A great post and a must read by Gavin Ashton. If you are tasked with Identity and Access Management, you at least have to read the Do the Basics section at the end of the article.
Maersk is the world’s largest integrated shipping and container logistics company. I was massively privileged (no pun intended) to be their Identity & Access Management (IAM) Subject Matter Expert (SME), and later IAM Service Owner. Along with tens (if not hundreds) of others, I played a role in the recovery and cybersecurity response to the events of the well-publicised notPetya malware attack in 2017. I left Maersk in March 2019, and as is customary I wrote the obligatory thank you and goodbye note. But there was always a lot more to add. A story to tell.
I have recommended EFF’s HTTPS Everywhere extension here before and if you found that interesting, I thought I’d share something from Bill Hess at Pixel Privacy that you might find useful.
Bill created a guide to encrypting all your internet traffic (https://pixelprivacy.com/resources/how-to-encrypt-your-traffic/) which provides more context about why you’d want to use a tool like HTTPS Everywhere (and in fact, he recommends the extension in the guide) as well as other methods of encryption.
Original release date: June 29, 2020
Multiple Netgear router models contain vulnerabilities that a remote attacker can exploit to take control of an affected device.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to update to the most recent firmware version and to replace end-of-life devices that are no longer supported with security patches. Given the increase in telework, CISA recommends that CISOs consider the risk that these vulnerabilities present to business networks.
See the following products for additional information.
- CERT Coordination Center’s Vulnerability Note VU#576779
- Netgear’s Security Advisory
- CISA’s Tip: Home Network Security
From frequent contributor Josh Wardini:
Cloud computing involves a company using several remote servers, which are hosted online, to process, manage, and store a range of data. Traditionally, this was achieved through a local server or PC. There are many advantages of cloud computing for businesses over storing files on a PC or local server, as we can see from the cloud computing statistics available out there. Read more…
At the risk of giving you a feeling of déjà vu all over again, it’s time to talk about Facebook hoaxes once more.
We expect high stakes negotiations to make or break things. From mergers and acquisitions, to acquiring top talent, to pretrial settlements that keep lawsuits from going to court. Now we must add another type of negotiation to the list of items organizations should be prepared for: negotiating with hackers who are demanding millions of dollars following a ransomware attack. And we’re about to see how recent negotiations went back and forth between hackers and an organization, including the posturing from both sides. You will see how it resulted in a seven-figure payout to hackers. It was the morning of June 1, 2020, when the IT team at the University of California-San Francisco noticed something was wrong… Read more
We have come to the realization that the distributed workforce due to the coronavirus will last well into 2021. With many organizations now planning their annual penetration tests, a change is needed in order to accommodate remote workers. While some organizations may continue to use previous pentest templates and procedures, remote workers change the attack surface and add a new wrinkle… Read more
In an exciting new development to the 10th Annual Minneapolis Cyber Security Summit, Wired Senior Writer Andy Greenberg will keynote our Tuesday General Session. Prepare to be captivated as he shares insights from his cautionary tale, Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers – a book that chronicles the elite Russian agents behind the most destructive cyberattack the world has ever seen.