It's a busy time for security. The Cybersecurity & Infrastructure Security Agency has released a number of guidance documents on SolarWinds and ActiveDirectory/M365 compromises as well as the recent Microsoft Exchange vulnerabilities that are being actively exploited.
Blog Post (including Links):
https://grassrootsecurity.com/2021/03/10/cisa-guidance-on-solarwinds-ad-m365-and-exchange-remediations/
We've heard of a denial of service. But what is it? And what can we do?
Blog Entry (With References):
https://grassrootsecurity.com/2021/03/01/denial-of-service-what-is-it-and-what-to-do/
Protect your computer using a security-filtered Domain Name System (DNS) server configuration. Also hear about the Center for Internet Security (CIS) offering to protect US hospitals against malware through a similar method of DNS protection.
Blog Post (including references and site links):
https://grassrootsecurity.com/2021/02/22/protecting-you-through-security-filtered-domain-lookups/
No, I'm not talking about cyborgs here. We explore the cybersecurity workforce needs, certifications and the scholarships available especially for women. We need to improve the number of women who go into cybersecurity careers.
Blog Post (including References and Links):
https://grassrootsecurity.com/2021/02/15/we-need-more-cyber-women/
Every February 9 is Safer Internet Day. The slogan "Together for a better internet" looks toward promoting a safe and positive use of digital technology, especially among children and young people.
Reference:
https://www.saferinternetday.org
Blog Post:
https://grassrootsecurity.com/2021/02/10/safer-internet-day-on-february-9/
January 28 was Data Privacy Day and the 40th anniversary of Convention 108. Last January 11, we also got the update of the investigation on the Solarwinds Hack.
Blog Post (including references):
https://grassrootsecurity.com/2021/02/01/data-privacy-day-and-update-on-solarwinds-hack/
Data Privacy Logo courtesy of StaySafeOnline (https://staysafeonline.org/)
The European Data Protection Board (or EDPB) has released Guidelines 01/2021 on Examples regarding Data Breach Notification. It provides a number of examples across different areas from ransomware to data exfiltration.
References are linked in the blog post below:
https://grassrootsecurity.com/2021/01/25/edpb-releases-guidelines-data-breach-notification-examples/
Happy New Year! In this episode, we talk about misinformation and disinformation and how your memory may contribute to both misattribution and bias. We also talk about how to deal better with misinformation.
Blog Post (including references):
https://grassrootsecurity.com/2021/01/18/new-year-your-memory-and-misinformation/
Ransomware has hit one of the biggest shipping companies CMA CGM. Also, Ring will be updating their devices to support end-to-end encryption. And Egypt has enacted their data protection law. Brazil's version is also now in effect.
Published: September 30, 2020
Blog Post (Links to References):
With Facebook's high court challenge to the Irish Data Protection Commission's suggestion that Standard Contractual Clauses (or SCCs) may not be used, it begs the question what alternatives there are for the transfer of personal data to another country. Also, with the US Elections near, what type of attacks are we seeing especially with credential harvesting?
Published: September 14, 2020
Blog Post (Links to References):
The US Government released cybersecurity principles for space systems and the Autralian Government released guidelines on IoT devices.
Created: September 5, 2020
References:
Last week and the beginning of this week, New Zealand's stock exchange was hit by Distributed Denial of Service attacks which impacted its service.
Created: September 1, 2020
References:
Hear how an employee at Tesla and the FBI prevented a ransomware hack at the Gigafactory in Nevada.
Created: August 29, 2020
Reference:
Looking into the recent data incident with Experian Africa where a fraudster was successful in impersonating a legitimate customer.
Created: August 24, 2020
References:
Microsoft's recent security blog entry talked about the acceleration of a number of digital transformation brought about by the pandemic. We talk about two of these: Digital Empathy and Zero Trust.
Created: August 21, 2020
Reference:
Information on Invoice Redirection: What is it? Why does it occur? And what can you do about it?
Created: August 19, 2020
References:
Bank of Ireland has responded and made a U-turn on their policy. The latest version of TLS 1.3 is also now being blocked in China.
Created: August 14, 2020
References:
Attacks using fake text messages from banks like Bank of Ireland surfaced recently on LiveLine with Joe Duffy. I also provide some tips to protect yourself when you do receive these text messages.
Created: August 10, 2020
Reference:
Charges have been made to three individuals relating to the Twitter hack and also developing news on the Canon Ransomware. Tips are included in the discussion.
Created: August 8, 2020
References:
Recent update on the Garmin Ransomware and more privacy tips including Privacy Badger.
Created: July 31, 2020
References:
Stay up to date
For any inquiries, please email us at hello@podcastworld.io