Blog - Cyber Security Informer

Free and Downloadable Email Security Policy Template

Heimadal Security

APRIL 12, 2024

Email serves as a fundamental communication tool in business operations, necessitating stringent security measures to protect sensitive information and maintain corporate integrity. Our email security policy template serves as a comprehensive guide for companies looking to implement robust email security practices.

Topic-specific policy 5/11: networking security

Notice Bored

OCTOBER 16, 2021

The information risk and security implications of data networking, along with the ubiquity of data networks, makes this an obvious policy topic and naturally we offer a policy template. That dips into the realm of mis/disinformation, bias and fraud, further areas where well-written corporate policies can help.

Network Security

Network Security Media Risk Information Security

Microsoft Flaws Include Secure Boot Bypass, System-Level Takeovers

eSecurity Planet

MAY 10, 2023

The second flaw being actively exploited is CVE-2023-24932 , a Windows Secure Boot security feature bypass vulnerability with a CVSS score of 6.7 – again, Goettl said, it’s best to ignore the rating and focus on the confirmed exploits. Still, six of the flaws are critical, and two others are currently being exploited in the wild.

Firmware

Firmware Malware Software Risk

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Malicious ad for USPS fishes for banking credentials

Malwarebytes

JULY 5, 2023

However, malvertising is also a great vehicle for phishing attacks which we usually see more often via spam emails. In this blog post, we review a recent phishing attack that was targeting both mobile and Desktop users looking up to track their packages via the United States Postal Service website.

Banking

Banking Phishing Scams Advertising

WordPress Tools for GDPR Compliance

SiteLock

AUGUST 27, 2021

Privacy Policy Generator. Many sites have already have privacy policies as a page link in their website footer. The verbiage of these policies can vary, but oftentimes small businesses just do a web search to copy an existing privacy policy and call it a day. New Privacy menu item in the Settings dropdown.

Small Business

Small Business Accountability

Node.js Vulnerability Cheatsheet

Security Boulevard

FEBRUARY 17, 2022

Securing applications is not the easiest thing to do. With all these components to secure, building a secure application can seem really daunting. And by studying these common vulnerability types, why they happen, and how to spot them, you can learn to prevent them and secure your application. Security misconfiguration.

Authentication

Authentication Encryption Engineering Firewall

Reinventing Asset Management for Cybersecurity Professionals

IT Security Guru

MAY 24, 2021

In conversations with our customers, it’s very clear that organisations need to establish a comprehensive view of their IT asset infrastructure because you can’t secure what you don’t know or can’t see. Visibility into security context is needed for prioritizing the overwhelming number of issues security teams need to address.

Cybersecurity

Cybersecurity Risk Software Data collection

4 Ways North Korea Is Targeting Security Researchers

SecureWorld News

JANUARY 26, 2021

Security researchers are some of the unsung heroes within the cybersecurity field. Google's Threat Analysis Group (TAG) has been working for several months to try to identify who is behind an ongoing campaign targeting security researchers, specifically those who work on vulnerability research and development at a variety of organizations.

Social Engineering

Social Engineering Engineering Accountability Malware

Topic-specific policy 4/11: information transfer

Notice Bored

OCTOBER 14, 2021

"Information transfer" is another ambiguous, potentially misleading title for a policy, even if it includes "information security". Transmission of information through broadcasting, training and awareness activities, reporting, policies, documentation, seminars, publications, blogs etc.,

Information Security

Information Security Risk Media Encryption

SANS Critical Control 2: Inventory of Authorized and Unauthorized Software

NopSec

JUNE 20, 2013

Yesterday, I published the first blog post on mapping SANS 20 critical security controls to Unified VRM. You can find the blog post here – Achieving SANS 20 Critical Security Controls with Unified VRM. This task can be performed using Unified VRM internal security assessment module.

Software

Software Social Engineering Engineering Phishing

The Phight Against Phishing

Digital Shadows

AUGUST 17, 2021

We’re talking about the email attack variety. But, never mind the dozens of other reports and white papers about phishing that come out every year from security industry leaders, let’s take a look at the 2021 Verizon DBIR. What is Phish(ing)? No, not the band , unless you’re really into jam bands.

Phishing

Phishing Accountability Social Engineering Mobile

PCI v4 is coming. Are you ready?

Pen Test Partners

SEPTEMBER 13, 2023

The Council stated that the changes represent their determination to “continue to meet the security needs of the payment industry, promote security as a continuous process, add flexibility for different methodologies, and enhance validation methods”. In March 2022, the PCI Council released the long-anticipated v4.0.

Authentication

Authentication Passwords Media Encryption

Lazarus targets defense industry with ThreatNeedle

SecureList

FEBRUARY 25, 2021

Google TAG has recently published a post about a campaign by Lazarus targeting security researchers. The group made use of COVID-19 themes in its spear-phishing emails, embellishing them with personal information gathered using publicly available sources. Phishing email with links to malicious documents.

Malware

Malware Phishing Passwords Encryption

Key lessons from the first major GDPR fines for cyber breaches

Privacy and Cybersecurity Law

JANUARY 18, 2021

Back then, major cyber and data security breaches were mentioned as prime candidates for mega fines approaching the 4% maximum. The Regulatory Action Policy (RAP) seen in action and ICO’s approach to fines and the calculation of quantum. Share via email. Receive our latest blog posts by email. Share on Facebook.

