Open port vulnerabilities are a serious concern, regardless of the platform involved. Devices now tend to always be connected to the Internet and someone (bag guys) is always listening.
Month: April 2017
The Pentagon’s Bug Bounty Program Should Be Expanded to Bases, DOD Official Says
Here is a warm and fuzzy article for everyone paying attention to the budget debate in Washington, DC. Apparently, IT security and systems upgrades have not been a focus for some time in the Department of Defense, or upgrades have been a focus and Congress has not found a mechanism to provide the funds. Let’s all hope for the latter.
In case the title is not clear, the article details the fact that up to 75% of core infrastructure systems at DoD are still running Windows XP or older operating systems. That is most certainly a cringe-worthy fact.
Google, Facebook Swindled in $100M Payment Scam
Yet another example that size does not matter – even the big boy tech companies are susceptible to phishing and cyber theft.
https://www.infosecurity-magazine.com/news/google-facebook-confess-corporate/
New OWASP Top 10 Reveals Critical Weakness in Application Defenses
Secure code development is critical. I am glad to see the OWASP list echoing this sentiment.
Trump’s promise on cybersecurity: what’s been happening?
This is an important process to monitor in Washington. I am concerned that Federal IT modernization continues to be pushed to the back burner. There are real issues with Federal IT infrastructure that must be addressed sooner rather than later.
https://nakedsecurity.sophos.com/2017/04/25/trumps-promise-on-cybersecurity-whats-been-happening/
Chipotle Reports Suspicious Actvity on POS System
Beware if you have eaten at a Chipotle restaurant recently. Check your card statements.
https://www.infosecurity-magazine.com/news/chipotle-suspicious-actvity-pos/
http://www.darkreading.com/endpoint/chipotle-serves-up-security-incident-warning/d/d-id/1328739
Microsoft App Aims to Delete the Password
I listened to an interesting Steve Gibson podcast on this same subject and tend to agree with Steve that this is a decent implementation of a stronger single factor authentication mechanism, but it is far from multi-factor authentication. This can certainly replace weak passwords with a slightly stronger authentication mechanism, but it most instances, real security will require a second, truly secret authentication factor.
http://www.darkreading.com/endpoint/microsoft-app-aims-to-delete-the-password/d/d-id/1328741
ETSU Marching Bucs Signing Day
I am incredibly proud of my son for this achievement. Thank you to Dr. Nolan and Dr. Moore for honoring these musicians with such a wonderful ceremony.
Sophos Weekly Recap
NIST Releases Update to Cybersecurity Framework
Beyond the government associated compliance requirements, the NIST cybersecurity framework is the foundation of or a key component of multiple private and third party compliance requirements. Take a moment to review the changes and consider how you will track those changes moving forward.
https://blog.knowbe4.com/nist-releases-update-to-cybersecurity-framework
Virtual Sweater Vest 