1238 matches found
A week in security (July 9 – July 15)
Last week, we talked about domestic abuse fuelled by IoT, doing threat intel programs right, blocking ICO fraud, and man-in-the-middle attacks. We also explained why we block shady ad blockers and provided tips to online shoppers for Prime Day. Other news: Reports revealed that low-end Android...
Now that you have a plan, it’s time to start deploying
This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series, youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out our last blog First...
Make Application Access IT-Friendly
More and more companies are looking at alternatives to VPNs due to the security risks associated with network level access. And increasingly, the goal is to eliminate network trust through a zero trust architecture - which is one of the primary reasons many of these organizations are deploying...
How to Make Your Demo Environment Easy, Accessible...AND Secure
A common misconception I've heard in the field is that a tradeoff exists between easy access for applications and network security. For example, companies want to allow their sales team, partners, and prospects access into demo environments. With traditional access solutions, there is a question ...
First things first: Envisioning your security deployment
This blog post is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 Security solutions. In this series youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out our last blog...
Creating and Managing Strong Passwords
NCCIC/US-CERT reminds users of the importance of creating and managing strong passwords. Passwords are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or "crack" passwords. However, choosing strong passwords and keeping...
The digital entropy of death: what happens to your online accounts when you die
Unless you're planning on having your mind jammed inside some sort of computer chip, eventually mortality will catch up and you're going to have to work out what you'll do with all of your online accounts. When it's time to shuffle off this mortal coil, you might, theoretically, be slightly annoy...
Abine Blur Information Disclosure Vulnerability
Abine Blur is a private account management application from Abine USA.Password Manager Extension is one of the password management plug-ins. A security vulnerability exists in Password Manager Extension in Abine Blur version 7.8.2428 prior to 7.8.242. A remote attacker can exploit this...
CVE-2018-7213
The Password Manager Extension in Abine Blur 7.8.242 before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured...
Code injection
The Password Manager Extension in Abine Blur 7.8.242 before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured...
CVE-2018-7213
The Password Manager Extension in Abine Blur 7.8.242 before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured...
CVE-2018-7213
The CVE concerns Abine Blur’s Password Manager Extension. Affected: Blur 7.8.242* pre-release 7.8.2428. Root cause: an unsecured right-click context menu allows bypass of Multi-Factor Authentication and macOS disk encryption protection, enabling exfiltration of secured data. Documents do not spec...
CVE-2018-7213
The Password Manager Extension in Abine Blur 7.8.242 before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured...
Financial Cyber Threat Sharing Group Phished
The Financial Services Information Sharing and Analysis Center FS-ISAC, an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing...
Akamaizing Your Dev & QA Environments
Over the last few months, I've been talking to many development and test teams who deliver their sites and applications through the Akamai Intelligent Platform. One common challenge they face is how to test their Akamai delivery configurations on the Internet against their private development and...
When Phishing Starts from the Inside
A growing concern of security professionals is internal phishing attacks - phishing emails sent from one trusted user to another of the same organization. Internal phishing emails are used in multi-stage attacks in which an email account is owned either by controlling the users device with...
Back to school cybersecurity tips for parents and kids
The time to start the new school term is just around the corner. And for parents, the excitement and anxiety may be palpable, especially if it's their kid's first time attending a new school. Ads for back-to-school gear start as early as July, increasing in frequency and urgency until the kiddos...
How Do SMEs Fight Off Cyberattacks?
I'd like to address some of the concerns that small and medium sized enterprises SMEs may have around cybersecurity, especially in the wake of the WannaCry ransomware attack and a continuous news flow around successful attacks on high profile companies. Does the fact that well-known brands are...
Zeus - AWS EC2 / S3 Auditing & Hardening Tool
Zeus is a powerful tool for AWS EC2 / S3 best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access Management Avoid the use of the "roo...
FBI Releases Article on Protecting Business Email Systems
The Federal Bureau of Investigation FBI has released an article on Building a Digital Defense with an Email Fortress. FBI warns that scammers commonly target business email accounts with phishing and social engineering schemes. Strategies for preventing email compromises include avoiding the use ...