Cybersecurity Articles Archives - Page 3 of 5

The 2020 CWE Top 25 Most Dangerous Software Weaknesses

Application Security, Cybersecurity Articles, Vulnerabilities & Exploits / By Frank Crast / August 22, 2020 / CVSS, CWE, CWE Top 25, HSSEDI, OWASP, Software, Software Engineering

The Homeland Security Systems Engineering and Development Institute (HSSEDI), has released the 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list.

Security experts see sharp increase in the Emotet botnet activity

Cybersecurity Articles, Malware / By Frank Crast / August 7, 2020 / botnet, Check Point, Emotet, malware, Trickbot

Security experts from Check Point Research have observed a sharp increase in Emotet botnet activity used to spread spam campaigns and steal banking credentials.

FTC releases new video to help keep your small business safe from fraud

Cybersecurity Articles, Cybersecurity Attacks, Data Breach, Data Privacy, Regulations & Laws, Security Monitoring, Small Business Security, Third-Party Security / By Frank Crast / July 14, 2020 / Data Breach, FTC, Privacy, Small Business, SMB

The Federal Trade Commission (FTC) has released a new video to help keep your small business safe from fraud. This is another video in a series of videos from the FTC Protecting Small Businesses playlist.

Patch these 10 most commonly exploited vulnerabilities

Cybersecurity Articles, Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 20, 2020 / Apache, Citrix, CVE-2012-0158, CVE-2015-1641, CVE-2017-0143, CVE-2017-0199, CVE-2017-11882, CVE-2017-5638, CVE-2017-8759, CVE-2018-4878, CVE-2018-7600, CVE-2019-0604, CVE-2019-11510, CVE-2019-19781, Drupalgeddon2, Flash, Gafgyt, JexBoss, Kitty, LinkedIn, LokiBot, Mirai, Pulse Secure, ROKRAT, SMBGhost, Struts, Zyklon

U.S. government cybersecurity experts are providing guidance on the “top 10” most commonly exploited vulnerabilites. The alert helps highlight the importance of patching and prioritizing vulnerabilities with known exploits.

Microsoft releases Zero Trust guidance for Azure AD

Cloud Security, Cybersecurity Articles, Identity & Access Management / By Frank Crast / May 3, 2020 / Active Directory, Azure, Zero Trust

Microsoft has released new Zero Trust guidance for Azure Active Directory (Azure AD). The guidance is part of a broader “Zero Trust Security Strategy” to help organizations provide more secure access to corporate resources.

5 Good Cybersecurity Lessons Learned From FTC Law Enforcement Actions

Cybercrime, Cybersecurity Articles, Regulations & Laws, Standards & Guidelines / By Frank Crast / April 5, 2020 / CVE-2017-5638, Cybercrime, Cybersecurity, Framework, FTC, law

Several years ago, the Federal Trade Commission (FTC) released a good video that is still highly relevent today. The video explains how companies can leverage NIST’s Cybersecurity Framework to greatly improve security in their organization. In this article, we highlight the five key tenants from the framework and how they could have possibly prevented FTC action and penalties.

Guidelines for securing Content Management Systems

Application Security, Configuration Management, Cybersecurity Articles, Identity & Access Management, Vulnerabilities & Exploits / By Frank Crast / March 5, 2020 / ACSC, AWS, CMS, Drupal, Joomla, Web application, WooCommerce, WordPress

The Australian Cyber Security Centre (ACSC) has released new guidelines to assist organizations in securing Content Management Systems (CMS). The guidelines include good mitigation advice in areas of patching, account management, hardening and monitoring to name a few.