Endpoint Security Archives

NIST SP 800-121 Revision 2: Guide to Bluetooth Security

Endpoint Security, Network Security, Standards & Guidelines, Wi-Fi Security / Frank Crast / January 29, 2022 / bluetooth, NIST, SP 800-121, Wireless

The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-121 Revision 2: “Guide to Bluetooth Security.”

NIST SP 800-121 Revision 2: Guide to Bluetooth Security Read More »

NSA releases guidance on securing wireless devices in public settings

Cybersecurity Attacks, Endpoint Security, Guidelines, System Hardening, Vulnerabilities & Exploits, Wi-Fi Security / Frank Crast / August 2, 2021 / BlueBorne, Bluebugging, Bluejacking, Bluesnarfing, bluetooth, LLMNR, MFA, NFC, NIST, NSA, SP 800-121, Wi-Fi, Wireless

The National Security Agency (NSA) has released guidance on securing wireless devices in public settings for government national defense entities and the general public. The new 8-page guidance infosheet summarizes ways bad actors target wireless devices as well as good safeguards to protect against such cyberattacks. The NSA warns that although connecting to public Wi-Fi

NSA releases guidance on securing wireless devices in public settings Read More »

The top 3 endpoint threats used in 2020 cyberattacks

Cybersecurity Articles, Cybersecurity Attacks, Endpoint Security, Malware, System Hardening, Vulnerabilities & Exploits / Frank Crast / September 22, 2020 / ATT&CK, BlueKeep, Cisco, CobaltStrike, credentials, CVE-2019-0708, Divergent, Emotet, FASTCash, GALLIUM, HIDDEN COBRA, IOT, Metasploit, Mimikatz, MITRE, PowerSHell, Powersploit

Cybersecurity criminals are continuing to change threat tactics by leveraging more fileless malware and duel-use tools to attack organizations.

The top 3 endpoint threats used in 2020 cyberattacks Read More »

Apple security updates for iOS 13.3, macOS Catalina 10.15.2 and other products

Endpoint Security, Mobile Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / December 12, 2019 / Catalina 10.15.2, iCloud, iOS 13.3, iTunes, macOS, Safari, watchOS, Xcode

Apple has released security updates for iOS 13.3 and macOS Catalina 10.15.2, as well as other products to include Safari, watchOS, tvOS, iTunes, iCloud and Xcode.

Apple security updates for iOS 13.3, macOS Catalina 10.15.2 and other products Read More »

Attackers reverse Outlook vulnerability CVE-2017-11774 patch functionality

Endpoint Security, Vulnerabilities & Exploits / Frank Crast / December 4, 2019 / APT33, APT34, CVE-2017-11774, FireEye, Outlook

Researchers at FireEye have spotted an uptick in active exploits of CVE-2017-11774, an Outlook security feature bypass vulnerability. Attackers are also actively reversing Outlook vulnerability patch functionality. To help protect against such exploits, FireEye has provided Outlook hardening guidelines.

Attackers reverse Outlook vulnerability CVE-2017-11774 patch functionality Read More »

NIST SP 800-128: Security-Focused Configuration Management of Information Systems Guidelines

Configuration Management, Endpoint Security, Server Security, Standards & Guidelines, System Hardening / Frank Crast / October 10, 2019 / NIST, SecCM, SP 800-128

The National Institute of Standards and Technology (NIST) has issued new Security-Focused Configuration Management of Information Systems guidelines (SP 800-128).

NIST SP 800-128: Security-Focused Configuration Management of Information Systems Guidelines Read More »

RobbinHood ransomware holds Baltimore City’s data hostage

Cybersecurity Attacks, Endpoint Security, Malware / Frank Crast / May 10, 2019 / Baltimore, malware, Ransomware, RobinHood

Baltimore City computer network has been a victim of a ransomware attack that has taken data for hostage and knocked out city services.

RobbinHood ransomware holds Baltimore City’s data hostage Read More »

Former student uses “USB Killer” device to destroy university computers

Endpoint Security / Frank Crast / April 18, 2019 / USB, USB killer

A former student at the College of St. Rose, in New York used a weaponized USB stick dubbed “USB Killer” to destroy 59 university computers and seven monitors that had open USB slots.

Former student uses “USB Killer” device to destroy university computers Read More »

ASUS updates Live Update Software, response to APT

Cybersecurity Attacks, Endpoint Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / March 28, 2019 / APT, ASUS, Live Update

ASUS released a new security update in response to Advanced Persistent Threat (APT) actors that targeted certain international organizations. A new version of ASUS Live Update was made available.

ASUS updates Live Update Software, response to APT Read More »

Cold boot attack can expose encryption keys, data on laptops

Cryptography, Cybersecurity Attacks, Endpoint Security / Frank Crast / September 17, 2018 / Cold boot, Cyberattack, encryption, F-Secure, firmware, laptop, RAM

Security researchers at F-Secure have uncovered a decade-old attack that exploits firmware weaknesses in laptops to expose encryption keys and sensitive data.

Cold boot attack can expose encryption keys, data on laptops Read More »