web-archive-uk.com


Web directory, archive
Search web-archive-uk.com:


Find domain in archive system:
web-archive-uk.com » UK » C » CSRISKMANAGEMENT.CO.UK

Total: 259

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • CS Risk Management - CS InfoSec Blog
    this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 8 April 2015 by Maritz Cloete Amazon cloud contract terms meet EU standards on data transfers Certain contract terms used by cloud provider Amazon Web Services have been deemed by the Luxembourg DPA to be a safe way of effecting international data transfers The decision of the National Commission for Data Protection in Luxembourg on behalf of the Article 29 Working Party follows a similar endorsement given to Microsoft last year The Luxembourg authority said that the approval will reduce the number of national authorisations businesses will need to obtain from EU DPAs for their transfers outside of the European Economic Area if contracting with AWS for the storage of that data This entry was posted in Data Protection Act Compliance and tagged EU Data Regulation on 8 April 2015 by Maritz Cloete IC3 Issues Alert for Fake Government Websites Original release date April 07 2015 The Internet Crime Complaint Center IC3 has released an alert that warns consumers of fraudulent government services websites that mimic legitimate ones Scam operators lure consumers to these fraudulent websites in order to steal their personal identifiable information PII and collect fees for services that are never delivered US CERT encourages users to review the IC3 Alert for details and refer to the US CERT Tip ST04 014 for information on social engineering and phishing attacks This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 8 April 2015 by Maritz Cloete IC3 Releases Alert on Web Site Defacements Original release date April 07 2015 The Internet Crime Complaint Center IC3 has issued an alert addressing recently perpetrated Web site defacements The defacements advertise themselves as associated with the Islamic State in the Levant ISIL a k a Islamic State of Iraq and al Shams ISIS However FBI assesses that the perpetrators are not actually associated with this group The perpetrators exploit WordPress content management system CMS vulnerabilities leading to disruptive and costly effects Users and administrators are encouraged to review the IC3 Alert for details and refer to the US CERT Alert TA13 024A for information on CMS security This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 8 April 2015 by Maritz Cloete Mozilla Releases Security Update for Firefox Original release date April 06 2015 The Mozilla Foundation has released Firefox 37 0 1 to address two vulnerabilities one of which may allow a remote attacker to conduct man in the middle attacks Users and administrators are encouraged to review the security advisories for Firefox and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts

    Original URL path: http://www.csriskmanagement.co.uk/blog/?m=201504&paged=2 (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    of one of these vulnerabilities may allow a remote attacker to take control of an affected system Available updates include Firefox 37 Firefox ESR 31 6 Thunderbird 31 6 Users and administrators are encouraged to review the Security Advisories for Firefox Firefox ESR and Thunderbird and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 31 March 2015 by Maritz Cloete Post navigation Cyber Essentials Plus in new Cyber Risk Profiles for Defence suppliers Google Releases Security Update for Chrome Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics cyber essentials plus Cyber Security DPA Social Media Data Protection ISO27000 APT PCI DSS Advanced Persistent Threats Data Loss Prevention Information Security Management Support ISO27001 2013 ISO IEC27001 2013 ISO27001 Cyber Security Defence EU Data Regulation ISMS cyber essentials Security Controls RSS feed If you want to stay up to date with our blog subscribe to our RSS feed Archives February 2016

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=151 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    that address vulnerabilities in Cisco IOS Software Exploits of these vulnerabilities could result in a denial of service DoS condition interface queue wedge or exchange memory leak US CERT encourages users and administrators to review the following Cisco Security Advisory and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 26 March 2015 by Maritz Cloete Post navigation ICO tells UK businesses to sort out data protection right now Cyber Essentials Plus in new Cyber Risk Profiles for Defence suppliers Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics ISO27000 Management Support ISMS cyber essentials Cyber Security Defence ISO27001 cyber essentials plus Data Protection EU Data Regulation ISO27001 2013 Cyber Security PCI DSS APT Data Loss Prevention ISO IEC27001 2013 DPA Social Media Information Security Advanced Persistent Threats Security Controls RSS feed If you want to stay up to date with our blog subscribe to our RSS feed Archives February 2016

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=147 (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    of these vulnerabilities may allow a remote attacker to take control of an affected system Available updates include Firefox 36 0 4 Firefox ESR 31 5 3 SeaMonkey 2 33 1 Users and administrators are encouraged to review the Security Advisories for Firefox Firefox ESR and SeaMonkey and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 20 March 2015 by Maritz Cloete Post navigation TA15 051A Lenovo Superfish Adware Vulnerable to HTTPS Spoofing ICO tells UK businesses to sort out data protection right now Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics cyber essentials plus Cyber Security APT EU Data Regulation ISO IEC27001 2013 Management Support DPA ISO27001 2013 Cyber Security Defence cyber essentials Social Media Security Controls ISMS Data Loss Prevention Advanced Persistent Threats ISO27000 Data Protection Information Security PCI DSS ISO27001 RSS feed If you want to stay up to date with our blog subscribe to our

