web-archive-uk.com


Web directory, archive
Search web-archive-uk.com:


Find domain in archive system:
web-archive-uk.com » UK » C » CSRISKMANAGEMENT.CO.UK

Total: 259

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • CS Risk Management - CS InfoSec Blog
    to review the IRS Security Awareness Tax Tip Number 10 for additional information This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 26 January 2016 by Maritz Cloete Apple Releases Security Update for tvOS Original release date January 25 2016 Apple has released a security update for tvOS to address multiple vulnerabilities Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system US CERT encourages users and administrators to review the Apple security update for tvOS 9 1 1 Apple TV 4th generation and apply the necessary update This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 26 January 2016 by Maritz Cloete ISC Releases Security Updates for BIND Original release date January 19 2016 The Internet Systems Consortium ISC has released security updates to address vulnerabilities in BIND Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service condition Available updates include BIND 9 version 9 9 8 P3 BIND 9 version 9 10 3 P3 BIND 9 version 9 9 8 S4 Users and administrators are encouraged to review ISC Knowledge Base Articles AA 01335 and AA 01336 and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 20 January 2016 by Maritz Cloete Linux Kernel Vulnerability Original release date January 19 2016 US CERT is aware of a Linux kernel vulnerability affecting Linux PCs and servers and Android based devices Exploitation of this vulnerability may allow an attacker to take control of an affected system US CERT recommends that users and administrators review the Redhat Security Blog and the Debian Security Bug Tracker for additional details and refer to their Linux or Unix based OS vendors for appropriate patches This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 20 January 2016 by Maritz Cloete Apple Releases Security Updates for iOS OS X El Capitan and Safari Original release date January 19 2016 Apple has released security updates for iOS OS X El Capitan and Safari to address multiple vulnerabilities Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system Available updates include iOS 9 2 1 for iPhone 4s and later iPod touch 5th generation and later and iPad 2 and later OS X El Capitan 10 11 3 for OS X Mavericks v10 9 5 OS X Yosemite v10 10 5 and OS X El Capitan v10 11 to v10 11 2 Safari 9 0 3 for OS X Mavericks v10 9 5 OS X

    Original URL path: http://www.csriskmanagement.co.uk/blog/?m=201601 (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    mobile device However with all of these added conveniences often come potential threats and vulnerabilities US CERT would like to encourage users to review the following Cybersecurity Tips Following the security practices suggested in each tip will help to keep your portable devices secure during the holiday season and throughout the year Stop Think Connect Tip Card Cybersecurity While Traveling Cyber Security Tip ST11 001 Holiday Traveling with Personal Internet Enabled Devices Cyber Security Tip ST05 017 Cybersecurity for Electronic Devices Cyber Security Tip ST04 017 Protecting Portable Devices Physical Security This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 21 December 2015 by Maritz Cloete IRS Releases Fourth Tax Security Tip Original release date December 17 2015 The Internal Revenue Service IRS has released the fourth in a series of tips intended to help the public protect personal and financial data online and at home This tip focuses on protecting your passwords Recommendations include creating longer and more complex passwords not using the same passwords for multiple accounts and changing your passwords on a regular basis US CERT encourages users and administrators to review the IRS Security Awareness Tax Tip Number 4 and the US CERT Tip Choosing and Protecting Passwords for additional information This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 17 December 2015 by Maritz Cloete Juniper Releases Out of band Security Advisory for ScreenOS Original release date December 17 2015 Juniper has discovered unauthorized code in ScreenOS which could allow an attacker to take control of NetScreen devices and to decrypt VPN connections US CERT recommends that users and administrators review Juniper Security Bulletin 2015 12 and update all affected ScreenOS versions This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 17 December 2015 by Maritz Cloete Securing Home and Small Business Routers Original release date December 15 2015 Home and Small Business routers have become the ideal target for attackers seeking to gain control over a user s gateway to the Internet Router misconfigurations e g default credentials interfaces open to the Internet or the lack of security precautions e g absence of updates may make users susceptible to exploitation Once an attacker gains unauthorized access to a vulnerable router they may be able to obtain sensitive information from a user s computer or perform other attacks Users and administrators are encouraged to review Security Tip ST15 002 for guidance on how to secure home and small business routers Additionally the Carnegie Mellon CERT Coordination Center CERT CC continues to test small office and home office SOHO routers for vulnerabilities US CERT encourages users and administrators to review CERT CC Router Vulnerability Notes for information on recently

