Cyber Security Informer

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

Microsoft introduced this e-mail and calendaring server in 1996 and over time it has over time become ubiquitous in enterprises and small and mid-sized businesses (SMBs) alike. The user interface is intuitive, making it accessible for users with varying levels of technical expertise.

Risk

Risk Backups Software Education

4 Ways to Engage Employees in Your Cybersecurity Defense

Security Boulevard

JULY 6, 2022

Cybersecurity training is critical for all of your employees in building this awareness. . There are challenges to implementing training successfully. Provide ongoing training . A one-time training session isn’t enough protection, though, as the cyber-threat landscape is continually changing. Communicate well .

Cybersecurity

Cybersecurity Adware Social Engineering Cyber threats

Q&A: SolarWinds, Mimecast hacks portend intensified third-party, supply-chain compromises

The Last Watchdog

JANUARY 25, 2021

13, FireEye and Microsoft published this technical report , disclosing how the adversary got in: via trojan malware, dubbed Sunburst , carried in an Orion software update sent to FireEye. Quick recap: SolarWinds supplies the Orion platform to some 33,000 enterprises that use it to monitor and manage their entire IT stack.

Hacking

Hacking B2B Authentication Software

Metadata and Your Privacy

Security Boulevard

MARCH 1, 2023

This metadata is often scanned and used to train the machine-learning algorithms behind spam, phishing, and malicious message filterinIf the cloud storage provider does not run their servers in-house, then third-parties such as the server infrastructure provider (hosting) may have access tog.

Encryption

Encryption Data collection Advertising Phishing

Why an NTSB Wouldn’t Be Helpful For Ransomware

Daniel Miessler

MAY 22, 2021

And secondly, if the NTSB or any similar agency were to find a fault in a technical system, or in the procedures that humans use to fly planes, they could write a scathing report and people are likely to listen. Pilots used to bring their raw training and talent into the cockpit, and planes crashed a lot. Earthquake? Remote employees?

Ransomware

Ransomware Marketing Accountability Technology

Top 10 Ways to Make the Most of Your Cybersecurity Internship

Cisco Security

AUGUST 23, 2023

2: Remember that internships are about learning To ensure Technical Product Management Intern Violet Yu understood the intricacies of her projects, she took a lot of notes, studied materials her manager shared from articles to slide decks, and sought out external learning from YouTube.

Cybersecurity

Cybersecurity Engineering Software

Security Roundup December 2022

BH Consulting

DECEMBER 7, 2022

Technically speaking, it’s a cybersecurity incident. Security tips that aren’t just for Christmas: Europol’s cyber advent calendar. Research firm Forrester peers into the future of security training. We try to keep security and data protection disciplines separate in our practice, but sometimes they unavoidably overlap.

Ransomware

Ransomware Government Scams Data breaches

NIS2 Framework: Your Key To Achieving Cybersecurity Excellence

Centraleyes

JANUARY 21, 2024

Mark these dates on your compliance calendar to navigate the NIS2 landscape effectively and uphold the cybersecurity resilience of your organization. The European Union Agency for Cybersecurity (ENISA) facilitates NIS2 implementation by actively contributing technical expertise to various working streams of the Cooperation Group.

Cybersecurity

Cybersecurity Energy and Utilities Cyber threats Risk

Beat the January blues with an incident response plan

BH Consulting

JANUARY 12, 2023

They’ll be checking calendars for upcoming long weekends and public holidays, to make sure there’s a solid response plan in case a security incident happens. Though not technically a holiday, three days before Christmas Eve The Guardian newspaper experienced a ransomware attack. police, regulators, customers, employees, media).

Data breaches

Data breaches Ransomware Media Risk

Why Are Cybersecurity Professionals Suddenly So Popular?

SecureWorld News

SEPTEMBER 24, 2020

When asked how they view cybersecurity professionals, respondents from outside security voted like this: 71% of participants say they view cybersecurity professionals as "smart, technically skilled individuals". To join SecureWorld's virtual conference series, go here: 2020 SecureWorld Virtual Conference Calendar.

Cybersecurity

Cybersecurity Digital transformation Education Information Security

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

SecureList

JULY 19, 2023

The CVE-2023-23397 vulnerability From a technical point of view, the vulnerability is a critical EoP that is triggered when an attacker sends an Outlook object (task, message, or calendar event) within an extended MAPI property that contains a UNC path to an SMB share on a threat actor-controlled server, resulting in a Net-NTLMv2 hash leak.

