Cybersecurity Starts in the Boardroom
Before I start this post – remember you should have Windows updates set to automatic (we do make exceptions for some Windows servers) and you should be able to monitor the update status on all your organisation’s computers. You cannot check whether everyone has updated? Then do something about it …
This is a classic supply chain attack. UK based FishPig, seller of Magento WordPress integrations, ecommerce software has discovered that its distribution server had been compromised, which allowed threat actors backdoor access to the customer’s systems. The ecommerce software is believed to be used by more than 200,000 websites. Breach …
This is what a recently fired, Twitter employee is claiming. It could be sour grapes, but Peiter Zatko, the former head of security at Twitter is making these claims in sworn testimony. Twitter whistleblower tells Senate of ‘egregious’ security failings by company | Twitter | The Guardian With the number …
Continue reading “Is Twitter a decade behind in its security practices?”
CISA has issued security advisories for a range of vendors: Adobe Releases Security Updates for Multiple Products | CISA Apple Releases Security Updates for Multiple Products | CISA Microsoft Releases September 2022 Security Updates | CISA The US Cybersecurity and Infrastructure Security Agency also issues advisories on Industrial Control Systems …
Continue reading “CISA security advisories for Adobe, Microsoft and Apple”
Intermittent encryption is a recently detected method of obscuring malware from anti-virus software and other detection methods. It is not encryption of whole files, byte encryption of bytes within the malware. Research by SentinelOne has shown this evasion technique is being deployed by ransomware gangs in the wild: Crimeware Trends …
