Spring Cleaning: Why Companies Must Spring Clean Out Their Social Media Accounts This Season

Every year around this time, we collectively decide to open the windows, brush off the dust, and kick the spring season off on a clean foot. But as you are checking off your cleaning to-dos, be sure to add your social media profiles to that list. It’s obvious that social media profiles hold sensitive personal data but letting that information and unknown followers pile up can put your company, customers and employees at risk.

Comment: UK Companies Lose 2.5 Months Per Year Dealing With Poor Password Management

It has been reported that businesses in the UK lose an average of two-and-a-half months per year in time spent dealing with poor password management, according to new research. As detailed in its report Password Practices 2019, OneLogin surveyed 600 global IT professionals to gauge how companies are protecting passwords in terms of tools, guidelines and practices. 

Streamlining the Know Your Customer procedure with blockchain

Last year, I wrote a post about the possible privacy implications of applying blockchain technology to such areas as education, health care, and human resource management. However, a blockchain-based solution to a problem plagued by the shortcomings of traditional approaches can help with dealing with personal data as well. I am talking about KYC (know your customer), and recent advances in using blockchain for KYC procedures.

SecBI Amplifies Its Threat Detection Solution With Automated Response.

SecBI, a disruptive player in cyber threat management, today announced the extension of its agent-less, threat detection solution with automated response. Now security operations centers (SOC) and managed security service providers (MSSPs) can benefit from a comprehensive solution including detection, investigation, and automated response that delivers significant boosts in effectiveness and productivity.

NETSCOUT Partners With UMASS To Protect University From Cyber Attacks.

NETSCOUT SYSTEMS, INC., (NASDAQ: NTCT), a leading provider of service assurance, security, and business analytics, announced today that it is partnering with the University of Massachusetts Lowell (UMass Lowell) to protect the university’s network from cyber attacks. NETSCOUT is donating NETSCOUT Arbor Edge Defense (AED) software and hardware to the university’s IT department. Using highly-scalable stateless packet processing technology, NETSCOUT AED acts as a network perimeter enforcement point, where it detects and blocks inbound cyber threats and outbound malicious communication in bulk, acting as the first and last line of perimeter defense for an organization.

Living On A Network That Must Not Die

The network is the backbone of almost every organisation today. When it is not available productivity falls, the business loses money and its reputation suffers. Typically, the network and its efficient operation is fundamental to the organisation’s success. And yet trends like remote working and virtualisation, while they help drive business flexibility and productivity, may also make the network more vulnerable.    

Building Modern Security Awareness with Experiences

Experiences and events, the way that I define them, are segments of time in which a learner is more actively engaging in an element of your program. At their best, “experiences” should be well, experiential, requiring active participation rather than passively watching or paging through a Computer Based Training module.

This Week in Security: Use Emacs, Crash a Windows Server, and a Cryptocurrency Heist

It looks like Al was right, we should all be using Emacs. On the 4th of June, [Armin Razmjou] announced a flaw in Vim that allowed a malicious text file to trigger arbitrary code execution. It’s not every day we come across a malicious text file, and the proof of concept makes use of a clever technique — escape sequences hide the actual payload. Printing the file with cat returns “Nothing here.” Cat has a “-v” flag, and that flag spills the secrets of our malicious text file. For simplicity, we’ll look at the PoC that doesn’t include the control characters. The vulnerability is Vim’s modeline function. This is the ability to include editor options in a text file. If a text file only works with 80 character columns, a modeline might set “textwidth=80”. Modeline already makes use of a sandbox to prevent the most obvious exploits, but [Armin] realized that the “:source!” command could run the contents of a file outside that sandbox. “:source! %” runs the contents of the current file — the malicious text file.

:!uname -a||" vi:fen:fdm=expr:fde=assert_fails("source\!\ \%"):fdl=0:fdt="

Hacker groups are attacking Exim servers.

Exim servers, estimated to run nearly 57% of the internet’s email servers, are now under a heavy barrage of attacks from hacker groups trying to exploit a recent security flaw in order to take over vulnerable servers, ZDNet has learned. At least two hacker groups have been identified carrying out attacks, one operating from a public internet server, and one using a server located on the dark web. Both groups are using an exploit for CVE-2019-10149, a security flaw that was publicly disclosed on June 5. The vulnerability, nicknamed “Return of the WIZard,” allows remotely-located attackers to send malicious emails to vulnerable Exim servers and run malicious code under the Exim process’ access level, which on most servers is root.

Cyber Security Commentary On The DDOS Attacks On Telegram During Hong Kong Protests

As part of our experts Comments Series,  Dr Guy Bunker, CTO at Clearswift Cyber Security commented below on the subject of the recent use of DDOS attacks on the messaging app Telegram, which the founder of Telegram states was a concerted state-sponsored attack intended to disrupt the Cantonese anti-extradition protests. Dr Bunker discusses the ways in which the attack may have been carried out, as well as how firms can protect themselves from such attacks.