    Original URL path: http://www.csriskmanagement.co.uk/blog/?m=201512 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    malware campaign consider the following actions File a complaint with the FBI s Internet Crime Complaint Center IC3 Report the attack to the police and file a report with the Federal Trade Commission Contact your financial institution immediately and close any accounts that may have been compromised Watch for any unexplainable charges to your account Immediately change any passwords you might have revealed and do not use that password in the future Avoid reusing passwords on multiple sites This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 25 November 2015 by Maritz Cloete Dell Computers Contain CA Root Certificate Vulnerability Original release date November 24 2015 Dell consumer personal computers using the preinstalled certificate authority CA root certificate eDellRoot contain a critical vulnerability This preinstalled root certificate resides on newer Dell laptops and desktops Exploitation of the vulnerability could allow a remote attacker to read all encrypted web browser traffic HTTPS successfully impersonate spoof any website or perform other attacks on the affected system US CERT encourages users and administrators to review Vulnerability Note VU 870761 and Dell s blog post for more information and guidance on removing the certificate This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 24 November 2015 by Maritz Cloete VMware Releases Security Updates Original release date November 19 2015 VMware has released security updates to address a vulnerability in vCenter vCloud Director and Horizon View Exploitation of this vulnerability may allow an attacker to obtain sensitive information Users and administrators are encouraged to review VMware Security Advisory VMSA 2015 0008 and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 19 November 2015 by Maritz Cloete Adobe Releases Security Updates for ColdFusion LiveCycle Data Services and Adobe Premiere Clip Original release date November 17 2015 Adobe has released security updates to address multiple vulnerabilities in ColdFusion LiveCycle Data Services and Adobe Premiere Clip Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system Users and administrators are encouraged to review Adobe Security Bulletins for ColdFusion LiveCycle Data Services and Adobe Premier Clip and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 17 November 2015 by Maritz Cloete Apache Commons Collections Java Library Vulnerability Original release date November 13 2015 US CERT is aware of a deserialization vulnerability in the Apache Commons Collections ACC Java library Java applications that either directly use ACC or contain ACC in their classpath may be vulnerable to arbitrary code execution US CERT encourages users and administrators

    Original URL path: http://www.csriskmanagement.co.uk/blog/?m=201511 (2016-02-14)
    Open archived version from archive


  • CS Risk Management - CS InfoSec Blog
    CERT is aware of a public disclosure of a cross site scripting vulnerability with proof of concept PoC exploit code affecting SDG Technologies Plug and Play SCADA a supervisory control and data acquisition human machine interface SCADA HMI product According to this report the vulnerability is exploitable by inserting malicious script in the HTML request to web servers Source US CERT ICS Alerts This entry was posted in Threat Alerts Industrial Control System and tagged Cyber Security on 15 October 2015 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics Social Media Advanced Persistent Threats cyber essentials PCI DSS Information Security DPA APT ISO IEC27001 2013 Data Loss Prevention ISMS Security Controls ISO27001 2013 ISO27001 Cyber Security Defence Cyber Security Management Support ISO27000 Data Protection cyber essentials plus EU Data Regulation RSS feed If you want to stay up to date with our blog subscribe to our RSS feed Archives February 2016 January 2016 December 2015 November 2015 October 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March

    Original URL path: http://www.csriskmanagement.co.uk/blog/?m=201510 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    1766 L32 Series Vulnerability that was published August 13 2015 on the ICS CERT web page NCCIC ICS CERT is aware of a public report of a remote file inclusion vulnerability with proof of concept PoC exploit code affecting Rockwell Automation 1766 L32BWAA 1766 L32BXBA web interfaces This is a programmable logic controller PLC used for automation in industrial processes ICS CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks Source US CERT ICS Alerts This entry was posted in Threat Alerts Industrial Control System and tagged Cyber Security on 13 August 2015 by Maritz Cloete KAKO HMI Hard coded Password NCCIC ICS CERT is aware of a public report of a hard coded password vulnerability with proof of concept PoC exploit code affecting KAKO HMI products According to this report the password is easily found in the client code This report was released before coordination could be completed with the vendor and ICS CERT ICS CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations ICS CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks Source US CERT ICS Alerts This entry was posted in Threat Alerts Industrial Control System and tagged Cyber Security on 12 August 2015 by Maritz Cloete Schneider Electric Modicon M340 PLC Station P34 Module Vulnerabilities NCCIC ICS CERT is aware of public reports of vulnerabilities with some proof of concept PoC exploit code affecting several Schneider Electric s Modicon M340 PLC Station P34 I O modules This is a supervisory control and data acquisition human machine interface SCADA HMI product ICS

    Original URL path: http://www.csriskmanagement.co.uk/blog/?m=201508 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    help ensure the UK has the cyber skills talent pool to protect both the public and private sectors as we face the reality of increasing cyber threats Continue reading This entry was posted in Cyber Essentials Cyber Security and tagged Innovation Vouchers on 17 July 2015 by Maritz Cloete New version of OpenSSL to address critical vulnerability out soon The OpenSSL Project team announced on Monday the 6th of July that OpenSSL versions 1 0 2d and 1 0 1p will be released shortly to address a serious security bug According to the developers of the popular open source toolkit for SSL TLS OpenSSL 1 0 2d and 1 0 1p will be released on Thursday July 9 and they will fix a single high severity vulnerability Continue reading This entry was posted in Threat Alerts and tagged Vulnerabilities on 7 July 2015 by Maritz Cloete Search for Recent Posts Microsoft Releases February 2016 Security Bulletin Adobe Releases Security Updates Oracle Releases Security Updates for Java Comodo Chromodo Browsers Vulnerable to Cross Domain Attacks FTC Announces Enhancements to IdentityTheft gov Topics cyber essentials plus ISMS Management Support Advanced Persistent Threats Cyber Security Defence DPA EU Data Regulation Social Media Security

