurani tells CRN. Google Cloud is taking channel margins to new heights as Kevin Ichhpurani tells CRN that Google partners who win…

Read More

Welcome to the Sensor Intel Series installment for January 2023. The purpose of this recurring monthly brief is to provide security practitioners with vulnerability targeting intelligence so that they can make better-informed decisions about patching and vulnerability remediation. The source of this intelligence is log data from a globally distributed network of passive sensors. While…

Read More

Closing the Cybersecurity Skills Gap, Part 3 In part one of our discussion on the cybersecurity skills gap, we discussed how organizations can develop their own cybersecurity professionals as opposed to trying to hire them. In part two, we explored where to begin in cybersecurity and the basic skills needed any cybersecurity professional needs. Now…

Read More

Mitigating FluBot David Warburton, principal threat research evangelist with F5 Labs, offers the following suggestions for mitigating FluBot. Prevent FluBot relies on tricking the user into downloading a trojan hosted on an attacker-controlled server. Android phones will, by default, prevent installation from outside of the Google Play store, though attackers know this and coach the…

Read More

Apply appropriate updates provided by Google to vulnerable systems immediately after appropriate testing. (M1051: Update Software) Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard. Safeguard 7.4: Perform…

Read More

Also notable this month is the dramatic growth in CVE-2020-25078, which is also an IoT vulnerability but this time in several IP cameras. On the one hand the volume of traffic scanning for this vulnerability was not remarkable, with ~3600 connections in February, but only 200 connections were attempted in January, which means traffic increased…

Read More

“Those that fail to learn from history are doomed to repeat it.” Winston Churchill’s paraphrased wisdom rings true 72 years later as we brace ourselves for evolving cyber threats. Many companies have thousands of applications with long lost source code written by developers from days gone by, and no solution in place to understand the…

Read More

Mitigation Coverage Restrict web-based content 7 Disable or remove feature or program 5 Multifactor authentication 5 Network segmentation 5 User training 5 Application isolation and sandboxing 4 Exploit protection 4 Network intrusion prevention 4 Privileged account management 4 User account management 4 Antivirus/antimalware 3 Data backup 3 Filter network traffic 3 Password policies 3 Update…

Read More

Both the car repair and travel app scenarios begin with the concept of request and response. Someone or something requests a service, and fulfillment only occurs in response to a request. The facilitator of the request is the interface; it is not just a messenger but also an interpreter. Few of us speak “the language…

Read More