Category: Security

COVID-19 iOS 13.5 exposure logging feature with Bluetooth icon

What We Know About Exposure Notification Security

 |   |  Security

The COVID-19 pandemic is creating an urgent need for technical solutions to assist in the critical process of digital contact tracing. Apple has now released iOS 13.5 to the general public, including the exposure notification API framework it developed with Google. In this blog, I’m going to take a deeper look at how these solutions work from a technical perspective and the potential security considerations.

Read More >

secure passwords

World Password Day 2020: Secure Passwords Are Still Important

 |   |  Security

Yes, there’s really a World Password Day. Celebrated on the first Thursday of May, the event was started by Intel in 2013 to raise awareness of the need for secure passwords. As a security professional, I must admit that 7 years later, I question the need to continue to observe this event. Do we, in the year 2020, really still need to be told that passwords are important? Sadly, yes. We still need a reminder that secure passwords are incredibly important. While I imagine most people would say they know that, it’s one thing to know it and quite another to put it into practice. In 2020, issues associated with passwords still abound.

Read More >

Contact Tracing

Contact Tracing, Privacy and COVID-19

 |   |  Security

Digital contact tracing is an emerging technology in response to the COVID-19 pandemic. While innovative, intriguing and necessary, it raises some interesting privacy and employment law concerns. My co-author Dan Schwartz and I share our initial thoughts on this evolving issue.

Read More >

Apple Mail iOS Vulnerability

Apple Mail iOS Vulnerability – What You Need to Know

 |   |  Security

Reports of a bug being actively exploited affecting the Apple Mail iOS application are making news. This bug may have been leveraged in the wild as early as January of 2018, according to sources. Apple has not confirmed that they have seen this attack being exploited against customers. However, it has confirmed that the bug isn’t happening in the beta of the latest (unreleased) iOS. Other security researchers have confirmed the “likelihood” of the legitimacy of this attack being used in the wild. If the vulnerability is truly being exploited, the risks are very real.

Read More >

Protect Yourself from Zoombombing

How to Protect Yourself from Zoombombing

 |   |  Security

A new type of attack, called “Zoombombing” or “Zoomraiding” specifically targets the over 200 million daily Zoom meeting participants that now rely on the video conferencing solution for remote work, remote education and social connection.

Read More >

New York State SHIELD Act 2020

How Does the SHIELD Act Affect Your Business?

 |   |  Business & Strategy, Security

On March 22nd, 2020, the remaining provisions of the New York SHIELD Act went into effect (the sections associated with data breach notifications went live in October of 2019). This law dictates the responsibilities organizations have for protecting the personal information data of residents of the State of New York. You may be thinking “our business isn’t based in New York State, so we’re good, right?” You would be wrong. 

Read More >

working from home cybersecurity

Working from Home: Cybersecurity Safety During COVID-19

 |   |  Security

Even in times like these, the need for proper security never stops. If anything, we are seeing dramatic increases in security threats as bad actors try to capitalize on the chaos and people’s quest for any information on COVID-19. That, along with the nature of our work being different now put us in a spot where organizations need to re-evaluate their security.  

Read More >

Internet Explorer

Critical Security Vulnerability in Internet Explorer Browser

 |   |  Security

Microsoft recently identified a new critical security vulnerability in its Internet Explorer (IE) web browser. Microsoft has confirmed that the vulnerability is being targeted and exploited in the wild, so it is critical that IE users are aware of the issue and how to mitigate it. This vulnerability (CVE-2020-0674) can be exploited by an attacker hosting a crafted website, and grants access to the system with the same privileges as the current user.

Read More >

Cisco Discovery Protocol

Cisco Vulnerabilities Identified in Cisco Discovery Protocol

 |   |  Security

Cisco issued guidance on how to identify and remediate the effects of five vulnerabilities in the Cisco Discovery Protocol implementation on some Cisco NX-OS devices. The vulnerabilities could, in certain situations, enable an attacker to trigger a memory overflow and gain control of a vulnerable device or cause it to shut down or reload.

Read More >

Patch Tuesday

How Important Was This Microsoft Patch Tuesday?

 |   |  Security, Technology

“Patch Tuesday” is the day when Microsoft typically announces and releases all of the security updates for their software products. While every Patch Tuesday can be impactful from a workload standpoint, some announcements from Microsoft carry more weight than others. On Tuesday, January 14th, 2020, we saw another example of that.

Read More >