Firmware

Firmware Internet Internet Government

The state of stalkerware in 2022

SecureList

MARCH 8, 2023

Together keeping up the fight against stalkerware Stalkerware is foremost not a technical problem, but an expression of a problem within society which therefore requires action from all areas of society. To date, more than 130 professionals have completed the e-learning course with a further 80 currently participating.

Mobile

Mobile Software Cybersecurity Accountability

Story of the year: the impact of AI on cybersecurity

SecureList

DECEMBER 11, 2023

Large Language Models (LLMs) are not just technical jargon; they are practical tools shaping the landscape of day-to-day and corporate activities. Risks of proprietary cloud services Other risks stem from the way the models are trained and deployed. The most capable models are closed-source, and also very idiosyncratic.

Cybersecurity

Cybersecurity Artificial Intelligence Technology Risk

Is G Suite HIPAA Compliant? An Admin Guide For Configuring G Suite for HIPAA Compliance

Spinone

JULY 8, 2020

What about G Suite services like Gmail, Calendar, Keep, Hangouts, Vault, and others? This includes security across administrative , physical , and technical systems. Does technical support from Google help you make your G Suite HIPAA compliant? Does Google technical support deal with HIPAA related issues? What is HIPAA?

Encryption

Encryption Backups Accountability Ransomware

Migrating from On Premise to Google G Suite

Spinone

DECEMBER 27, 2018

Google’s G Suite environment provides an attractive set of services for organizations to have an all-in-one solution for key business solutions including email, calendaring, shared drive storage, Chat services, and productivity tools such as docs, sheets, forms, website creation, mobile services, etc.

Cloud Migration

Cloud Migration Backups Ransomware Education

Intro to phishing: simulating attacks to build resiliency

Security Affairs

APRIL 21, 2023

Organizations should focus their security awareness and training efforts towards educating their userbases on how to differentiate between each type of phishing attack, and strive to build phishing resiliency over time using routine simulated exercises that mimic real-life attacks.

Phishing

Phishing Social Engineering Security Awareness Passwords

HHS Issues Quick Response Cyber Attack Checklist

Privacy and Cybersecurity Law

JULY 13, 2017

Entities should immediately fix any technical or other problems to stop the incident and take steps to mitigate any impermissible disclosure of protected health information (either done by the entity’s own information technology staff, or by an outside entity brought in to help). Checklist Recommendations.

Cyber Attacks

Cyber Attacks Cyber threats Healthcare Technology

A look at Chrome’s security review culture

Google Security

JULY 20, 2023

Make focus time in your calendar or sit somewhere unusual to give yourself space to think. Training is available Develop mind-tricks and frameworks for having difficult conversations. Think about what can go wrong Take time to think and bring an adversarial mindset and bring a different perspective. Look for courses you can take.

Engineering

Engineering Architecture Risk Education

10 Personal Finance Lessons for Technology Professionals

Troy Hunt

DECEMBER 30, 2018

I reckon as technical folks we tend to be more analytical than your average person and one of the best things you can do for you financial wellbeing is to chuck everything into spreadsheets. Being successful at that level requires both luck and talent.

Technology

Technology Education Marketing Insurance

Cyber Security Informer

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

4 Ways to Engage Employees in Your Cybersecurity Defense

Trending Sources

Q&A: SolarWinds, Mimecast hacks portend intensified third-party, supply-chain compromises

Metadata and Your Privacy

Why an NTSB Wouldn’t Be Helpful For Ransomware

Top 10 Ways to Make the Most of Your Cybersecurity Internship

Security Roundup December 2022

NIS2 Framework: Your Key To Achieving Cybersecurity Excellence

Beat the January blues with an incident response plan

Why Are Cybersecurity Professionals Suddenly So Popular?

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

The state of stalkerware in 2022

Story of the year: the impact of AI on cybersecurity

Is G Suite HIPAA Compliant? An Admin Guide For Configuring G Suite for HIPAA Compliance

Migrating from On Premise to Google G Suite

Intro to phishing: simulating attacks to build resiliency

HHS Issues Quick Response Cyber Attack Checklist

A look at Chrome’s security review culture

10 Personal Finance Lessons for Technology Professionals

Stay Connected