A ‘Cloudy’ Future for OSSEC
As more organizations move to the public cloud and to DevOps and DevSecOps processes, the open source alternative for host-based intrusion detection is finding new uses. Used by more than 10,000 organizations around the world, OSSEC has provided an open source alternative for host-based intrusion detection for more than 10 years. From Fortune 10 enterprises… Continue reading A ‘Cloudy’ Future for OSSEC
Your Guide for Creating a Weather Preparedness Plan for Your Campus
At least 21 individuals died during the 2019 Polar Vortex—including two university students. The University of Vermont and the University of Iowa both experienced deaths suspected to be due to exposure to sub-zero temperatures. These universities are no strangers to severe winter weather, but these extreme weather conditions are becoming more common, and campuses must… Continue reading Your Guide for Creating a Weather Preparedness Plan for Your Campus
5 Steps to Ensuring Employee Safety During an Emergency
Weather phenomenon isn’t the only concern when considering an emergency plan. OSHA defines workplace emergencies as “an unforeseen situation that threatens your employees, customers, or the public; disrupts or shuts down your operations; or causes physical or environmental damage” which can include: Floods Hurricanes Tornadoes Fires Toxic gas releases Chemical spills Radiological accidents Explosions Civil disturbances… Continue reading 5 Steps to Ensuring Employee Safety During an Emergency
The right to be forgotten versus the need to backup
The right to be forgotten is a fundamental aspect of both the GDPR and CCPA privacy laws; but its impact on personal information in data backups has yet to be tested. Bill Tolson explains the issue and provides some practical advice. A great deal has been written about the GDPR and CCPA privacy laws, both of which… Continue reading The right to be forgotten versus the need to backup
Cambria County, Pa., Preparing for 911 Radio System Overhaul
(TNS) – Cambria County officials are making efforts to ensure that first responders can communicate effectively and consistently with each other when it matters most – during emergency calls. An overhaul of the county’s 911 radio system got rolling last March, when the Cambria County commissioners approved a contract with Mission Critical Partners – tasked… Continue reading Cambria County, Pa., Preparing for 911 Radio System Overhaul
Tax Returns Exposed in TurboTax Credential Stuffing Attacks
Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack. A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and gain access to… Continue reading Tax Returns Exposed in TurboTax Credential Stuffing Attacks
Lessons From the War on Malicious Mobile Apps
Despite the openness of the Android platform, Google has managed to keep its Play store mainly free of malware and malicious apps. Outside of the marketplace is a different matter. In 2018, Google saw more attacks on users’ privacy, continued to fight against dishonest developers, and focused on detecting the more sophisticated tactics of mobile… Continue reading Lessons From the War on Malicious Mobile Apps
Business Continuity, R.I.P.?
The reports of the death of the field of business continuity have been greatly overstated. But those of us who work in it do have to raise our performance in a few critical areas. Related on BCMMETRICS: 1 Program, 6 Plans: The Half Dozen Plans Every BCM Program Should Have For some time, reports predicting the… Continue reading Business Continuity, R.I.P.?
Researchers Propose New Approach to Address Online Password-Guessing Attacks
Recommended best practices not effective against certain types of attacks, they say. Automated online password-guessing attacks, where adversaries try numerous combinations of usernames and passwords to try and break into accounts, have emerged as a major threat to Web service providers in recent years. Next week, two security researchers will present a paper at the… Continue reading Researchers Propose New Approach to Address Online Password-Guessing Attacks
Compliance And The Blacklist/Whitelist Fallacy
Safe Web Use Practices for Investment Firms Regulating web use for employees via compliance handbook and URL filters for blacklisted (bad) and whitelisted (good) online resources has failed to improve compliance. Authenic8’s John Klassen discusses how firms are increasingly turning to a centrally managed and monitored cloud browser to regain control, unobtrusively maximize visibility into… Continue reading Compliance And The Blacklist/Whitelist Fallacy