You are here
Home > Be Aware

Microsoft Downplays Scope of Email Attack

I subscribe to HackNotice and got an alert about this hack. I've seen conflicting reports about the severity of the breach so keep your eyes peeled if you have a 'public' email service with MS i.e. hotmail, [...] Microsoft on Monday maintained that an incident reported over the weekend about an unknown attacker using a customer support agent's credentials to access email content belonging to users of MSN, Outlook, and Hotmail accounts, affected only a limit

New Details Emerge on Windows Zero Day

Make sure you're patched. These vulnerabilities are being actively exploited...: [...] Kaspersky Lab found CVE-2019-0859 last month when their automatic exploit prevention systems detected an attempt to abuse a Windows vulnerability. Further analysis revealed a zero-day bug in win32k.sys – the fifth exploited local privilege escalation vulnerability in Windows they had discovered since October. They reported the bug to Microsoft on March 17; it was patched along with 73 othe

Game of Thrones streams and torrents host dangerous malware for people who watch for free …

Just in case you were thinking of downloading/streaming...: [...] "These risks from illegally streaming or downloading Game of Thrones are the same as downloading any other illegal file – it could contain anything malicious," Javvad Malik, a security advocate at AT&T CyberSecurity, told The Independent. "So, while it may appear to be the latest Game of Thrones episode, it could actually be a host of a nasty virus or malware that plants malicious files on your device i

Microsoft publishes SECCON framework for securing Windows 10

When it comes to securing Windows endpoints, if you don't know where to start, this is as good a place as any...: Microsoft published today a generic "security configuration framework" that contains guidance for systems administrators about the basic security settings they should be applying in order to secure Windows 10 devices. "We sat down and asked ourselves this question: if we didn't know anything at all about your environment, what security policies and security co

GDPR: How the definition of personal data has changed

This is an update of a blog post from 2017. Just in case you were wondering, personal data isn't just name, rank , and serial number...: On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998. With the Regulation expanding the definition of personal data, many organisations were uncertain as to what the new definition includes. The scope of personal data Let’s start with the circumstances under which the proces

Cyber Security: Three Parts Art, One Part Science

Worth a read...: [...] Yes, there is an art to risk management. There is also science if you use, for example, The Carnegie Mellon risk tools. But a good risk owner and manager documents risk, prioritizes it by risk criticality, turns it into a risk register or roadmap plan, remediates what is necessary, and accepts what is reasonable from a business and cyber security perspective. Oh, by the way, those same five cyber security professional we talked about earlier? They h

Patch Tuesday Lowdown, April 2019 Edition

Yes. It's a pain to watch that 'Windows is updating' message but, as always, my advice is: patch now...: Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows, Internet Explorer (IE) and Edge browsers, Office, Sharepoint and Exchange. Separately, Adobe has issued security updates for A

How can companies defend themselves against transnational threats?

Interesting interview with the head of F-Secure about threats coming from outside in the context of protecting Singapore...: [...] Over the past year there has been an ongoing discussion on the interference of foreign agents in domestic politics from the US presidential elections to Brexit. F-Secure just issued a detailed analysis of Twitter activity around Brexit - what did it show and why does it matter to Singapore? Samu Konttinen: Our research team found that nearl

Researchers Find New Victim of ‘Triton’ Malware, Which Can Physically Damage Critical Infrastructure

Working at a refinery? Time to check your systems for Triton...: Security researchers say they have found a new victim of the destructive malware, which targets critical infrastructure, known as Triton or Trisis. On Thursday, security firm FireEye revealed that it was hired to respond to a breach at an undisclosed critical infrastructure facility, and that the hackers used Triton, a type of malware that had previously hit the Saudi Arabian oil giant Petro Rabigh, as first

SAS 2019: Genesis Marketplace Peddles 60K Stolen Digital Identities

As anti-fraud and anomalous behaviour systems get more effective, the criminals are focusing on acquiring real credentials and using them in seemingly innocuous ways. Your online identities are under attack...: [...] This type of digital-identity theft is growing in popularity as more cybercriminals recognize the benefits of sidestepping automated solutions that are meant to discover fraud. This particular market has been around about a year, Lozhkin told Threatpost, and is