Security, Systems administration and Video - Information Management Today

Microsoft Patch Tuesday, June 2023 Edition

Krebs on Security

JUNE 13, 2023

today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. CVSS score, and they all concern a widely-deployed component called the Windows Pragmatic General Multicast (PGM), which is used for delivering multicast data — such as video streaming or online gaming.

Systems administration

Systems administration Authentication Access Phishing

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

JULY 8, 2021

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely. Image: Archive.org.

IT

IT Ransomware Systems administration Authentication

Lousy IoT Security

Schneier on Security

DECEMBER 19, 2019

DTEN makes smart screens and whiteboards for videoconferencing systems. Forescout found that their security is terrible: In total, our researchers discovered five vulnerabilities of four different kinds: Data exposure: PDF files of shared whiteboards (e.g. meeting notes) and other sensitive files (e.g.,

IoT

IoT Security Systems administration Encryption

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

Security Affairs

OCTOBER 25, 2018

It’s time to patch again the Cisco Webex video conferencing software of your organization to avoid ugly surprise. ” Cisco advisory reveals that the vulnerability could be exploited remotely by leveraging the operating system remote management tools. when running on a Microsoft Windows end-user system. .”

Systems administration

Systems administration Authentication Security IT

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

The Last Watchdog

JUNE 2, 2021

A new form of agile cryptography must get established in order to robustly preserve privacy and security as all this raw data gets put to commercial use. This arrangement has gotten us this far – but it is too brittle, from a security perspective, to carry us forward. In order to get there, one big technical hurdle must be surmounted.

Encryption

Encryption Access Artificial Intelligence IoT

Wireshark fixed three flaws that can crash it via malicious packet trace files

Security Affairs

SEPTEMBER 2, 2018

The three vulnerabilities tracked as CVE-2018-16056 , CVE-2018-16057 and CVE-2018-16058 affect respectively the Bluetooth Attribute Protocol (ATT) dissector, the Radiotap dissector, and the Audio/Video Distribution Transport Protocol (AVDTP) dissector components of Wireshark. Administrators are advised to monitor affected systems.

IT

IT Systems administration Access Security

CyberheistNews Vol 13 #24 [The Mind's Bias] Pretexting Now Tops Phishing in Social Engineering Attacks

KnowBe4

JUNE 13, 2023

Previously, these schemes involved coerced or stolen digital material, but now some criminals are using technology to create explicit content from innocent images or videos found online. However, with deepfakes, the victim may appear in a realistic image or video without their knowledge or consent. Currently, the U.S.

Phishing

Phishing Passwords Data breaches Security awareness

From iPhone to NT AUTHORITYSYSTEM – exploit ‘Printconfig’ dll with a real-world example

Security Affairs

DECEMBER 15, 2019

At this point we have all the pieces of the puzzle, we only need to change the destination file to printconfig.dll, then overwrite it with our own dll, start the XPS print job and finally enjoy the SYSTEM shell (this exercise is left to the reader). Here you can watch a video of the POC. Boundary conditions. Pierluigi Paganini.

Systems administration

Systems administration Access Security Communications

List of data breaches and cyber attacks in February 2020 – 623 million records breached

IT Governance

MARCH 2, 2020

At first glance, February appears to be a big improvement cyber security-wise compared to the start of the year. Columbus County Schools gives update after systems wiped by cyber attack (5,673). The US Defence Information Systems Administration discloses 2019 cyber attack (unknown).

Data breaches

Data breaches Ransomware Phishing Personal data

New Linux/DDosMan threat emerged from an evolution of the older Elknot

Security Affairs

APRIL 1, 2019

This report is meant for incident response or Linux forensics purpose, TO HELP admin & IR folks ”, with this the very beginning sentence starts the new analysis of one of the most talented reverser of the worldwide extended security community, the head of MalwareMustDie team, Mr. unixfreaxjp. Non-Technical-Premise. 22 | OPATELECOM, | UA.

Communications

Communications Encryption Systems administration Security

AIIM's Information Management Training - Cost, Options, and FAQs

AIIM

FEBRUARY 27, 2020

It also features 23 hands-on labs, all of which are also provided as video demos in the course materials. This course is targeted to business users of SharePoint, including knowledge workers; it is not a system administrator’s course. Cost: $895 for AIIM members, $995 for non-members. Which Training is Right for Me?

ECM

ECM Records Management Metadata Information governance

Addressing Remote Desktop Attacks and Security

eSecurity Planet

MARCH 25, 2022

This article looks at the remote desktop protocol, how RDP attacks work, best practices for defense, the prevalence of RDP attacks today, and how remote desktop software vendors are securing their clients. Also read : Best Internet Security Suites & Software. Table of Contents. What is the Remote Desktop Protocol (RDP)?

Security

Security Access Authentication Encryption

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

Adam Levin

APRIL 8, 2019

Facebook’s Two-Factor Authentication phone numbers exposed: After prompting users to provide phone numbers to secure their accounts, Facebook allows anyone to look up their account by using them. The company has also used security information for advertising in the past.). In short, there is no upside.

Privacy

Privacy Artificial Intelligence Data Privacy Passwords

DevOps Chat Podcast: $2M DARPA Award Sparks Behavior Testing With ForAllSecure's Mayhem Solution

ForAllSecure

AUGUST 16, 2019

Secure software depends on people finding vulnerabilities and deploying fixes before they are exploited in the wild. This has led to a world of security researchers and bug bounties directed at finding new vulnerabilities. When I got out of undergrad, I was a computer security officer. Brumley: Yeah, absolutely. Brumley: Yeah.

