web-archive-uk.com


Web directory, archive
Search web-archive-uk.com:


Find domain in archive system:
web-archive-uk.com » UK » C » CSRISKMANAGEMENT.CO.UK

Total: 259

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • CS Risk Management - CS InfoSec Blog
    encouraged to review Adobe Security Bulletins APSB15 09 and APSB15 10 and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 12 May 2015 by Maritz Cloete Microsoft Releases May 2015 Security Bulletin Original release date May 12 2015 Microsoft has released 13 updates to address vulnerabilities in Microsoft Windows Some of these vulnerabilities could allow elevation of privilege denial of service remote code execution information disclosure or security feature bypass US CERT encourages users and administrators to review Microsoft Security Bulletins MS15 043 MS15 055 and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 12 May 2015 by Maritz Cloete Cisco UCS Central Software Vulnerability Original release date May 08 2015 Cisco has released a security advisory to address a vulnerability in the web framework of Cisco Unified Computing System UCS Central Software Exploitation of this vulnerability may allow a remote attacker to take control of an affected system US CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 8 May 2015 by Maritz Cloete WordPress Security and Maintenance Release Original release date May 07 2015 WordPress 4 2 and prior versions contain critical cross site scripting vulnerabilities Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website Users and administrators are encouraged to review the WordPress Security and Maintenance Release and upgrade to WordPress 4 2 2 This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 7 May 2015 by Maritz Cloete Apple Releases Security Updates for Safari Original release date May 07 2015 Apple has released security updates for Safari to address multiple vulnerabilities Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system Available updates include Safari 8 0 6 for OS X Yosemite v10 10 3 Safari 7 1 6 for OS X Mavericks v10 9 5 Safari 6 2 6 for OS X Mountain Lion v10 8 5 US CERT encourages users and administrators to review Apple security update HT204826 and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 7 May 2015 by Maritz Cloete Nepal Earthquake Disaster Email Scams Original release date April 30 2015 US CERT warns users of potential email scams citing the earthquake in Nepal The scam emails may contain links

    Original URL path: http://www.csriskmanagement.co.uk/blog/?cat=42&paged=6 (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    Security on 12 August 2015 by Maritz Cloete 5k Innovation Vouchers up for grabs for Cyber Security Improvements The UK Government have announced a new scheme to protect small businesses from cyber attacks Yesterday Digital Economy Minister Ed Vaizey outlined a new voucher scheme designed specifically to help small and medium sized businesses SMEs as part of a package of measures to improve the UK s cyber security resilience The package also includes a new online learning and careers hub to help ensure the UK has the cyber skills talent pool to protect both the public and private sectors as we face the reality of increasing cyber threats Continue reading This entry was posted in Cyber Essentials Cyber Security and tagged Innovation Vouchers on 17 July 2015 by Maritz Cloete New version of OpenSSL to address critical vulnerability out soon The OpenSSL Project team announced on Monday the 6th of July that OpenSSL versions 1 0 2d and 1 0 1p will be released shortly to address a serious security bug According to the developers of the popular open source toolkit for SSL TLS OpenSSL 1 0 2d and 1 0 1p will be released on Thursday July 9 and they will fix a single high severity vulnerability Continue reading This entry was posted in Threat Alerts and tagged Vulnerabilities on 7 July 2015 by Maritz Cloete Zero day to commercial exploit kit in 4 days how do we weather the cyber security storm Just four days after Adobe Systems patched a vulnerability in Flash Player a malware researchers spotted a drive by download attack that was exploiting it to install CryptoWall ransomware on the victim s computer Further research showed that the exploit was added to the commercial exploit kit called Magnitude and that this has clearly now been adopted by cybercriminals across the world for use in large scale attacks Continue reading This entry was posted in Cyber Security Security Awareness and tagged cyber storm on 30 June 2015 by Maritz Cloete Wales mandates Cyber Essentials for suppliers processing personal data SC Magazine yesterday reported that the Welsh Government have now made it mandatory for third party suppliers with a moderate or high level of risk when dealing with sensitive information to be Cyber Essentials certified from 1 April this year Continue reading This entry was posted in Cyber Essentials and tagged Cyber Security on 10 June 2015 by Maritz Cloete Securing your VPN and RDP sessions against attackers Mandiant have recently published their 2015 M Trends report which highlights the new attack trends they have identified through their role as security incident first responders over the last year It is an interesting and informative report which is worth a read and can be found here registration is required I m afraid A couple of key points from the report caught my attention most notably how attackers are exploiting remote access facilities such as VPNs Continue reading This entry was posted in Cyber Security and tagged Cyber Security

