Is Your Website ADA Compliant?
The Americans with Disabilities Act (ADA) is a landmark civil rights law that prohibits discrimination against disabled individuals in all areas of public life. It gives millions of people with disabilities equal access to employment, government, telecommunications, and businesses.
Businesses must make reasonable modifications to accommodate customers with disabilities. Title III of the ADA addresses businesses specifically. It prohibits discrimination on the basis of disability in places of public accommodation, which include restaurants, private schools, sports stadiums, office buildings, and more. Businesses are required to make “reasonable modifications” to serve people with disabilities.
Who Needs to Be Compliant?
Under Title III, businesses “open to the public” both in the physical world and online are required to provide equal access to people with disabilities.
Examples of businesses open to the public include:
- Restaurants and bars.
- Retail establishments.
- Hotels and other places of lodging.
- Parks, zoos, and other places of recreation.
How To Migrate UniFi Controller
In this tutorial you will learn how to migrate your UniFi Controller 7.0 to a new UniFi Controller. We are going to use the export site function for the migration. This is the simplest way to migrate your UniFi settings to a new UniFi Controller.
Task Details
- Log into Your UniFi Controller.
- Create A Backup Of Your UniFi Controller Settings.
- Export Site From The Existing UniFi Controller.
- Import Site Into The New Unifi Controller.
Task 1: Log Into your UniFi Controller
- Open a browser tab and direct yourself to your UniFi Controller
- Sign in with your local username and password or your Ubiquiti Account.
- Select your Unifi Controller.
Task 2: Create A Backup Of Your UniFi Controller Settings
1. Click Settings 
2. Click System
3. Locate Backup and click Download.
Task 3: Export Site From The Existing UniFi Controller
1. Click Settings
2. Click System
3. Locate Legacy … Read the rest
Black Friday Phishing Scams
Black Friday is approaching, and you should be aware of scams. Thirty percent of people in the US reported receiving phishing messages around Black Friday.
“[N]early a third of U.S. consumers (30%) said they received a phishing email around Black Friday last year, either by email or SMS to their personal email or cell,” the researchers write. “The thing is that consumers expect to receive more marketing and advertising emails from retailers during this time, touting their deals, along with updates about their orders and notifications about deliveries. Inboxes are noisier-than-usual and this makes it easier for cybercriminals to ‘hide’ their malicious messages. What’s more, attackers can leverage the ‘too-good-to-be-true’ deals people are expecting to receive, using them as lures to successfully deceive their victims. When the email looks like it has come from a legitimate brand and email address, people are more likely to click on malicious links that … Read the rest
Microsoft Security, Compliance, and Identity Fundamentals SC-900
I am happy to announce that I achieved my Microsoft Security, Compliance, and Identity Fundamentals SC-900 Certification.
SC-900 is the entry level security exam for a wide array of Microsoft products. I put products there, plural, because SC-900 is more than just understanding Azure products that fit the identity/security mold. You will also be tested on Microsoft 365 products, as well as identity products such as Active Directory in depth. Importantly, the exam is probably half and half Azure and Microsoft 365 products. If you are looking for solely Azure products, then AZ-500 may be a better exam (But is obviously much more difficult). The types of questions in SC-900 that involve M365 are often around security tools such as Microsoft Defender For Office 365/Identity/Endpoint/CloudApps, or around compliance tools such as “eDiscovery”.
If you’ve already sat AZ-900, then this exam might be a little easier as some Azure concepts
Cyber Threats For Retail Stores
Cyber attacks on retailers are real and can occur online or offline. Credit card records can be stolen by malicious cyber-intruders. These attackers are able to enter a retail store in person and hack into your systems. Physical access to your retail store is the first step to a successful cyber attack. Threat actors can gain access to your network by using devices that fit in your wallet, like card skimmers, as well as vulnerable Wi-Fi networks, USB drives, and other hacking equipment. They can also use social engineering tactics to have an insider to help them. All retailers have experienced data being stolen, networks being degraded, and infrastructure being compromised.
