The United States Computer Emergency Readiness team (US-CERT) operates within the U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC), protecting America by responding to major incidents, analyzing threats, and exchanging critical cyber security information with trusted partners around the world. You may have already signed up for the popular email alert
Security
Cyber thieves will target anything they can hold for ransom
By Jon Washburn on
Posted in Cyber Attack, Security
Back in August, the Associated Press ran this article profiling how a North Carolina manufacturer has been attacked twice by cyber criminals looking to install malware and cripple the “just-in-time” nature of their operations so that they’d be willing to pay a ransom to return to production. While this manufacturer avoided paying the ransom so…
Encryption vulnerability in WiFi Protected Access II (WPA2)
By Jon Washburn on
WPA2 is the “secure” implementation option used by the vast majority of enterprise WiFi systems – other protocols have their own security issues, which is why everyone moved to WPA2. Unfortunately, researches have found a way to break that security.
The good news is, for most attacks the attacker has to be on the…
If a security researcher leaves you a voicemail, please call them back …
By Jon Washburn on
A good lesson for technology providers: if security researchers reach out to you, acknowledge them as quickly as possible, especially when they’ve discovered a critical vulnerability. If you work with them to remediate the issue, you may be able to get a patch out before they feel the need to publish the vulnerability for the …
FTC Wants You to Vet Service Providers’ Security
By Amy Carlson on
Posted in Security
This guidance supplements the FTC’s “Start With Security, A Guide for Business” publication which was published in June 2015. Please share with your security professionals.
Will Your Company Have To Stop Using Kaspersky?
By Amy Carlson on
Posted in Security
Acting Secretary of DHS, Elaine Duke, issued a BOD requiring departments and agencies to identify the use or presence of all Kaspersky products on their information systems and to develop detailed plans to remove and discontinue present and future use of the products and to finalize implementation of those plans within 3 months. She is…