10 Highlights: Cryptographers’ Panel at RSA Conference 2019

This session at the RSA Conference has long been one of my favorite moments each year in the world of IT security.  These luminaries in the world of cryptography and, as an extension, IT security always provide interesting and thought-provoking insights into the ebb and flow role of cryptography in our world today.  Please enjoy this recap!


Patch Your Microsoft Windows and Office: Fortinet Discovers Three Zero-Day Remote Code Execution Vulnerabilities

The Patch Tuesday cycle has begun once again and the team at Fortinet has announced some of the conditions surrounding several of the Windows and Office related patches that have been released by Microsoft.  Please review your environments and patch your systems accordingly.


OceanLotus: macOS malware update

A little virtual exercise for anyone reading this article this morning – raise your hand if, when you close your eyes and go to your happy place, you truly believe Apple Mac computers cannot get viruses or malware.  Go ahead.  Be honest.  Search your heart for what is often a painful truth.  I saw a few hesitant hands go up, at least for a second or two.  It is ok.  I get it.

I am a Mac user too, and though I would love to believe my Mac is safe and sound from all malware attacks and virus strains, the truth is Macs are targets too and viruses and malicious code is being developed and deployed everyday to infiltrate our Apple devices, collect data, and cause harm.  Yes, Macs represent a smaller target pool in comparison to Windows workstations, but Macs are still a target.  In many cases, Macs are specifically targeted because of the types of power users and executives who choose to use Apple products.

As this article from Eset demonstrates, the threats are real and precautions are warranted.  Make sure you properly patch and configure your Mac workstations and laptops.  Run a form of advanced malware protection.  Be prepared.


Georgia Tech Data Breach Potentially Exposed 1.3M Users’ Personal Data

Given the in-state free tuition program in Georgia and the sheer number of applicants Georgia Tech receives each year, this breach could be quite significant and wide reaching.  This is yet another example of a large data repository with PII that many people never even consider when managing the safety of personal information.