TLS Certificate Lifetimes Will Officially Reduce to 47 Days If you are responsible for a website, this applies to you. TLS certificates, the tech behind making HTTPS:// work on your website, has been changing over the years. A website owner used to be able to buy a certificate and it would be valid for 10 years. But […]
Continue reading → [DISPLAY_ACURAX_ICONS]We have seen multiple attacks in the last few years on municipal water supplies. The good news is that none of them killed anyone. Mostly, that was just because we were lucky. A bug in a TLS certificate (used to implement HTTPS) allowed researchers to view the water system control panel in hundreds of public […]
Continue reading → [DISPLAY_ACURAX_ICONS]Fake Social Security Emails Trick Users into Installing Remote Access SW Cybersecurity experts have uncovered ongoing schemes where criminals are exploiting the US Social Security Administration (SSA) to trick people into installing a dangerous Remote Access Trojan (RAT). This program gives the attackers complete remote control, allowing them to steal personal information and install more […]
Continue reading → [DISPLAY_ACURAX_ICONS]CISA issued guidance this week to reduce cyber risk. The guidance is very simple: DOES THIS HAVE TO BE OPEN TO THE INTERNET? Of course, you have to know where all of your assets are. This includes by IT and OT (Internet of Things and Industrial Internet of Things) devices. Here are CISA’s yardsticks to […]
Continue reading → [DISPLAY_ACURAX_ICONS]You may disregard my opinion about this but what about the opinion of a Retired US Army Lt. General and a very smart CSIO who used to be an Air Force Intelligence Officer? Retired Lt. Gen H.R. McMaster, who served as the US National Security Advisor during 2017 and 2018 and who had roles in […]
Continue reading → [DISPLAY_ACURAX_ICONS]CISA is warning businesses that SaaS providers are under attack as a way to steal their customers’ credentials. If you think about this, it makes sense. This came after Commvault, a cloud-based backup solution, was compromised using a zero-day. What is interesting is how they planned to exploit the vulnerability. Commvault claims that no customer data in […]
Continue reading → [DISPLAY_ACURAX_ICONS]