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=148 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    non unique trusted root certification authority CA certificate allowing an attacker to spoof HTTPS traffic Description Starting in September 2014 Lenovo pre installed Superfish VisualDiscovery spyware on some of their PCs This software intercepts users web traffic to provide targeted advertisements In order to intercept encrypted connections those using HTTPS the software installs a trusted root CA certificate for Superfish All browser based encrypted traffic to the Internet is intercepted decrypted and Source US Cert This entry was posted in Threat Alerts and tagged Cyber Security on 20 February 2015 by Maritz Cloete Post navigation Benefiting from Cyber Essentials Mozilla Releases Security Updates for Firefox Firefox ESR and SeaMonkey Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics Information Security ISMS APT Advanced Persistent Threats cyber essentials plus Cyber Security Defence Data Loss Prevention DPA Cyber Security ISO27000 ISO27001 ISO27001 2013 Security Controls Data Protection PCI DSS Social Media Management Support EU Data Regulation ISO IEC27001 2013 cyber essentials RSS feed If you want to stay up to date with our blog subscribe to

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=146 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    some interesting aspects of the criminal cyber attacks the top security incident response firms claim that for more than 80 of all major attacks investigated privileged accounts have been compromised and exploited as part of the attack attacks often persists for months or even years before they are discovered Mandiant claims that the median number for days in an ongoing attack is 229 security investigators report a range of privileged account exploits from hacking embedded devices in the Internet of Things to establishing multiple privileged identities in Microsoft Active Directory to ensure redundant points of access Service accounts are now sought after targets According to Verizon s Christopher Novak Many of our recent investigations have seen exploits in service accounts probably in 80 to 90 of the cases Priviliged accounts are the keys to your kingdom and should be very well looked after Make sure you have identified all user and service accounts that have elevated privileges accross your IT estate and take the steps necessary to keep these safe including make sure default user account names and passwords are never used on any systems not even in development as these may be used as a springboard onto your production environment make sure you use complex passwords or passphrases to make it hard for hackers to guess or brute force and use good user account management practices to keep these accounts secure educate your staff to be ale to identify and deal with the threat of social engineering techniques employed by hackers including phishing and impersonation of legitimate fellow members of staff make sure any potential compromises are reported as soon as possible and make sure you have procedures in place to deal with these types of breaches very quickly log monitor and correlate privileged user activity If possible collect

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=76 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    day vulnerabilities and how to deal with these It s an intriguing subject with a bit of a cloak and dagger feel around it and always makes for an interesting discussion with our clients However a recent study commissioned by CyberArk highlighted that the majority of criminals do not use valuable zero days exploits instead they use phishing and simple guessing techniques to obtain login credentials of executives or IT staff which they then exploit to gain access to valuable information Continue reading This entry was posted in Cyber Security and tagged Privileged Account Abuse on 21 November 2014 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics Information Security ISO27000 Data Loss Prevention DPA cyber essentials Management Support EU Data Regulation ISMS ISO27001 2013 Advanced Persistent Threats APT cyber essentials plus PCI DSS ISO27001 Cyber Security Cyber Security Defence Social Media Security Controls Data Protection ISO IEC27001 2013 RSS feed If you want to stay up to date with our blog subscribe to our RSS feed Archives February 2016 January

    Original URL path: http://www.csriskmanagement.co.uk/blog/?tag=privileged-account-abuse (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    time of the year as people start to wind down for Christmas and staffing is reduced to minimal cover This could mean that if an employee is looking to steal or maliciously damage data it may be easier to do so than at other times of the year So what can be done about this Firstly it is important to be aware of the risk and ensure it is considered throughout company management The reduced cover for Christmas periods should include key senior personnel to ensure that activities being conducted are monitored The HR and review processes should be practiced to determine individuals who are at a greater risk of this threat for example if there is an employee with access to a lot of data that never takes time off and seems very unhappy it could be that they are staying at work to ensure they cover their tracks If there is an individual identified as posing a threat to the organisation that individual should be monitored and system controls must be put in place System controls can be implemented to aid in protecting against this threat such as ensuring all desktop machines are locked down and USB ports CD writers cannot be used unless specifically authorised by senior management Access to the internet can be restricted or removed and email messages can have a maximum message size applied such as 1mb Segregation of duties should be considered in systems ensuring that there are approval points built into any system to make it harder for a sole individual to authorise activities and accessing data en masse such as through a database should be kept to the minimum number of people necessary Lastly practicing good access control as always is a good idea ensuring access to the systems is at

    Original URL path: http://www.csriskmanagement.co.uk/blog/?p=46 (2016-02-14)
    Open archived version from archive



  •  


web-archive-uk.com, 2017-12-12