    Original URL path: http://www.csriskmanagement.co.uk/blog/?paged=6 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    Control System and tagged Cyber Security on 12 August 2015 by Maritz Cloete 5k Innovation Vouchers up for grabs for Cyber Security Improvements The UK Government have announced a new scheme to protect small businesses from cyber attacks Yesterday Digital Economy Minister Ed Vaizey outlined a new voucher scheme designed specifically to help small and medium sized businesses SMEs as part of a package of measures to improve the UK s cyber security resilience The package also includes a new online learning and careers hub to help ensure the UK has the cyber skills talent pool to protect both the public and private sectors as we face the reality of increasing cyber threats Continue reading This entry was posted in Cyber Essentials Cyber Security and tagged Innovation Vouchers on 17 July 2015 by Maritz Cloete New version of OpenSSL to address critical vulnerability out soon The OpenSSL Project team announced on Monday the 6th of July that OpenSSL versions 1 0 2d and 1 0 1p will be released shortly to address a serious security bug According to the developers of the popular open source toolkit for SSL TLS OpenSSL 1 0 2d and 1 0 1p will be released on Thursday July 9 and they will fix a single high severity vulnerability Continue reading This entry was posted in Threat Alerts and tagged Vulnerabilities on 7 July 2015 by Maritz Cloete Zero day to commercial exploit kit in 4 days how do we weather the cyber security storm Just four days after Adobe Systems patched a vulnerability in Flash Player a malware researchers spotted a drive by download attack that was exploiting it to install CryptoWall ransomware on the victim s computer Further research showed that the exploit was added to the commercial exploit kit called Magnitude and that this has clearly now been adopted by cybercriminals across the world for use in large scale attacks Continue reading This entry was posted in Cyber Security Security Awareness and tagged cyber storm on 30 June 2015 by Maritz Cloete Wales mandates Cyber Essentials for suppliers processing personal data SC Magazine yesterday reported that the Welsh Government have now made it mandatory for third party suppliers with a moderate or high level of risk when dealing with sensitive information to be Cyber Essentials certified from 1 April this year Continue reading This entry was posted in Cyber Essentials and tagged Cyber Security on 10 June 2015 by Maritz Cloete Securing your VPN and RDP sessions against attackers Mandiant have recently published their 2015 M Trends report which highlights the new attack trends they have identified through their role as security incident first responders over the last year It is an interesting and informative report which is worth a read and can be found here registration is required I m afraid A couple of key points from the report caught my attention most notably how attackers are exploiting remote access facilities such as VPNs Continue reading This entry was posted in Cyber

    Original URL path: http://www.csriskmanagement.co.uk/blog/?author=1&paged=6 (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 14 April 2015 by Maritz Cloete WP Super Cache Cross Site Scripting XSS Vulnerability Original release date April 09 2015 WP Super Cache a WordPress plugin contains a persistent XSS vulnerability in versions prior to 1 4 4 Exploitation of this vulnerability could allow a remote attacker to take control of the affected system Users and administrators are encouraged to review the WP Super Cache Changelog for more information and update to version 1 4 4 if affected This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 9 April 2015 by Maritz Cloete Apple Releases Security Updates for OS X iOS Safari and Apple TV Original release date April 08 2015 Apple has released security updates for OS X iOS Safari and Apple TV to address multiple vulnerabilities Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system Available updates include OS X Yosemite v10 10 3 and Security Update 2015 004 for OS X Mountain Lion v10 8 5 OS X Mavericks v10 9 5 and OS X Yosemite v10 10 to v10 10 2 iOS 8 3 for iPhones 4s and later iPod touch 5th generation and later and iPad 2 and later Safari 8 0 5 Safari 7 1 5 and Safari 6 2 5 for OS X Mountain Lion v10 8 5 OS X Mavericks v10 9 5 and OS X Yosemite v10 10 2 Apple TV 7 2 for Apple TV 3rd generation and later US CERT encourages users and administrators to review Apple security updates HT204659 HT204661 HT204658 and HT204662 and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 8 April 2015 by Maritz Cloete Vulnerabilities Identified in Network Time Protocol Daemon ntpd Original release date April 08 2015 The Network Time Foundation s NTP Project has released an update addressing multiple vulnerabilities in ntpd Exploitation of these vulnerabilities may allow an attacker to conduct a man in the middle attack or cause a denial of service condition Users and administrators are encouraged to review Vulnerability Note VU 374268 for more information and update to NTP 4 2 8p2 if necessary This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 8 April 2015 by Maritz Cloete IC3 Issues Alert for Fake Government Websites Original release date April 07 2015 The Internet Crime Complaint Center IC3 has released an alert that warns consumers of fraudulent government services websites that mimic legitimate ones Scam operators lure consumers to these fraudulent websites in order to steal their personal identifiable

