NIST SP 800-204B: Attribute-based Access Control for Microservices-based Applications using a Service Mesh

The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-204B Attribute-based Access Control for Microservices-based Applications using a Service Mesh.

Continue ReadingNIST SP 800-204B: Attribute-based Access Control for Microservices-based Applications using a Service Mesh

Hacker remotely accesses Florida water treatment plant, bumps chemical level to “dangerous levels”

A hacker remotely accessed a Florida city water treatment plant and attempted to increase the chemical level to "dangerous levels" before the cyberattack was thwarted.

Continue ReadingHacker remotely accesses Florida water treatment plant, bumps chemical level to “dangerous levels”

Alert: Threat actors continue to exploit patched Pulse Secure VPN devices

Organizations that are running Pulse Security VPN devices may still be at risk of being exploited, even if previously patched, according to a new Department of Homeland Security (DHS) advisory. The risk is elevated if an actor previously exploited CVE-2019-11510 and stole AD credentials from the victim organization.

Continue ReadingAlert: Threat actors continue to exploit patched Pulse Secure VPN devices

Guidance for CISOs to improve remote worker security, free access to small business online collaboration tools

In the wake of Coronavirus / COVID-19 pandemic, Microsoft has issued sound guidance for security leaders to improve remote worker security. Tech companies are also offering small businesses free access to online collaboration tools during the outbreak.

Continue ReadingGuidance for CISOs to improve remote worker security, free access to small business online collaboration tools

Organizations need heightened level of Enterprise VPN security in the wake of Coronavirus Pandemic

To prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), more organizations are electing to have their employees work remotely from home. With that responsibility, more organizations will need to adopt a heightened level of security to protect themselves from attackers who look to exploit weaknesses in enterprise virtual private networks (VPNs).

Continue ReadingOrganizations need heightened level of Enterprise VPN security in the wake of Coronavirus Pandemic

Guidelines for securing Content Management Systems

The Australian Cyber Security Centre (ACSC) has released new guidelines to assist organizations in securing Content Management Systems (CMS). The guidelines include good mitigation advice in areas of patching, account management, hardening and monitoring to name a few.

Continue ReadingGuidelines for securing Content Management Systems