Data breaches

Data breaches Risk Cybersecurity

CIS 20 Controls: Utilizing CIS 20 Critical Controls for Vulnerability Prioritization

NopSec

JULY 18, 2017

CIS 20 Security Controls represent one of the reference frameworks of the most critical controls an organization can implement to establish a well balanced security program to safeguard confidentiality, integrity and availability of information. With that in mind, in this blog post we’re covering 13 out of the 20 controls.

Wireless

Wireless Penetration Testing Software Authentication

Secure Web Browsing – How to Remove the Headache

Jane Frankland

OCTOBER 17, 2023

In this blog, I’ll be sharing my insights on what you can do to ensure your employees protect themselves, their data, and your organisation’s network and reputation. I’ll be focusing on secure web browsing as it’s an important first step. So, let’s begin by examining what secure web browsing is and why it matters.

Security Awareness

Security Awareness Education Cybersecurity Data breaches

Story of the year: the impact of AI on cybersecurity

SecureList

DECEMBER 11, 2023

Over the past twelve months, this abbreviation has resonated across innumerable headlines, business surveys and tech reports, firmly securing a position as the Collins English Dictionary’s 2023 Word of the Year. As the fast-growing technology evolves, it has become a matter of policy making and regulation.

Cybersecurity

Cybersecurity Artificial Intelligence Technology Risk

Duo Care is Here to Help with Trusted Endpoints

Duo's Security Blog

AUGUST 15, 2023

At any given point in time, the Duo Care teams are having conversations with customers that span the spectrum of security topics. but as you read in previous blogs, Duo has been upping its game too. What have we been most excited to talk to our customers about recently?

Engineering

Engineering Social Engineering Accountability Authentication

Citrix Duo Universal Prompt Is the Interface to Guard Against Increasingly Sophisticated Application Threat Vectors

Duo's Security Blog

MAY 17, 2023

Until then your company is missing out on many new security features, improved user experience, and various other features only available with Universal Prompt. Now, those environments can move to the Duo Universal Prompt and enjoy many security and experience benefits. What is Duo Universal Prompt?

Authentication

Authentication Engineering Education Phishing

Black Hat USA 2022: Creating Hacker Summer Camp

Cisco Security

AUGUST 29, 2022

In part one of this issue of our Black Hat USA NOC (Network Operations Center) blog, you will find: Adapt and Overcome. Port Security, by Ryan MacLennan, Ian Redden and Paul Fiddler. I am proud of the Cisco Meraki and Secure team members and our NOC partners. Building the Hacker Summer Camp network, by Evan Basta. Full stop.

Engineering

Engineering Wireless Malware DNS

Complexity, simplified

Notice Bored

JULY 9, 2022

I was wondering whether [the information security policies we have been customising for them] might be a little too in depth for our little start-up. Infosec is quite involved and - as you'll surely appreciate from this very blog - I tend to focus and elaborate on the complexities, writing profusely on topics that I enjoy.

Mobile

Mobile InfoSec Media Risk

The Hacker Mind Podcast: Shall We Play A Game?

ForAllSecure

JANUARY 27, 2021

Vamosi: Today, John has taken his juvenile curiosity in breaking things down to become a security researcher with Huntress Labs. Hammond: As a security researcher, I am hierarchically in their Threat OPs department. What’s a good entry point for starting CTFs or information security for that matter? Vamosi: Wait.

Computers and Electronics

Computers and Electronics InfoSec Hacking Education

The Hacker Mind Podcast: Shall We Play A Game?

ForAllSecure

JANUARY 27, 2021

Vamosi: Today, John has taken his juvenile curiosity in breaking things down to become a security researcher with Huntress Labs. Hammond: As a security researcher, I am hierarchically in their Threat OPs department. What’s a good entry point for starting CTFs or information security for that matter? Vamosi: Wait.

Computers and Electronics

Computers and Electronics InfoSec Hacking Education

Cyber Security Informer

Free and Downloadable Email Security Policy Template

Topic-specific policy 5/11: networking security

Webinars

Trending Sources

Microsoft Flaws Include Secure Boot Bypass, System-Level Takeovers

Webinars

Malicious ad for USPS fishes for banking credentials

WordPress Tools for GDPR Compliance

Node.js Vulnerability Cheatsheet

Reinventing Asset Management for Cybersecurity Professionals

4 Ways North Korea Is Targeting Security Researchers

Topic-specific policy 4/11: information transfer

SANS Critical Control 2: Inventory of Authorized and Unauthorized Software

The Phight Against Phishing

PCI v4 is coming. Are you ready?

Lazarus targets defense industry with ThreatNeedle

Key lessons from the first major GDPR fines for cyber breaches

CIS 20 Controls: Utilizing CIS 20 Critical Controls for Vulnerability Prioritization

Secure Web Browsing – How to Remove the Headache

Story of the year: the impact of AI on cybersecurity

Duo Care is Here to Help with Trusted Endpoints

Citrix Duo Universal Prompt Is the Interface to Guard Against Increasingly Sophisticated Application Threat Vectors

Black Hat USA 2022: Creating Hacker Summer Camp

Complexity, simplified

The Hacker Mind Podcast: Shall We Play A Game?

The Hacker Mind Podcast: Shall We Play A Game?

Stay Connected