A ‘Cloudy’ Future for OSSEC

As more organizations move to the public cloud and to DevOps and DevSecOps processes, the open source alternative for host-based intrusion detection is finding new uses. Used by more than 10,000 organizations around the world, OSSEC has provided an open source alternative for host-based intrusion detection for more than 10 years. From Fortune 10 enterprises… Continue reading A ‘Cloudy’ Future for OSSEC

Your Guide for Creating a Weather Preparedness Plan for Your Campus

At least 21 individuals died during the 2019 Polar Vortex—including two university students. The University of Vermont and the University of Iowa both experienced deaths suspected to be due to exposure to sub-zero temperatures. These universities are no strangers to severe winter weather, but these extreme weather conditions are becoming more common, and campuses must… Continue reading Your Guide for Creating a Weather Preparedness Plan for Your Campus

5 Steps to Ensuring Employee Safety During an Emergency

Weather phenomenon isn’t the only concern when considering an emergency plan. OSHA defines workplace emergencies as “an unforeseen situation that threatens your employees, customers, or the public; disrupts or shuts down your operations; or causes physical or environmental damage” which can include: Floods Hurricanes Tornadoes Fires Toxic gas releases Chemical spills Radiological accidents Explosions Civil disturbances… Continue reading 5 Steps to Ensuring Employee Safety During an Emergency

The right to be forgotten versus the need to backup

The right to be forgotten is a fundamental aspect of both the GDPR and CCPA privacy laws; but its impact on personal information in data backups has yet to be tested. Bill Tolson explains the issue and provides some practical advice. A great deal has been written about the GDPR and CCPA privacy laws, both of which… Continue reading The right to be forgotten versus the need to backup

Cambria County, Pa., Preparing for 911 Radio System Overhaul

(TNS) – Cambria County officials are making efforts to ensure that first responders can communicate effectively and consistently with each other when it matters most – during emergency calls. An overhaul of the county’s 911 radio system got rolling last March, when the Cambria County commissioners approved a contract with Mission Critical Partners – tasked… Continue reading Cambria County, Pa., Preparing for 911 Radio System Overhaul

Tax Returns Exposed in TurboTax Credential Stuffing Attacks

Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack. A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and gain access to… Continue reading Tax Returns Exposed in TurboTax Credential Stuffing Attacks

Lessons From the War on Malicious Mobile Apps

Despite the openness of the Android platform, Google has managed to keep its Play store mainly free of malware and malicious apps. Outside of the marketplace is a different matter. In 2018, Google saw more attacks on users’ privacy, continued to fight against dishonest developers, and focused on detecting the more sophisticated tactics of mobile… Continue reading Lessons From the War on Malicious Mobile Apps

Researchers Propose New Approach to Address Online Password-Guessing Attacks

Recommended best practices not effective against certain types of attacks, they say. Automated online password-guessing attacks, where adversaries try numerous combinations of usernames and passwords to try and break into accounts, have emerged as a major threat to Web service providers in recent years. Next week, two security researchers will present a paper at the… Continue reading Researchers Propose New Approach to Address Online Password-Guessing Attacks

Compliance And The Blacklist/Whitelist Fallacy

Safe Web Use Practices for Investment Firms Regulating web use for employees via compliance handbook and URL filters for blacklisted (bad) and whitelisted (good) online resources has failed to improve compliance. Authenic8’s John Klassen discusses how firms are increasingly turning to a centrally managed and monitored cloud browser to regain control, unobtrusively maximize visibility into… Continue reading Compliance And The Blacklist/Whitelist Fallacy