DarkSide is a ransomware threat that has been in operation since at least August 2020 and was used in a cyberattack against Georgia-based Colonial Pipeline, leading to a significant fuel supply disruption along the East Coast of the US. The malware is offered as Ransomware as A Service (RaaS) to different cybercriminals through an affiliate… Read More »When the Hacker is Hacked!
A new zero-day is under active exploitation in the wild targeting Android users. Though the bug has already received the fix, it is still a severe security issue for most of the Chinese phones with modified OS or phones will no OS / Security updates. This vulnerability, CVE-2020-11261, is a high-severity bug and has received… Read More »New Android Zero-Day Actively Exploited for Targeted Cyber Attacks
With the passing of the California Consumer Privacy Act (“CCPA”)[1], California has been center stage of data privacy compliance. However, this past month, Virginia now shares the stage. On March 2, 2021, Governor Ralph Northam signed into law the Virginia Consumer Data Protection Act (“VCDPA”).[2] The VCDPA is heavily influenced by both the CCPA and… Read More »Move over California, Virginia is Here
Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems. The first version was called Exchange Server 4.0, to position it as the successor to the related Microsoft Mail 3.5. Exchange initially used the X.400 directory service but switched to Active Directory later. Until… Read More »How to Check if you’re Vulnerable to Microsoft Exchange Server zero-days
While Amazon Alexa skills facilitate users in their day-to-day activities, this personal assistant can go malicious as well. Researchers have found that vicious skills can bypass the Amazon Alexa skill vetting process. Researchers from the Ruhr-Bochum University have found how malicious skills can flood Amazon Alexa. Alexa skills are like third-party apps that run on… Read More »Researchers Identified that Amazon Alexa Can Learn Malicious Skills
Cybersecurity Awareness Month has come and gone, but we would be remiss without addressing Incident Response. Before we do, let’s recap the ground we’ve covered in the first four of five installments on a robust Cybersecurity and Data Privacy Program. Conduct an Assessment. Taking stock of your Strengths, Weaknesses, Opportunities, and Threats from a holistic… Read More »Cybersecurity and Data Privacy – A journey, not a destination! Part 5, Incident Response.
With just one more week to go in Cybersecurity Awareness Month, let’s recap the ground we’ve covered in the first three of five installments before moving on to Phase 4, Compliance. Start your journey with a risk assessment. Taking stock of your Strengths, Weaknesses, Opportunities, and Threats from a holistic viewpoint of People, Process, and… Read More »Cybersecurity and Data Privacy – A journey, not a destination! Part 4, Compliance
It is the middle of Cybersecurity Awareness Month. Let’s recap the ground we’ve covered in the first two installments before moving on to Phase 3, Managing Cybersecurity Risk. Start your journey with a risk assessment. Taking stock of your Strengths, Weaknesses, Opportunities, and Threats from a holistic viewpoint of People, Process, and Technology using a… Read More »Cybersecurity and Data Privacy – A journey, not a destination! Part 3, Managing Cybersecurity Risk
In our second installment, we’ll cover the next phase in the lifecycle, Design. Keep in mind, depending upon your circumstance, you could enter the lifecycle at any stage. This installment title does not contain just a catchy subtitle but actual requirements under law in legislation like the European Union’s The General Data Protection Regulation (GDPR)… Read More »Cybersecurity and Data Privacy – A journey, not a destination! Part 2, Security & Privacy by Design
If dealing with COVID-19 and 100% remote workforce is not enough, businesses of all sizes and in all verticals are facing an exponentially more frequent and more sophisticated siege of cyberattacks. However, for those small to mid-market businesses (SMBs), there is likely worse news. Bad actors/hackers/hacktivists/cybercriminals are targeting them specifically since there is a well-known weakness. Most SMB organizations aren’t as well prepared to defend and respond. https://www.bizjournals.com/sanfrancisco/news/2020/09/28/hacks-of-fortune-500-business-may-make-the-headl.html Part of the reason… Read More »Cybersecurity and Data Privacy – A journey, not a destination! Part 1, Let’s Assess.
