The cyber civil defence services provided by the Shadowserver Foundation are the most overlooked and critical tool for securing your network. If you are a cybersecurity professional and NOT signed up to Shadowserver, you are missing details that will protect your network from the next attack. If you want a quick introduction to Shadowserver, check Read More
Tag: vulnerabilities
Why are the top National Security Teams Yelling for you to Fix your Network?
The top National Security Teams are yelling at you to fix your network. The Joint Advisory is not a simple act of collaboration. The first 12 are highlighted for a reason. We do not know the insider reasons other than they are ACTIVELY EXOLIOTED with NOT ENOUGH ORGANIZATIONS MITIGATING that are PUTTING ORGANIZATIONS at RISK. Read More
Open SMTP (Email) Servers on Your Network
Do you know if you have open SMTP servers on your network? In May, Qualys released 21 vulnerabilities to Exim (see Qualys Security Advisory 21Nails: Multiple vulnerabilities in Exim). Exim is a popular Mail Transfer Agent (MTA) available on Unix operating systems and comes pre-installed on Linux distributions. The easy access and wide SMTP/Exim MTAs use Read More
Seven Critical Security Conversations
Everyone needs to have Seven Critical Security Conversations with their vendors, supply chain partners, and other organizations who help with your security & resiliency posture. The wave of supply chain security conversations that was sparked by the Bloomberg articles has people talking (see The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Read More
Filtering Exploitable Ports and Minimizing Risk from the Internet and from Your Customers
Barry Greene @ bgreene@senki.or Version 1.3 TLP: CLEAR What are you doing to prepare for the next “scanning malware” and “Internet Worm?” Recommendation: Operators (CSPs, ISPs, Cloud Companies, and Hosting Companies) are strongly encouraged to deploy Port Filtering on the known Exploitable ports and Source Address Validation (SAV) on their customer edge of the network
Demand Security from your Vendors
Demande Security from your Vendors. Ask the right “Security Questions.” This provides a list of questions that anyone can use with their vendors to get a better understanding of their security capabilities. Start meaningful “Security Conversations.” Read More
Weekend Read – Lessons from Heartbleed
Every vulnerability is a security lesson that will either be repeated or used to improve the organization. Lessons from Heartbleed is no different. IMHO “The Matter of Heartbleed” is a mandatory paper for all security professionals! It points out the dynamics of a critical Internet vulnerability and how organizations respond. As a minimum, read the Read More