Marketing

Marketing Government IT Systems administration

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

The Originating Malvertising Campaign According to CTI investigation on the adversary infrastructure, we were able to identify an ongoing campaign luring system administrators to install the malicious code into their machines. The CrashedTech Loader The “KiffAppE2.exe”

Encryption

Encryption Communications IoT Marketing

DevOps Chat Podcast: $2M DARPA Award Sparks Behavior Testing With ForAllSecure's Mayhem Solution

ForAllSecure

AUGUST 16, 2019

Secure software depends on people finding vulnerabilities and deploying fixes before they are exploited in the wild. This has led to a world of security researchers and bug bounties directed at finding new vulnerabilities. When I got out of undergrad, I was a computer security officer. Brumley: Yeah, absolutely. Brumley: Yeah.

Marketing

Marketing Government IT Systems administration

DEVOPS CHAT PODCAST: $2M DARPA AWARD SPARKS BEHAVIOR TESTING WITH FORALLSECURE'S MAYHEM SOLUTION

ForAllSecure

AUGUST 16, 2019

Secure software depends on people finding vulnerabilities and deploying fixes before they are exploited in the wild. This has led to a world of security researchers and bug bounties directed at finding new vulnerabilities. When I got out of undergrad, I was a computer security officer. Brumley: Yeah, absolutely. Brumley: Yeah.

Marketing

Marketing Government IT Systems administration

CyberheistNews Vol 13 #19 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users

KnowBe4

MAY 9, 2023

New school security awareness training can help any organization sustain that line of defense and create a strong security culture. Blog post with links: [link] A Master Class on IT Security: Roger A. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more.

Phishing

Phishing Passwords Insurance Systems administration

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Security enthusiast and Linux evangelist Binni Shah consistently offers valuable tutorials, guides, and insights for the cybersecurity community. Binni Shah | @binitamshah.

Cybersecurity

Cybersecurity e-Discovery Passwords Information Security

Cyber Blackmail: More Than Just Ransomware

The Texas Record

MAY 7, 2018

We are happy to welcome guest writers from the Texas Department of Information Resources, Daniel Hankins, Shared Services Security Manager and Andy Bennett, Director Information Security Governance. For additional resources from the Texas Department of Information and Resources visit their Information Security page. [1]

Ransomware

Ransomware Encryption Government Systems administration

The Hacker Mind Podcast: Ethical Hacking

ForAllSecure

MAY 26, 2022

The US Justice Department says it will no longer prosecute good-faith security researchers, but what constitutes good-faith security research? It will no longer prosecute good-faith security research that would have otherwise violated the Computer Fraud and Abuse Act (CFAA). Is hacking a crime? Who is responsible?

IT

IT Security Marketing Privacy

CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears

KnowBe4

MARCH 14, 2023

CyberheistNews Vol 13 #11 | March 14th, 2023 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears Robert Lemos at DARKReading just reported on a worrying trend. In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2%

Phishing

Phishing Security Artificial Intelligence Security awareness

MY TAKE: Remote classes, mobile computing heighten need for a security culture in K-12 schools

The Last Watchdog

JUNE 22, 2020

Here’s what all parents and school officials need to spend the summer thinking about and planning for: Zoom-bombing lessons “Zoom-bombing” entered our lexicon soon after schools began their first attempts at using the suddenly indispensable video conferencing tool to conduct classes online.

Security

Security Passwords Privacy Access

On the Twitter Hack

Schneier on Security

JULY 20, 2020

Someone compromised the entire Twitter network, probably by stealing the log-in credentials of one of Twitter's system administrators. We need to start treating them that way, and that means both requiring them to do a better job on security and breaking them up. The security regulations for banks are complex and detailed.

Authentication

Authentication Communications Government Encryption

Information Management Today

Microsoft Patch Tuesday, June 2023 Edition

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Webinars

Trending Sources

Lousy IoT Security

Webinars

Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

Wireshark fixed three flaws that can crash it via malicious packet trace files

CyberheistNews Vol 13 #24 [The Mind's Bias] Pretexting Now Tops Phishing in Social Engineering Attacks

From iPhone to NT AUTHORITYSYSTEM – exploit ‘Printconfig’ dll with a real-world example

List of data breaches and cyber attacks in February 2020 – 623 million records breached

New Linux/DDosMan threat emerged from an evolution of the older Elknot

AIIM's Information Management Training - Cost, Options, and FAQs

Addressing Remote Desktop Attacks and Security

Facebook May Have Gotten Hacked, and Maybe It’s Better We Don’t Know

DevOps Chat Podcast: $2M DARPA Award Sparks Behavior Testing With ForAllSecure's Mayhem Solution

Updates from the MaaS: new threats delivered through NullMixer

DevOps Chat Podcast: $2M DARPA Award Sparks Behavior Testing With ForAllSecure's Mayhem Solution

DEVOPS CHAT PODCAST: $2M DARPA AWARD SPARKS BEHAVIOR TESTING WITH FORALLSECURE'S MAYHEM SOLUTION

CyberheistNews Vol 13 #19 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users

Top Cybersecurity Accounts to Follow on Twitter

Cyber Blackmail: More Than Just Ransomware

The Hacker Mind Podcast: Ethical Hacking

CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears

MY TAKE: Remote classes, mobile computing heighten need for a security culture in K-12 schools

On the Twitter Hack

Stay Connected