Attention To Detail
With cyber security a big problem for retailers, it’s important to know the various methods used by cyber criminals to attack your business. They commonly use card skimmers and unsecured point-of-sale systems to acquire credit … Read the rest
Android Malware Infects 20 Million Users
A newly discovered Android malware was confirmed to have infected around 20 million users. The Clicker Malware, used 16 different malicious apps to get into the Google Play Store. Once there, it affected millions of users.
The Clicker Campaign
McAfee researchers found that the malware is hiding in applications that are disguised as legitimate tools. These applications are targeting Android phone users.
- These tools include Flashlight (Torch), QR readers, Camera, Unit Converters, and Task Managers.
- Its hard to tell the difference these days the apps may look like well-made Android software. However, they are hiding ad fraud features, equipped with remote configuration and Firebase Cloud Messaging (FCM) techniques.
- These Android applications are opened the malware is secretly downloaded in the background.
The researchers found that this malware is designed to disrupt the mobile advertising industry. It targets the ad-supported business models of the mobile ecosystem. The malware in turn generates … Read the rest
Conduct A ISO 27001 Risk Assessment in 7 Steps
Risk assessments are the most important part of any ISO 27001 project. They help you determine how to get your ISMS in order and keep it that way. This is the core of your information security management system, which is what you get when you implement the Standard.
What is an information security risk assessment?
When you look at the bigger picture of an information security management system, your first step is to look for risks. A risk assessment is a tool used to assess and manage incidents that have the potential to cause harm to your sensitive data. Your first step is to identify vulnerabilities that a cyber criminal could exploit or mistakes that employees could make. Then you determine the risk level and decide on the best course of action to prevent them from happening.
How to conduct an ISO 27001 risk assessment
Risk assessments can be complicated. … Read the rest
OAuth application abuse used to gain Exchange Online access
Microsoft researchers recently found a new type of attack. Hackers compromise Exchange Online access with malicious OAuth applications and then use it to change your email settings and spread spam.
OAuth applications are growing in popularity. One of the first malicious uses of OAuth applications is consent phishing. Consent phishing is a particularly sly form of phishing attacks that aim to trick users into granting permission to malicious apps so that they can gain access to cloud services such as email, files storage, and management APIs.
The attacker then gains access to the server by using a technique called credential stuffing, which is basically taking passwords from a compromised database and trying them. This is possible because the target OAuth authentication was bypassed. And they had administrator roles, so they could do everything on the site.
Figure 1. Overview of the attack chain. The time between application deployment and usage … Read the rest
How To Create An IT Hurricane Preparedness Plan
Looking to safeguard your IT infrastructure against hurricanes? Learn how to create an IT Hurricane Preparedness Plan that ensures business continuity and data protection.
Introduction
A disaster plan is essential for businesses in the South. A hurricane preparedness plan is just as essential for digital and electronic assets. In this blog post, we answer common questions about creating a digital disaster recovery plan. These include: What does it look like? Should I have one? How often should I update it? And so on. It applies to natural disasters such as hurricanes, but it can also be applied to other types of disasters.
Importance of IT Hurricane Preparedness
Ignoring the need for an IT Hurricane Preparedness Plan is like playing Russian roulette with your business. According to the Federal Emergency Management Agency (FEMA), nearly 40% of small businesses never reopen after a disaster. The modern business landscape relies heavily on data … Read the rest
Hackers Pivoting Around Macro Blocking in Microsoft Office
Microsoft’s default blocking of macros in its Office suite is not stopping hackers. These hackers are now using alternative files to host malicious payloads, now that Microsoft’s primary method of threat delivery is being cut off.
The use of macros-enabled attachments by threat actors has decreased dramatically in the past year, according to new data by Proofpoint revealed in a blog post Thursday. The decrease began when Microsoft announced it would block XL4 macros by default for Excel users. This was followed up with the blocking of VBA macros by default across the Office suite this year.
As Microsoft continues to improve its Office suite security, hackers are increasingly resorting to other file types as vessels for malware, Trend Micro researchers said. Specifically, the company is seeing an increase in the use of “container files” such as ISO and RAR attachments as well as Windows Shortcut (LNK) files.
In the … Read the rest
Loading ...