The Cyber Security Sentinel

The purpose of this blog is to help small-medium businesses (SMB's) deal effectively with their unique cyber security needs. With over 15 years experience in IT and cyber security I will show SMB's how they can leverage their limited resources to develop effective cyber defenses to the most common threats using information security best practices and no/low cost tools.

LinkedIn: http://www.linkedin.com/in/ecissorsky/

Twitter: @ecissorsky

Thursday, May 11, 2017

Businesses Not Properly Securing Microsoft Active Directory

From Dark Reading: Businesses Not Properly Securing Microsoft Active Directory " Businesses overlook key security aspects of AD, le...

10 Free or Low-Cost Security Tools

From Dark Reading: 10 Free or Low-Cost Security Tools " Security spending is on the rise, but allocating funds remains a challenge....

US-CERT Alert: FTC Announces Resource for Small Business Owners

From US-CERT: FTC Announces Resource for Small Business Owners " The Federal Trade Commission (FTC) has released an announcement a...

US-CERT Alert: Microsoft Releases May 2017 Security Updates

From US-CERT: Microsoft Releases May 2017 Security Updates " Microsoft has released updates to address vulnerabilities in Microsoft...

US-CERT Alert: Cisco Releases Security Update

From US-CERT: Cisco Releases Security Update " Cisco has released a security update to address a vulnerability in its WebEx Meeting...

Lawyers demand answers after artist forced to unlock his phone

From Sophos Naked Security: Lawyers demand answers after artist forced to unlock his phone " In February, artist Aaron Gach flew ho...

The Google Play apps that say they don’t collect your data – and then do

From Sophos Naked Security: The Google Play apps that say they don’t collect your data – and then do " Adware is typically viewed a...

How to hack a Jeep Cherokee – but don’t try this at home, kids

From Sophos Naked Security: How to hack a Jeep Cherokee – but don’t try this at home, kids " Charlie Miller and Chris Valasek origi...

Unhappy 39th birthday, spam, and many unhappy returns

From Sophos Naked Security: Unhappy 39th birthday, spam, and many unhappy returns " In October 2011, email turned 40. Last week it ...

One more way to get busted on the Dark Web

From Sophos Naked Security: One more way to get busted on the Dark Web " Tor users suspected of child abuse imagery may have visite...

Tuesday, May 9, 2017

3 Reasons Why TheDarkOverlord Loves Vendor Data Breaches

From PivotPoint Security: 3 Reasons Why TheDarkOverlord Loves Vendor Data Breaches " As hacker monikers go, TheDarkOverlord (TDO) p...

MSFTSecurity Virtual Security Summit

Microsoft Security Virtual Security Summit Date: Wednesday, May 10 th Time: 8:00am-10:15am PT / 11:00am-1:15pm ET It seems nearl...

Silverpush Quits Creeping World Out, Ceases Tracking TV Habits Via Inaudible 'Beacons'

A follow up to two (2) previous posts. From Forbes: Silverpush Quits Creeping World Out, Ceases Tracking TV Habits Via Inaudible 'Bea...

Are you encrypting your documents? Here’s what happens when you don’t

From Sophos Naked Security: Are you encrypting your documents? Here’s what happens when you don’t " In June 2015, someone connected...

Dating site users spammed with smut after ‘third-party’ data leak

From Sophos Naked Security: Dating site users spammed with smut after ‘third-party’ data leak " Users of the Guardian’s Soulmates d...

Android Apps Secretly Tracking Users By Listening To Inaudible Sound Hidden In Adverts

From The Independent: Android Apps Secretly Tracking Users By Listening To Inaudible Sound Hidden In Adverts " Researchers say the ...

SPY PHONE Secret messages hidden in TV adverts can order smartphones to spy on people, researchers warn

From The Sun: SPY PHONE Secret messages hidden in TV adverts can order smartphones to spy on people, researchers warn " Popular app...

This ‘dark web’ vigilante is zapping tons of child porn

From the NY Post: This ‘dark web’ vigilante is zapping tons of child porn " The dark web is now 20 percent lighter — thanks to a “M...

US-CERT Alert: Security Tip (ST05-019) Preventing and Responding to Identity Theft

Privacy Week follow up from US-CERT: Security Tip (ST05-019) Preventing and Responding to Identity Theft Is identity theft just a proble...

US-CERT Alert: Security Tip (ST04-014) Avoiding Social Engineering and Phishing Attacks

Privacy Week follow up from US-CERT: Security Tip (ST04-014) Avoiding Social Engineering and Phishing Attacks What is a social engineeri...

US-CERT Alert: Security Tip (ST04-013) Protecting Your Privacy

Privacy Week follow up from US-CERT: Security Tip (ST04-013) Protecting Your Privacy How do you know if your privacy is being protected?...

US-CERT Alert: Security Tip (ST06-008) Safeguarding Your Data

Privacy Week follow up from US-CERT: Security Tip (ST06-008) Safeguarding Your Data " Why isn't "more" better? Mayb...

US-CERT Alert: FTC Promotes Privacy Awareness Week

From US-CERT: FTC Promotes Privacy Awareness Week " The Federal Trade Commission (FTC) has released an announcement on Privacy Awar...

