[Bob’s comment: If you have taken a CISSP or other cybersecurity class from me, you already know that the CIS 20 Controls are my favorite cybersecurity framework. Here is a new set of tools for doing a risk assessment based on the 20 Controls.]
Over the past year, the Center for Internet Security (CIS) and Foresight Resilience Strategies (4RS) – a consulting group known for building tools that quantify information risk in financial terms – have worked together to solve this issue.
This collaboration has resulted in the CIS Controls Self Assessment Tool (CIS CSAT) Ransomware Business Impact Analysis tool. The tool helps organizations of all sizes conduct a rapid and inexpensive cyber risk self-assessment and present those findings in language that speaks to business executives.
4RS integrated the CIS Critical Security Controls (CIS Controls) v7.1 Implementation Group 1 (IG1) Safeguards, which are defined as essential cyber hygiene, into its risk models and simulations. They also integrated the CIS Community Defense Model (CDM) into the tool. The CDM found that IG1 provides mitigation against the top four attack patterns listed in the 2019 Verizon Data Breach Investigations Report (DBIR), including ransomware. More…
He said they should work “a minimum of 40 hours” at the office or find another place to work. [ Bob says: We are keeping an eye open on this story and others (Apple) like it. I get the part where Tesla factory workers have to go to the factory to work, so Elon thinks the same rules should apply to office workers, but this is a false syllogism. Life ain’t fair.]
The latest move will enable MFA as the default security setting even for older Azure accounts.
Original release date: June 2, 2022
CISA has updated Cybersecurity Advisory AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control, originally released May 18, 2022. The advisory has been updated to include additional indicators of compromise and detection signatures, as well as tactics, techniques, and procedures reported by trusted third parties.
CISA encourages organizations to review the latest update to AA22-138B and update impacted VMware products to the latest version or remove impacted versions from organizational networks.
Original release date: June 2, 2022
CISA has released an Industrial Controls Systems Advisory (ICSA) detailing multiple vulnerabilities in Illumina Local Run Manager. Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level. These vulnerabilities could impact settings, configurations, software, or data on the affected product and interact through the affected product with the connected network.
CISA encourages users and technicians to review ICS Advisory ICSA-22-153-02: Illumina Local Run Manager for technical details and mitigations and the Food and Drug Administration advisory statement for additional information.
The first and easiest way hackers gain access to a company’s sensitive information is through their employees. That’s why the best way to ensure your company doesn’t become a hacking or ransomware statistic is to train your employees on how to spot and prevent intruders from gaining access to their information. While some companies find it difficult to get employee buy-in for new security procedures, doing so is critical to the safety of their internal networks. Let’s dig deeper into how you can ensure your workforce is ready. More…
Looks like I will be in a new six-part @netflix documentary series, “Web of Make Believe: Death, Lies and the Internet.” I’m told the interview I sat for in 2019 is in the first episode, which is about swatting attacks. Season 1 airs June 15. netflix.com/title/81122462
A new report from ISACA finds that 53% of respondents believe supply chain issues will stay the same or worsen over the next six months.
From Avast – includes TTPs and IOCs
Users who download cracked software risk sensitive personal data being stolen by hackers.
Are you interested in downloading free, cracked software? If so, you should know what you’re getting into.
When you accidentally download malicious cracked software, attackers can take everything you have on your PC, and you’ll end up without your sensitive personal data and even without the software that you were trying to download in the first place. This is precisely how the newly emerged FakeCrack campaign is doing its business, enticing users into downloading fake cracked software.