    Original URL path: http://www.csriskmanagement.co.uk/blog/?cat=42&paged=7 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    in Windows and the company s engineers also will contribute to the OpenSSH project While SSH has been a popular tool for remote login and command execution on many Unix and linux systems for years Windows has not supported SSH by default for a variety of reasons Microsoft has had its own solutions on this front but SSH has become the default standard for secure remote operations over the years Customers have been asking Microsoft to add default support for the protocol and the company now has decided to make the move See more at https threatpost com microsoft to support ssh in windows 113120 This entry was posted in Cyber Security and tagged Crypto on 4 June 2015 by Maritz Cloete IC3 Issues Internet Crime Report for 2014 Original release date May 22 2015 The Internet Crime Complaint Center IC3 has released its Internet Crime Report for 2014 indicating that scams relating to social media including doxing click jacking and pharming have increased substantially over the past five years US CERT encourages users to review the IC3 Alert for details and refer to the US CERT Tip ST04 014 for information on social engineering and phishing attacks This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 23 May 2015 by Maritz Cloete Google Releases Security Update for Chrome Original release date May 19 2015 Google has released Chrome version 43 0 2357 65 for Windows Mac and Linux to address multiple vulnerabilities Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system US CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 20 May 2015 by Maritz Cloete Cisco Releases Security Advisories for TelePresence Products Original release date May 14 2015 Cisco has released two security advisories to address multiple vulnerabilities in TelePresence products Successful exploitation could allow an attacker to bypass system authentication execute arbitrary code with elevated privileges or cause a denial of service condition Users and administrators are encouraged to review Cisco Advisories cisco sa 20150513 tc and cisco sa 20150513 tp and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 14 May 2015 by Maritz Cloete Mozilla Releases Security Updates for Firefox Firefox ESR and Thunderbird Original release date May 12 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox Firefox ESR and Thunderbird Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial of service condition or steal sensitive information Available updates include Firefox 38 Firefox ESR 31

    Original URL path: http://www.csriskmanagement.co.uk/blog/?paged=7 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    is planning to support SSH in Windows and the company s engineers also will contribute to the OpenSSH project While SSH has been a popular tool for remote login and command execution on many Unix and linux systems for years Windows has not supported SSH by default for a variety of reasons Microsoft has had its own solutions on this front but SSH has become the default standard for secure remote operations over the years Customers have been asking Microsoft to add default support for the protocol and the company now has decided to make the move See more at https threatpost com microsoft to support ssh in windows 113120 This entry was posted in Cyber Security and tagged Crypto on 4 June 2015 by Maritz Cloete IC3 Issues Internet Crime Report for 2014 Original release date May 22 2015 The Internet Crime Complaint Center IC3 has released its Internet Crime Report for 2014 indicating that scams relating to social media including doxing click jacking and pharming have increased substantially over the past five years US CERT encourages users to review the IC3 Alert for details and refer to the US CERT Tip ST04 014 for information on social engineering and phishing attacks This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 23 May 2015 by Maritz Cloete Google Releases Security Update for Chrome Original release date May 19 2015 Google has released Chrome version 43 0 2357 65 for Windows Mac and Linux to address multiple vulnerabilities Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system US CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 20 May 2015 by Maritz Cloete Cisco Releases Security Advisories for TelePresence Products Original release date May 14 2015 Cisco has released two security advisories to address multiple vulnerabilities in TelePresence products Successful exploitation could allow an attacker to bypass system authentication execute arbitrary code with elevated privileges or cause a denial of service condition Users and administrators are encouraged to review Cisco Advisories cisco sa 20150513 tc and cisco sa 20150513 tp and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 14 May 2015 by Maritz Cloete Mozilla Releases Security Updates for Firefox Firefox ESR and Thunderbird Original release date May 12 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox Firefox ESR and Thunderbird Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial of service condition or steal sensitive information Available updates include

