The ISO/IEC 270001 family of standards, also known as the ISO 27000 series, is a series of best practices to help organisations improve their information security. Published by ISO (the International Organization for Standardization) and the IEC (International Electrotechnical Commission), the series explains how to implement best-practice information security practices. an. It does this by setting out ISMS (information security management system) requirements. An ISMS is a systematic approach to risk management, containing measures that address…

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how cybercriminals are passing the time during the COVID-19 pandemic with online poker games, where the prizes include stolen data. Also, read about how VirusTotal now supports Trend Micro ELF Hash (aka telfhash).   Read on: Cybercriminals Use Stolen Data and Hacking Tools as Prizes…

Researchers disclose a critical pre-authentication vulnerability in the SonicWall VPN Portal that is easily exploitable. Background On October 12, SonicWall published a security advisory (SNWLID-2020-0010) to address a critical vulnerability in SonicOS that could lead to remote code execution (RCE). The vulnerability was discovered by security researchers at Tripwire’s Vulnerability and Exposure Research Team (VERT). Analysis CVE-2020-5135 is a stack-based buffer overflow vulnerability in the VPN Portal of SonicWall’s Network Security Appliance. A remote, unauthenticated…

Overview The Coronavirus 2019 (COVID-19) global pandemic has caused widespread fear of the unknown and deadly aspects of this novel virus, generated growth in certain industries to combat it, and created a shift toward remote work environments to slow the spread of the disease.  Defending Your Organization Against COVID-19 Cyber Attacks. In this webinar, AJ, and I describe COVID-19 attacks in January through March, the groups behind them, and key MITRE ATT&CK techniques being employed….

Cyber threats are so numerous that it’s impossible to prevent security incidents altogether. That’s why they organisations increasingly relying on cyber insurance policies to cover the costs when data breaches and cyber attacks occur. But just how helpful is cyber insurance? We take at a look at everything you need to know in this blog. What is cyber insurance? Cyber insurance is a specific type of protection, helping organisations mitigate the financial costs associated with…

Organisations are always looking for ways to improve their security practices, and one of the most effective ways to achieve this is by enrolling employees on cyber security training courses. A recent Lucy Security study found that 96% of respondents agreed that a greater level of awareness over cyber security threats contributed to overall improvements in their defences. Despite that, comparatively few provided adequate training to help staff mitigate the risks of data breaches and cyber…