Data Security

Subscribe to Data Security

The UK National Cyber Security Centre (NCSC) issued an alert on October 16, 2020, to raise awareness “of a new remote code execution vulnerability (CVE – 2020 – 16952)”, which affects Microsoft’s SharePoint product. According to the alert, “successful exploitation of this vulnerability would allow an attacker to run arbitrary code and to carry out

I have never been a fan of TikTok [view related post]. In general, I do not trust any Chinese technology companies because of the influence and requirements the Chinese government wields over them. The Chinese government has been stealing U.S.-based companies’ intellectual property for decades, has required U.S.-based companies to provide computer code in

The COVID-19 pandemic has certainly forced companies to innovate and explore new ways of working across its workforce and client base. Some have decided to dive head first into implementing collaboration technologies such as Microsoft Teams. Afterall, it’s part of the Microsoft stack, so in theory such a decision doesn’t require a significant financial investment.

The Ginp Banking Trojan is not a new way of scamming users into giving up credit card details, however, the latest version apparently capitalizes on COVID-19 anxiety. Recently, security researchers at Kaspersky revealed that the Ginp Trojan works by asking a user for a small payment via credit card, and in return the user is

New Hampshire Governor Chris Sununu recently signed the New Hampshire Insurance Data Security Law, which “establishes the exclusive state standards applicable to licensees for data security, the investigation of a cybersecurity event…, and notification to the commissioner.” The law is applicable to all persons or entities licensed, authorized to operate, registered or required to be

There was unfortunately some bleak news out of the Department of Health & Human Services, (HHS) Office of the Inspector General (OIG) recently. The OIG recently released the results of a performance audit of the HHS’ compliance with the Federal Information Security Modernization Act of 2014 (FISMA). The OIG Report states that FISMA requires that

I came across an article last week that indicated there was a successful attack on Microsoft’s Office 365 and Google’s G Suite environments that was able to bypass multi-factor authentication (MFA). However, after reading the article it was immediately clear the attack leveraged an old protocol, IMAP (Internet Message Access Protocol), which does not support

According to reports by WhoWhatWhy and the Associated Press, five security experts have confirmed a private citizen’s allegation that the Georgia Online Voter Database contains a major security flaw and is vulnerable to hackers. According to one of the experts from the University of Michigan, anyone with access to an individual voter’s personal information could alter that voter’s information in the database. Another commented that the problem is easily detectable, and that it was clear that the system “has never been audited by any computer security professional.”
Continue Reading Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable