Maybe this is the NEW AND IMPROVED NSA. From the NSA document: This document divides cloud vulnerabilities into four classes (misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities) that encompass the vast majority of known vulnerabilities. Cloud customers have a critical role in mitigating misconfiguration and poor access control, but can also […]
Continue reading → [DISPLAY_ACURAX_ICONS]Warning: Sorry, this post is way more technical than most of my posts. If you are an executive reading this, you may want to show this to your security or IT folks and ask “how are we handling this?”. They should be able to explain that to you in English. Incident response is all about […]
Continue reading → [DISPLAY_ACURAX_ICONS]A SIM is the (usually) hardware card that gives your phone its “personality”. The SIM is tied to the carrier and contains all the information that the phone needs to talk to your carrier. As users SLOOOOWLY migrate to using text messages as an extra layer of authentication for logging in to a variety of […]
Continue reading → [DISPLAY_ACURAX_ICONS]DoD continues to take actions that lead us to believe that they are very serious about the Cybersecurity Maturity Model Certification process. This process will require that all DoD contractors ultimately get a third party cybersecurity certification on an annual basis if they want to continue to be part of the DoD food chain. When […]
Continue reading → [DISPLAY_ACURAX_ICONS]Albany Int’l Airport Hit By Ransomware via MSP In what is becoming an all too common story, the Managed Service Provider that supported Albany, NY’s airport, Logical Net of Schenectady, NY, was hacked and from there, the hackers were able to connect to the airports administrative network and infect it with REvil ransomware, the same […]
Continue reading → [DISPLAY_ACURAX_ICONS]If you have tried to hire any cybersecurity talent recently, you know that experienced folks are hard to find, hard to keep and expensive. That is why we offer the virtual Chief Information Security Officer program. But if you are the federal government and you have hundreds of agencies and millions of employees – not […]
Continue reading → [DISPLAY_ACURAX_ICONS]