This session at the RSA Conference has long been one of my favorite moments each year in the world of IT security. These luminaries in the world of cryptography and, as an extension, IT security always provide interesting and thought-provoking insights into the ebb and flow role of cryptography in our world today. Please enjoy this recap!
https://www.bankinfosecurity.com/10-highlights-cryptographers-panel-at-rsa-conference-2019-a-12387
Please be aware of this vulnerability and update your environments accordingly if you are utilizing this series of Cisco Routers.
https://www.zdnet.com/article/cisco-warns-over-critical-router-flaw/
The Patch Tuesday cycle has begun once again and the team at Fortinet has announced some of the conditions surrounding several of the Windows and Office related patches that have been released by Microsoft. Please review your environments and patch your systems accordingly.
As the mad dash to convert to Window 10 for businesses and corporations around the world continues, this Windows 7 patching issue comes at an inopportune time. Please be aware of this issue if you currently utilize Sophos in your Windows 7 environment.
There is nothing like learning your home edge router could be vulnerable to command line injection attacks. Please take note if you are a Verizon Fios customer. Confirm your firmware version if possible and reach out to Verizon for support as needed.
https://threatpost.com/verizon-quantum-gateway-command-injection-flaw-impacts-millions/143606/
A little virtual exercise for anyone reading this article this morning – raise your hand if, when you close your eyes and go to your happy place, you truly believe Apple Mac computers cannot get viruses or malware. Go ahead. Be honest. Search your heart for what is often a painful truth. I saw a few hesitant hands go up, at least for a second or two. It is ok. I get it.
I am a Mac user too, and though I would love to believe my Mac is safe and sound from all malware attacks and virus strains, the truth is Macs are targets too and viruses and malicious code is being developed and deployed everyday to infiltrate our Apple devices, collect data, and cause harm. Yes, Macs represent a smaller target pool in comparison to Windows workstations, but Macs are still a target. In many cases, Macs are specifically targeted because of the types of power users and executives who choose to use Apple products.
As this article from Eset demonstrates, the threats are real and precautions are warranted. Make sure you properly patch and configure your Mac workstations and laptops. Run a form of advanced malware protection. Be prepared.
https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/
Given the in-state free tuition program in Georgia and the sheer number of applicants Georgia Tech receives each year, this breach could be quite significant and wide reaching. This is yet another example of a large data repository with PII that many people never even consider when managing the safety of personal information.
https://www.tripwire.com/state-of-security/security-data-protection/georgia-tech-data-breach/
Please review your VMWare implementations and patch accordingly.
https://nakedsecurity.sophos.com/2019/04/02/vmware-patches-pwn2own-flaws/
Virtual Sweater Vest 