Cybersecurity Starts in the Boardroom
It has been a busy couple of days at the US Cybersecurity and Infrastructure Security Agency as they issue a range of security advisories: Drupal Releases Security Update | CISA Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server | CISA Cisco Releases Security Updates for Multiple Products | …
Continue reading “CISA issues security advisories across a range of popular products”
The US Cybersecurity and Infrastructure Security Agency has added three known exploits to its Known Exploited Vulnerabilities Catalog – this list should be seen as a “Must Patch Now” list. Two of the exploits are for Microsoft Exchange are being actively exploited: CISA Adds Three Known Exploited Vulnerabilities to Catalog …
Continue reading “CISA adds three vulnerabilities to the Known Exploited Vulnerabilities Catalog”
I wrote about the insider threat to organisations last week: And today there is a story with an insider threat twist. The president of a Japanese Sushi company, Kobi Tanabe, has been arrested and accused of accessing information from his previous employer, through contacts and sub-ordinates who still work there. …
Continue reading “The Insider Threat – it may be at the top of the company…”
NCSC Threat Report for 30 September 2022 – NCSC.GOV.UK
What happens when the relationship between you and a trusted employee breaks down either through ill will or just the fact that they are leaving and taking your client database with them? This is the insider threat. In the case of a “high-profile financial company in Hawaii”, a former employee who …