    Original URL path: http://www.csriskmanagement.co.uk/blog/?m=201507 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    UK increased from 2 04 to 2 21 million Businesses general liability policies don t cover those costly data breaches which points to cyber insurance being a wise choice In fact AON PLC the world s largest reinsurance broker claimed in October 2014 that the cyber insurance market was at the time growing at 38 annually However as a case in the US a bit earlier this year has shown cyber insurance should not be relied upon as your first line of cyber defence Continue reading This entry was posted in Cyber Security Security Awareness on 9 June 2015 by Maritz Cloete NIST releases new ICS security guidance The National Institute of Standards and Technology NIST has released an updated version of its Guide to Industrial Control Systems ICS Security The 247 page document provides ICS operators guidance on securing supervisory control and data acquisition SCADA systems distributed control systems DCS and other control system configurations such as programmable logic controllers PLC Continue reading This entry was posted in Uncategorized and tagged Industrial Control Systems on 8 June 2015 by Maritz Cloete Cyber Essentials with CS Risk Management CS Risk Management have recently obtained the accreditation to provide the full suite of Cyber Essentials certification body services Over and above Cyber Essentials Plus certification this also now includes verification of Basic Cyber Essentials self assessment submissions and issuing of Basic Cyber Essentials certificates to those customers who meet the requirements set out in the scheme Continue reading This entry was posted in Cyber Essentials and tagged cyber essentials Cyber Essentials guidance on 8 June 2015 by Maritz Cloete PA DSS Compliance Rules Revised to Ditch SSL Crypto PA DSS PCI DSS The PCI Security Standards Council published revisions to the Payment Application Data Security Standard PA DSS this week to address concerns over the Secure Sockets Layer SSL protocol Continue reading This entry was posted in PCI DSS Compliance and tagged Compliance PA DSS PCI DSS on 4 June 2015 by Maritz Cloete UK Government chooses not to renew XP support UK newspaper The Guardian reports that the UK government is not going to renew support for their aging and now unsupported Windows XP desktop infrastructure Microsoft withdrew its extended support programme for Windows XP its 14 year old operating system in April 2014 Given the number of Windows XP PCs still being used in government and businesses at the time Microsoft provided paid for extended support on a one off basis The UK government has decided not to extend the 5 5m contract this year an is expecting each government departments which still have XP machines to negotiate extended support with Microsoft directly The Guardian reports that while the government s move away from Windows XP which each department has had seven years warning to complete was described as having had good process some departments have struggled with the transition The Metropolitan Police Service for instance sought a support agreement directly from Microsoft while HM Revenue and Customs is

    Original URL path: http://www.csriskmanagement.co.uk/blog/?m=201506 (2016-02-14)
    Open archived version from archive

  • CS Risk Management - CS InfoSec Blog
    policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 14 May 2015 by Maritz Cloete Mozilla Releases Security Updates for Firefox Firefox ESR and Thunderbird Original release date May 12 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox Firefox ESR and Thunderbird Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial of service condition or steal sensitive information Available updates include Firefox 38 Firefox ESR 31 7 Thunderbird 31 7 US CERT encourages users and administrators to review the Security Advisories for Firefox Firefox ESR and Thunderbird and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 13 May 2015 by Maritz Cloete Adobe Releases Security Updates for Flash Player Reader and Acrobat Original release date May 12 2015 Adobe has released security updates to address multiple vulnerabilities in Flash Player Reader and Acrobat Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system Users and administrators are encouraged to review Adobe Security Bulletins APSB15 09 and APSB15 10 and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 12 May 2015 by Maritz Cloete Microsoft Releases May 2015 Security Bulletin Original release date May 12 2015 Microsoft has released 13 updates to address vulnerabilities in Microsoft Windows Some of these vulnerabilities could allow elevation of privilege denial of service remote code execution information disclosure or security feature bypass US CERT encourages users and administrators to review Microsoft Security Bulletins MS15 043 MS15 055 and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 12 May 2015 by Maritz Cloete Cisco UCS Central Software Vulnerability Original release date May 08 2015 Cisco has released a security advisory to address a vulnerability in the web framework of Cisco Unified Computing System UCS Central Software Exploitation of this vulnerability may allow a remote attacker to take control of an affected system US CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates This product is provided subject to this Notification and this Privacy Use policy Source US CERT This entry was posted in Threat Alerts and tagged Cyber Security on 8 May 2015 by Maritz Cloete WordPress Security and Maintenance Release Original release date May 07 2015 WordPress 4 2 and prior versions contain critical cross site scripting vulnerabilities Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website Users and administrators are encouraged to review the WordPress Security and Maintenance Release and upgrade to

    Original URL path: http://www.csriskmanagement.co.uk/blog/?m=201505 (2016-02-14)
    Open archived version from archive



  •  


web-archive-uk.com, 2017-12-17