CyberSecure Specialist

21 Oct

Cisco Releases Security Update for Cisco Identity Services Engine 

Attacks, Insights, Malware

Original release date: October 21, 2022 Cisco has released a security update to address vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.  CISA encourages users and administrators to review Cisco Advisory cisco-sa-ise-path-trav-Dz5dpzyM and apply the necessary updates. This product is provided subject to this Notification and this Privacy &…

Read More
21 Oct

FBI Warns of Iranian Cyber Firm’s Hack-and-Leak Operations

Information, News

The Federal Bureau of Investigation on Thursday issued an alert to warn that Iranian cyber group Emennet Pasargad is targeting organizations to steal their data and leak it online. Previously known as Eeleyanet Gostar and Net Peygard Samavat, Emennet Pasargad is an organization that often changes its name to avoid US sanctions, and which is known for providing cybersecurity services to government entities in Iran. In November 2020, the US warned that Iranian hackers exploited…

Read More
21 Oct

Data of 3 Million Advocate Aurora Health Patients Exposed via Malformed Pixel

Information, News

Non-profit healthcare provider Advocate Aurora Health is informing 3 million individuals that a malformed tracking pixel has inadvertently exposed protected health information (PHI) to Facebook or Google. Headquartered in Milwaukee, Wisconsin, and Downers Grove, Illinois, Advocate Aurora Health operates 26 hospitals and over 500 sites of care, and has more than 75,000 employees. In a data breach notification on its website, the healthcare system is informing patients that an incorrectly configured tracking pixel – placed…

Read More
21 Oct

It’s time to prioritize SaaS security

Data Breaches, Malware, Social Engineering

We’ve made a point of shoring up security for infrastructure-as-a-service clouds since they are so complex and have so many moving parts. Unfortunately, the many software-as-a-service systems in use for more than 20 years now have fallen down the cloud security priority list. Organizations are making a lot of assumptions about SaaS security. At their essence, SaaS systems are applications that run remotely, with data stored on back-end systems that the SaaS provider encrypts on…

Read More
21 Oct

IoT security strategy from enterprises using connected devices

Data Breaches, Malware, Social Engineering

Freeman Health System has around 8,000 connected medical devices in its 30 facilities in Missouri, Oklahoma, and Kansas. Many of these devices have the potential to turn deadly at any moment. “That’s the doomsday scenario that everyone is afraid of,” says Skip Rollins, the hospital chain’s CIO and CISO. Rollins would love to be able to scan the devices for vulnerabilities and install security software on them to ensure that they aren’t being hacked. But…

Read More
21 Oct

Security Recruiter Directory

Data Breaches, Malware, Social Engineering

Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop. The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others. If you’re a security recruiting firm, we want your information! Our goal is to provide the most complete…

Read More
20 Oct

S3 Ep105: WONTFIX! The MS Office cryptofail that “isn’t a security flaw” [Audio + Text]

Information

by Paul Ducklin WHAT DO YOU MEAN, “DOESN’T MEET THE BAR FOR SECURITY SERVICING”? Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your…

Read More
20 Oct

Women in Cryptology – USPS celebrates WW2 codebreakers

Information

by Paul Ducklin The US Postal Service just issued a commemorative stamp to remember the service of some 11,000 women cryptologists during World War 2. Like their Bletchley Park counterparts in the UK, these wartime heros didn’t finish the war with any sort of hero’s welcome back into civilian life. Indeed, they got no public recognition at all for the amazing physical and intellectual effort they put into decrypting and decoding enemy intelligence. Make no…

Read More
20 Oct

Zoom for Mac patches sneaky “spy-on-me” bug – update now!

Information

by Paul Ducklin Popular and ubiquitous (software isn’t always both of those things!) cloud meeting company Zoom recently announced an oops-that-wasn’t-supposed-to-happen bug in the Mac version of its software. The security bulletin is, forgivably, written in the typically staccato and jargon-soaked style of bug-hunters, but the meaning is fairly clear. The bug is denoted CVE-2022-28762, and is detailed in Zoom Bulletin ZB-22023: When camera mode rendering context is enabled as part of the Zoom App…

Read More
20 Oct

5 steps to protect your school from cyberattacks

Information

What can schools, which all too often make easy prey for cybercriminals, do to bolster their defenses and keep threats at bay? Schools are at the center of societal change, whether it is by educating and empowering students or by serving as a mirror of current social and economic realities. In order to fulfill their role, however, schools need resources and staff ready to answer these challenges. While the digital era was increasing in pace…

Read More