As well as checking your own VMware setup(s) you should also look at your service providers and seek assurances that they have mitigated the threat...: [...] On Monday, penetration testing firm Citadelo published a security advisory detailing the bug, tracked as CVE-2020-3956, which was first discovered in April. The cybersecurity firm said CVE-2020-3956 was uncovered during a security audit performed for a Fortune 500 enterprise customer and user of VMware Cloud Director
It may be 'boring', but having an inventory of what's on your network is THE crucial first step in any infrastructure project. I have some sympathy for extremely large and diverse network operators but starting a migration project without an inventory is just asking for trouble...: On Monday, the Government Accountability Office (GAO), the auditing agency of the US government, said that the DOD's third attempt isn't doing any better either. GAO officials said the DOD fail
Good reasons to update (hope your broadband is meaty enough). On the recovery option: Apple have had this for years, but it's relatively easy to cope with a limited set of hardware (Macs and MacBooks) rather than the chaotic bazaar that is the Windows world...: [...] Windows 10 now has a cloud recovery option in the "Reset this PC" section. Until today, the "Reset this PC" option only had one option -- namely to do a local reinstall where it would build a new Windows inst
It's a good thing to see the technology vendors compete on security. Apple has the T2 chip, Samsun has the SE chip...: [...] The chip, dubbed S3FV9RR, will be offered as a standalone turnkey with security software, Samsung said. Common Criteria, which certifies the security level of IT products from EAL0 to EAL7 with seven being the most secure, gave the security chip a Common Criteria Evaluation Assurance Level (CC EAL) 6+ certification. With the 6+ certification, Sam
This is a "watch this space" announcement as there's scant detail of the practicalities of exploits...: Academics from Germany and Italy say they developed a new practical attack that breaks the separation between Wi-Fi and Bluetooth technologies running on the same device, such as laptops, smartphones, and tablets. Called Spectra, this attack works against "combo chips," specialized chips that handle multiple types of radio wave-based wireless communications, such as Wi-
The publishing of this Verizon report usually kicks off a storm of vendor articles summed up as "See, I told you our doohickey could keep you safe". Here's one from me: In the case of unsecured Cloud storage there are now a few, reasonably simple ways of reducing your risk. Our friend at CybelAngel actively look for your data on unsecured storage (yes, even that NAS that your supplier keeps your blueprints on) and flags you if it finds anything...: The plag...
There's a 'levelling-up' process going on around the world in terms of privacy and data security. GDPR is a great driver but also the legislation that governs intelligence agencies' access to data. Here's how Australia is aligning with the USA and others...: The Telecommunications Legislation Amendment (International Production Orders) Bill 2020 (IPO Bill) requires law enforcement agencies in Australia to consider privacy, proportionality, and human rights before making a re
I'd like to see this level of debate in the UK for NHSX, not the "why aren't you using Apple/Google?" technology spat currently ongoing...: [...] In a bid to build trust from Australians, it is also considered an offence in the legislation to require an individual to download COVIDSafe, have the app in operation, or force someone to consent to uploading COVID app data. The legislation also blocks the ability for businesses to force employees or visitors to use COVIDSafe.
Looking for reasons to increase your cybersecurity investment?...: [...] As reported by Bloomberg Law, LabCorp's chief executive, chief information officer, and chief financial officer are specifically named in the Delaware court case, which accuses them of ignoring "persistently deficient cybersecurity measures" that led to a data breach and malware infection. According to the lawsuit, failing to address these problems has impacted investors and resulted in financial los
I see this as a good thing. If vendors see security and privacy as key features, rather than afterthoughts, then the world becomes a safer place. Not for Doxy.me users though...: [...] However, on the whole, a new report suggests that vendors are working on improving the situation and the majority of popular teleconferencing solutions now meet at least minimum security standards. On Tuesday, Mozilla released a study, *Privacy Not Included, exploring the security posture o