Operations Security

#IdentityManagementDay – Best Practices to Help Keep Your Organization Secure

By Chinatu Uzuegbu, CISSP, CEO/Managing Cyber Security Consultant at RoseTech CyberCrime Solutions Ltd. We kicked off the Identity and Access Management Processes from the Top-Level Management approach. The Identity and Access Management Security Steering Committee is a group of C-Suites leaders, also referred to as the respective Data and Asset Owners from the various Business Units of my organization. The group met and established the governing policy around the Identity and Access Management Processes. The governance covers the Mandatory Access Control Policy and Trust Policy of the organization which are automatically enforced as the baselines on default. The governance of…

April 11, 2023
0 comment
Read More >>

Push Notification Is More Secure Than SMS 2FA, So Why the Reluctance to Enable It?

Forget SMS 2FA authentication – Twitter and others are making it less attractive by either charging for it or phasing it out altogether. But there’s a better alternative if only tech companies were willing to invest. By John E. Dunn Mention Twitter and two factor authentication (2FA) in the same breath right now and security watchers will immediately think about a puzzling announcement the company made less than two months ago. The gist was that anyone using or adding SMS 2FA to their account would have to buy a subscription to Twitter Blue for $8 per month to continue to…

April 7, 2023
0 comment
Read More >>

LATEST CYBERTHREATS AND ADVISORIES – APRIL 7, 2023

The U.S. government takes down another dark web forum, Western Digital suffers a cyberattack and the fastest acting ransomware to date. Here are the latest threats and advisories for the week of April 7, 2023. By John Weiler Threat Advisories and Alerts Websites Built with Elementor Pro and WooCommerce under Attack Millions of WordPress websites using the popular Elementor Pro website builder and the WooCommerce plugin have been exposed to a serious security vulnerability. The flaw, which affects Elementor Pro versions 3.11.6 and earlier, allows malicious actors to change the default user privileges to include administrator access. The vulnerability was…

April 7, 2023
0 comment
Read More >>

CYBERSECURITY INDUSTRY NEWS REVIEW – APRIL 4, 2023

UK government potentially skimps on senior cyber role salary as the NCSC calls for more investment in people, Microsoft talks up the potential for ChatGPT and the US moves to ban spyware. By Joe Fay U.K. Treasury Tries to Drive Down Inflation with Paltry Cybersecurity Salary The U.K.’s Treasury department is looking for an “experienced” Head of Cyber Security willing to work for £55,500. The successful candidate will be “working at the heart of Government in a time of momentous change and offering a level of exposure and challenge that is hard to find anywhere else”. Amongst other things, they…

April 4, 2023
0 comment
Read More >>