Author: Admin

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse, and remove access in a standardized, timely, and repeatable way across an entire organization. Privileged accounts, such as…

Microsoft discovered new custom malware, dubbed FoggyWeb, used by the Nobelium cyberespionage group to implant backdoor in Windows domains. Microsoft Threat Intelligence Center (MSTIC) researchers have discovered a new custom malware, dubbed FoggyWeb used by the Nobelium APT group to deploy additional payloads and steal sensitive info from Active Directory Federation Services (AD FS) servers. FoggyWeb is a post-exploitation backdoor used by the APT group to remotely exfiltrate the configuration database of compromised Active Directory Federation…

By T.J. Minichillo Did you know an organization is hit with a ransomware attack every 11 seconds? As the global attack surface grows every day, and with everyone’s security perimeter now everywhere and anywhere data travels, being resilient to ransomware attacks takes on far greater significance. The only way to create a truly resilient strategy against the growing onslaught of ransomware attacks is to go on the offensive by arming your data to protect itself….

Docker recently announced updates and extensions to our product subscriptions. Docker CEO Scott Johnston also posted a blog about the changes. Much of the discussion centered on what the licensing changes mean for users of Docker Desktop, which remains free for small businesses and several other user types, but now requires a paid subscription — starting at $5 per user per month — for professional use in medium to large businesses. Earlier this month Docker Captain,…

Canadian vaccine passport app PORTpass may have exposed personal information belonging to hundreds of thousands of users.  According to a report by CBC News, the app’s operators left data, including names, identification documents, and email addresses, on an unsecured website. The personal information was allegedly stored in plain text and could be accessed by the public.  Following a tipoff received on Monday, the news source investigated the security of the PORTpass website. CBC News said…