Cisco Talos helps CISOs get back to basics with advisory series

At Cisco Talos, we try to build detections for every threat we see to provide customers with a portfolio capable of identifying and stopping threats at various stages of an attack's lifecycle. Deploying the best suite of layered security tools is an integral part of protecting an organization. Bu...

A Web-Driven World Needs Better Web Security

Web interfaces are everywhere. From social media sites to online shopping portals to your CRM, the humble web interface is now used to access much of the online world. So, it isn’t difficult to see why web applications are a prime target for cybercriminals. Because they’re used by customers and...

What is NYDFS?

NYDFS Cybersecurity Regulation, 23 NYCRR 500 On March 1, 2017, the New York State Department of Financial Services NYDFS introduced new cybersecurity regulations for financial services companies that address the growing threat posed by cyber-criminality to financial firms. They are intended to...

The vulnerability of the network web interface for controlling microprogrammed software in Cisco SPA100 Series IP phones allows a perpetrator to gain unauthorized access to read data.

The vulnerability of the network web interface for controlling Cisco SPA100 Series IP phones is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to read data...

Key Compliance Concepts for Financial Services

The Sarbanes-Oxley Act SOX was introduced following a number of financial scandals involving huge conglomerates and obliges companies to establish internal controls to prevent fraud and abuse, holding senior managers accountable for the accuracy of financial reporting. The financial crisis in 200...

Execs Could Face Jail Time For Privacy Violations

A new data privacy bill threatens large tech firms, like Facebook, with tough penalties – including monetary fines and up to 20 years of jail time for executives – if they violate user privacy policies. The “Mind Your Own Business Act,” proposed by Sen. Ron Wyden D-Ore. on Thursday, gives the...

Adopting a Risk-Based Approach to Cybersecurity in the Financial Services Industry

Today’s financial organizations face many different risks in volatile and uncertain business environments, but the ever-present threat of cyberattacks and data breaches is now impossible to ignore. For this reason, managing these cyber-risks now has to simply be considered one of the many costs o...

Why all organizations must better protect sensitive data

About two weeks ago, National Cybersecurity Awareness Month NCSAM kicked off with a new message stressing personal responsibility for users keeping themselves safe online: “Own IT. Secure IT. Protect IT.” NCSAM asked users to consider best practices for both securing their own devices and...

Podcast: Departing Employees Could Mean Departing Data

With so many malicious adversaries trying to penetrate companies’ networks, companies are forgetting to watch out for a dangerous threat from within their own ranks – insider threats. Threatpost talks to Tim Bandos, vice president of cybersecurity at Digital Guardian, about the top types of insid...

Dell EMC Avamar Server and EMC Integrated Data Protection Appliance Code Issue Vulnerability

The Dell EMC Integrated Data Protection Appliance and Dell EMC Avamar Server are both products of Dell Incorporated USA. Dell EMC Avamar Server is a fully virtualized backup and recovery software for servers. A code issue vulnerability exists in Dell EMC Avamar Server and EMC Integrated Data...

The MacOS Catalina Privacy and Security Features You Should Know

The latest macOS update is chock-full of ways to better safeguard your data...

Data in the dark: Data protection

Hyperconnectivity is on the rise and, as a result, corporations' capacity to protect their own and their customers' data becomes more and more limited. Connection takes place over a network, so, as connection increases, that network increases in size...

CVE-2019-3765

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could...

Most Americans Fail Cybersecurity Quiz

When it comes to two-factor authentication and secure web browsing, most Americans don’t know their HTTPS from their 2FA to save their digital bacon: A Pew Research Center study found most Americans don’t have a firm grasp of cybersecurity issues core to protecting their data. Click to enlarge. I...

Breaches are now commonplace, but Reason Cybersecurity lets users guard their privacy

There has been no shortage of massive security breaches so far this year. Just last July, Capital One disclosed that it was hit by a breach that affected more than 100 million customers. Also recently, researchers came across an unsecured cloud server that contained the names, phone numbers, and...

The vulnerability of Firefox browser, related to the lack of protection for service data, allows attackers to obtain confidential information.

The vulnerability of Firefox browsers is related to the lack of protection for service data. Exploiting this vulnerability can allow a remote attacker to obtain confidential information...

How to avoid getting caught in a “Groundhog Day” loop of security issues

It’s Cyber Security Awareness Month and it made me think about one of my favorite movies, called Groundhog Day. Have you ever seen it? Bill Murray is the cynical weatherman, Phil Connors, who gets stuck in an endless loop where he repeats the same day over and over again until he “participates in...

Multiple Dell EMC Products CVE-2019-3765 Remote Security Bypass Vulnerability

Description Multiple Dell EMC products are prone to a remote security-bypass vulnerability. An attacker can exploit this issue to obtain sensitive information, bypass security restrictions and perform unauthorized actions. This may aid in further attacks. The following products are vulnerable: De...

The vulnerability in the implementation of ISDN functions in the Cisco IOS XE operating system for Cisco 4000 Series Integrated Services Routers allows a attacker to transmit IPv4 traffic through an unauthenticated ISDN connection for several seconds, from the initial setup of the ISDN connection until a failure in authentication of the PPP connection occurs.

The vulnerability of the Cisco IOS XE operating system’s ISDN function implementation for Cisco 4000 Series Integrated Services Routers is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to transmit IPv4 traffic through an unauthenticated...

Dell EMC Integrated Data Protection Appliance Cross-Site Scripting Vulnerability

Dell EMC Integrated Data Protection Appliance is a disk-based backup and recovery solution from Dell USA. A cross-site scripting vulnerability exists in the Dell EMC Integrated Data Protection Appliance. An attacker could exploit this vulnerability to execute client-side code...