    Original URL path: http://www.csriskmanagement.co.uk/blog/?author=1&paged=7 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    Security on 31 March 2015 by Maritz Cloete Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication Original release date March 26 2015 Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication This publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software Exploits of these vulnerabilities could result in a denial of service DoS condition interface queue wedge or exchange memory leak US CERT encourages users and administrators to review the following Cisco Security Advisory and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 26 March 2015 by Maritz Cloete Mozilla Releases Security Updates for Firefox Firefox ESR and SeaMonkey Original release date March 20 2015 Last revised March 23 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox Firefox ESR and SeaMonkey Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system Available updates include Firefox 36 0 4 Firefox ESR 31 5 3 SeaMonkey 2 33 1 Users and administrators are encouraged to review the Security Advisories for Firefox Firefox ESR and SeaMonkey and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 20 March 2015 by Maritz Cloete TA15 051A Lenovo Superfish Adware Vulnerable to HTTPS Spoofing Original release date February 20 2015 Last revised February 24 2015 Systems Affected Lenovo consumer PCs that have Superfish VisualDiscovery installed Overview Superfish adware installed on some Lenovo PCs install a non unique trusted root certification authority CA certificate allowing an attacker to spoof HTTPS traffic Description

    Original URL path: http://www.csriskmanagement.co.uk/blog/?cat=42&paged=8 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    email by contacting the organization directly through a trusted contact number Trusted contact information can be found on the Better Business Bureau National Charity Report Index Refer to the Security Tip ST04 014 on Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 30 April 2015 by Maritz Cloete WordPress Releases Security Update Original release date April 23 2015 WordPress 4 1 2 has been released to address multiple vulnerabilities one of which could allow a site to be compromised by a remote attacker WordPress 4 1 1 and earlier are affected by this vulnerability US CERT recommends users and administrators review the WordPress Security Release and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 23 April 2015 by Maritz Cloete IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials Original release date April 21 2015 The Internet Crime Complaint Center IC3 has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks Doxing the act of gathering and publishing individuals personal information without permission has been observed Hacking collectives may exploit publicly available information identifying officers or officials their employers and their families These target groups should protect their online presence and exposure Users are encouraged to review the IC3 Alert for details and refer to US CERT Tip ST06 003 for information on staying safe on social network sites This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 22 April 2015 by Maritz Cloete UK courts can now impose unlimited DPA fines Magistrates courts are no longer limited to 5 000 fines for criminal offences under the DPA following the entry into force of the Legal Aid Sentencing and Punishment of Offenders Act 2012 Fines on Summary Conviction Regulations 2015 on 12th March 2015 The Regulations allow for an unlimited fine where individuals are convicted under section 55 offence of obtaining or disclosing personal data without the consent of the data controller The ICO has confirmed that it is conceivable for a Data Protection Officer to commit a criminal offence under section 55 DPOs caught breaching the rules therefore may find themselves liable to payment of a fine of a now uncapped amount This entry was posted in Data Protection Act Compliance Uncategorized and tagged Data Protection DPA on 21 April 2015 by Maritz Cloete PCI 3 1 released SSL 3 0 and TLS 1 0 no longer good enough A minor update to the PCI DSS standard was released by the PCI SSC earlier this week in the form

    Original URL path: http://www.csriskmanagement.co.uk/blog/?paged=8 (2016-02-14)
    Open archived version from archive



  •  


web-archive-uk.com, 2017-12-15