RSS_Virtulization

On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc.  As we disclosed the findings to Agora in April 2020, this lengthy disclosure timeline represents a nonstandard process for McAfee but was a joint agreement with the vendor to allow sufficient time for the development and release of a secure SDK. The release of the SDK mitigating the vulnerability took place on December 17th,…

Well, let’s start with the basics. What is MSSP? It is short for Managed Security Service Provider. As the name suggests MSSPs are providers of different managerial security services. Examples of some managerial services are managing firewalls, detecting intrusion, keeping an eye out for new threats 7x24x365, anti-virus services, patch management, identity management, regulatory compliance gap analysis, anti-phishing training, solving cyber emergency problems like ransomware, security assessments, and much more.  From SMBs to large organizations,…

By Nick Psaki, Principal Engineer, Office of the CTO, Pure Storage The threat of ransomware is not new – but we are seeing a renewed focus since the onset of COVID-19. With the majority of the Federal workforce remote, the landscape is changing rapidly and threats are evolving. The Cybersecurity and Infrastructure Security Agency (CISA) – along with other agencies – has released several alerts since the beginning of the pandemic, citing new and emerging…

Today, the PCI Security Standards Council (PCI SSC) published version 1.1 of the PCI Secure Software Lifecycle (SLC) Standard and its supporting program documentation. The PCI Secure SLC Standard is one of two standards that are part of the PCI Software Security Framework (SSF). It provides security requirements and assessment procedures for software vendors to integrate into their software development lifecycles and to validate that secure lifecycle management practices are in place.

The owner of two companies based in Virginia has pleaded guilty to orchestrating a million-dollar fraud scheme, engaging in unlawful monetary transactions, and receipt of child sexual abuse material (CSAM).  Gordon G. Miller III, of Glen Allen, is the sole owner and operator of software engineering company G3 Systems Inc. and self-described venture capital company G3i Ventures LLC.  According to court documents, the 56-year-old started engaging in multiple fraud schemes starting around 2017 to prevent…

A recent cyber-attack on a company based in Seattle, Washington, may have compromised the data of millions of drivers residing in California. The California Department of Motor Vehicles has contracted with Automatic Funds Transfer Services, Inc. (AFTS) since 2019 to cross-reference addresses with the national database as part of a process to ensure the addresses to which vehicle registration renewal notices are mailed are correct.  According to a statement released by the DMV on Wednesday,…

In a webinar Wednesday, former US Homeland Security director Christopher Krebs also suggested organizations have COVID workforce coordinators and that cloud mail providers activate MFA by default. Image: iStockphoto/Metamorworks Effective CISOs and other leaders are those who plan for today but with an eye on tomorrow, and always put people first, according to Christopher Krebs, former director of the Department of Homeland Security’s cybersecurity and infrastructure agency. “You always have to be agile around how…

A Nigerian entrepreneur who was nominated for Africa’s most prestigious award for businessmen has been imprisoned in the United States for masterminding a multimillion-dollar cyber-fraud scheme.  Obinwanne Okeke headed a criminal team that used email-based cyber-attacks to steal credentials from hundreds of victims from approximately 2015 to 2019. The data they swiped was used to target companies with fraudulent wire-transfer requests and fake invoices.  British company Unatrac Holding Limited, the export sales office for American…