telework-time.app Cross Site Scripting vulnerability OBB-3291714

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

NETGEAR Releases Security Updates for RCE Vulnerability

NETGEAR has released security updates to address a remote code execution vulnerability—CVE-2021-40847—in multiple NETGEAR routers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review NETGEAR’s Security Adviso...

Sowing Discord: Reaping the benefits of collaboration app abuse

By Nick Biasini, Edmund Brumaghin, and Chris Neal with contributions from Paul Eubanks. As telework has become the norm throughout the COVID-19 pandemic, attackers are modifying their tactics to take advantage of the changes to employee workflows.Attackers are leveraging collaboration platforms,...

NSA Cybersecurity Directorate Releases 2020 Year in Review

The National Security Agency NSA Cybersecurity Directorate has released its 2020 Year in Review, outlining key milestones and mission outcomes achieved during NSA Cybersecurity’s first full year of existence. Highlights include NSA Cybersecurity’s contributions to the 2020 elections, Operation Wa...

Think-Tanks Under Attack by Foreign APTs, CISA Warns

The Cybersecurity and Infrastructure Security Agency CISA and the FBI have issued a warning on what they say are persistent, continued cyberattacks by advanced persistent threat APT actors targeting U.S. think-tanks. The attackers are looking to steal sensitive information, acquire user credentia...

Advanced Persistent Threat Actors Targeting U.S. Think Tanks

Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FB...

CISA Releases Telework Essentials Toolkit

The Cybersecurity and Infrastructure Security Agency CISA has released the Telework Essentials Toolkit, a comprehensive resource of telework best practices. The Toolkit provides three personalized modules for executive leaders, IT professionals, and teleworkers. Each module outlines distinctive...

Helping Remote Workers Overcome Remote Attacks

Cybercriminals are experts at making the most of whatever they’re given. The current pandemic is no different, and they have been quick to profit from their victims’ fears. Adaptability has always been the hallmark of malicious actors, and the proliferation of “remote-everything” attacks is a pri...

Microsoft Office 365 Security Recommendations

Summary As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 O365 and other cloud collaboration services. Due to the speed of these deployments, organizations may not be fully...

Enterprise VPN Security

Summary As organizations prepare for possible impacts of Coronavirus Disease 2019 COVID-19, many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network VPN solution to connect employees to an organization’s...

NCSA Small Business Webinar Series

Working from home? How do you keep your employees cyber-safe and cyber-secure? How do you protect your reputation, profit, and cash flow when you depend on your IT infrastructure as never before? The National Cyber Security Alliance is hosting a series of webinars for small business owners, and...

Suddenly Teleworking, Securely

So you suddenly have a lot of staff working remotely. Telework is not new and a good percentage of the workforce already does so. But the companies who have a distributed workforce had time to plan for it, and to plan for it securely. A Lot of New Teleworkers All At Once This event can't be treat...