US-CERT Alert: Microsoft Releases Critical Security Update

From US-CERT: Microsoft Releases Critical Security Update " Microsoft has released a critical out-of-band security update addressin...

Monday, May 8, 2017

Homeland Security Issues Warning on Cyberattack Campaign

From DataBreach Today: Homeland Security Issues Warning on Cyberattack Campaign " The Department of Homeland Security is warning IT...

Monsanto accused of hiring army of trolls to silence online dissent – court papers

From RT: Monsanto accused of hiring army of trolls to silence online dissent – court papers " Biotech giant Monsanto is being accus...

The U.S. military is targeting Islamic State's virtual caliphate by hunting & killing its online operatives one-by-one

From the LA Times: The U.S. military is targeting Islamic State's virtual caliphate by hunting & killing its online operatives one...

What Can You Learn On Your Own

From SANS ISC: What Can You Learn On Your Own " We are all privileged to work in the field of information security. We also carry t...

‘Playpen’ Creator Sentenced to 30 Years

Even on the Dark Web with Tor - You. Will. Get. Caught. From the FBI: ‘Playpen’ Creator Sentenced to 30 Years " The creator and l...

WikiLeaks Details MitM Attack Tool Used by CIA

From Security Week: WikiLeaks Details MitM Attack Tool Used by CIA " WikiLeaks has released documents detailing a man-in-the-middle...

Google Researchers Find "Worst" Windows RCE Flaw

From Security Week: Google Researchers Find "Worst" Windows RCE Flaw "Google Project Zero researchers Tavis Ormandy and N...

Exploitable Details of Intel's 'Apocalyptic' AMT Firmware Vulnerability Disclosed

The Intel AMT firmware vulnerability is much more serious than previously reported. From Security Week: Exploitable Details of Intel'...

Software Download Mirror Distributes Mac Malware

From Security Week: Software Download Mirror Distributes Mac Malware " A download mirror server for the video converting tool HandB...

Defining Your Overarching Goal for Email Phishing Testing

Great article by Kevin Beaver on Toolbox.com: Defining Your Overarching Goal for Email Phishing Testing " Are you among the relativ...

US-CERT Alert: Mozilla Releases Security Updates

From US-CERT: Mozilla Releases Security Updates " Mozilla has released security updates to address a vulnerability in Firefox and F...

US-CERT Alert: Intel Firmware Vulnerability

More on the Intel AMT vulnerability from US-CERT: Intel Firmware Vulnerability " Intel has released recommendations to address a vu...

And Now a Ransomware Tool That Charges Based On Where You Live

From Dark Reading: And Now a Ransomware Tool That Charges Based On Where You Live " Malware is designed to charge more for victims ...

How to protect your boss from phishing attacks

From Sophos Naked Security: How to protect your boss from phishing attacks " We already know that more than 75% of us lie on social...

French Cybersecurity Agency to Probe Macron Hacking Attack

From Newsmax: French Cybersecurity Agency to Probe Macron Hacking Attack " France's election campaign commission said Saturday ...

Law Firm Sues Insurer Over Income Loss in Ransomware Attack

From Dark Reading: Law Firm Sues Insurer Over Income Loss in Ransomware Attack " A Rhode Island law firm sued its insurer over fail...

How does Ticketbleed affect session ID security?

Looks like this one is going to get a lot of media coverage. From Search Security: How does Ticketbleed affect session ID security? ...

Friday, May 5, 2017

FBI's James Comey on Insider Threat, Other Cyber Challenges

From DataBreach Today: FBI's James Comey on Insider Threat, Other Cyber Challenges The latest ISMG Security Report leads with an acc...

ATM Security Software Found to Have Serious Vulnerability

From DataBreach Today: ATM Security Software Found to Have Serious Vulnerability " A security application for ATMs that's desig...

Authorities Take Down Darknet Marketplace

From SecurityWeek: Authorities Take Down Darknet Marketplace " Europol announced Thursday that it had assisted the Slovak NAKA crim...

How to Stop a Hacker: Disincentivizing Cybercriminals

From SecurityWeek: How to Stop a Hacker: Disincentivizing Cybercriminals " As long as computers have been in existence, there have ...

Consent Control and eDiscovery: Devils in GDPR Detail

From SecurityWeek: Consent Control and eDiscovery: Devils in GDPR Detail " The European General Data Protection Regulation will be ...

Cisco Patches Critical Flaw in Small Business Router

From SecurityWeek: Cisco Patches Critical Flaw in Small Business Router " Cisco has released a firmware update for one of its small...

Hackers Exploit SS7 Flaws to Loot Bank Accounts

From SecurityWeek: Hackers Exploit SS7 Flaws to Loot Bank Accounts " Cybercriminals have exploited vulnerabilities in the SS7 proto...

FBI: Business- and Email Account Compromise Attack Losses Hit $5 Billion

From Dark Reading: FBI: Business- and Email Account Compromise Attack Losses Hit $5 Billion " The FBI's IC3 division reports a ...

Attackers Unleash OAuth Worm via 'Google Docs' App

From DataBreach Today: Attackers Unleash OAuth Worm via 'Google Docs' App " A malicious app named "Google Docs" b...

View web version

About Me

Unknown

View my complete profile

Powered by Blogger.