Password managers are a good way to keep your passwords unique, strong and safe. Tom Merritt gives us five tips on how to use them correctly
Original release date: September 28, 2021
The National Security Agency (NSA) and CISA have released the cybersecurity information sheet Selecting and Hardening Standards-based Remote Access VPN Solutions to address the potential security risks associated with using Virtual Private Networks (VPNs). Remote-access VPN servers allow off-site users to tunnel into protected networks, making these entry points vulnerable to exploitation by malicious cyber actors.
Exploitation of these devices can enable:
- Credential harvesting
- Remote code execution on the VPN device
- Cryptographic weakening of encrypted traffic sessions
- Hijacking of encrypted traffic sessions
- Arbitrary reads of sensitive data (e.g., configurations, credentials, keys) from the device
The information sheet helps organizations select standards-based (rather than proprietary) VPN solutions and provides hardening guidance to prevent compromise and respond to attacks.
CISA encourages organizations to review and adopt recommendations in the information sheet to reduce risk.
For decades, a speculated wave of job-stealing technologies has stirred debate about the role of humans in the labor force alongside automation and AI adds a new wrinkle to the equation.
Gift card fraud may sound like small beer against ransomware – but it’s personal, it hurts, and it’s still a multi-million dollar problem.
Remember the Panama Papers? Get Ready for the Pandora Papers
The T-Mobile data breach in August 2021 was massive. Find out what data was stolen, what T-Mobile is doing to help customers affected by the breach, […]
The post T-Mobile Breach Exposed the Personal Data of 54 Million Customers appeared first on CHIPS.
Less than a third of the people surveyed by NordPass follow best practices when devising a password.
Unrelated to other recent problems Facebook has had, this particular batch of data was scraped from profiles, meaning it’s publicly available knowledge. That doesn’t stop it from being dangerous.
Original release date: October 6, 2021
The Apache Software Foundation has released Apache HTTP Server version 2.4.50 to address two vulnerabilities. An attacker could exploit these vulnerabilities to take control of an affected system. One vulnerability, CVE-2021-41773, has been exploited in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache HTTP Server 2.4.50 vulnerabilities page and apply the necessary update.
Original release date: October 5, 2021
CISA has released an Industrial Controls Systems (ICS) advisory detailing multiple vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review ICS advisory ICSA-21-278-04 Honeywell Experion and ACE Controllers as well as Experion Network and Security Planning Guide and Honeywell Support document SN2021-02-22-01 for more information and apply the necessary mitigations.