Level-up Cyber Security Awareness
In 2022, four out of five workers did their work remotely or were hybrid. Remote work was embraced by companies, and they were forced to define and adopt remote working policies. However, IT departments were just as crucial in the new remote working era. They had to ensure security for their employees who were now working from home or from coffee shops.
Protecting sensitive information and maintaining regulatory compliance has become more difficult in today’s dynamic business landscape. Companies have to adapt their data access protocols to account for employees accessing data from various locations and devices. Businesses that shift their security posture when migrating from on-premise to hybrid and cloud environments again face a similar challenge, just as they did when they moved to the cloud.
Begin by defining the culture of security and then ensure that all employees are trained to respect the company’s standards. By training your … Read the rest
How To Revert Microsoft Outlook Navigation Bar To The Bottom
With The Microsoft Outlook 2207 update, the navigation bar was moved from bottom to left to increase accessibility and provide more customization which allow you to include apps. If you don’t like the change, there is good news, Microsoft added a temporary option to revert this change. In this tutorial you will learn how to revert Microsoft Outlook navigation bar back to the bottom.
Step 1 : Open Microsoft Outlook
Step 2 : Locate and click on File > Options > Advanced.
Step 3 : Under Outlook panes, locate and uncheck Show Apps in Outlook.
Step 4 : Locate and click the OK button.
Step 5: Restart Microsoft Outlook.
Your Navigation bar should now be reverted to the bottom. Keep in mind that this is only temporary, and Microsoft will remove the option to revert this navigation bar completely.
I hope this article was helpful, if you have any questions,
… Read the rest
Is Your Microsoft Exchange Server Vulnerable to ProxyNotShell Flaw?
According to the non-profit Shadowserver Foundation, there are approximately 60,000 IP addresses with internet-facing Microsoft Exchange Server instances still vulnerable to CVE-2022-41082.
This might look like a standard Exchange Server bug, but it’s actually a lot worse. It’s really two flaws in one. The first flaw is a server-side request forgery in the Exchange API. The second is a remote code execution bug. We call this bug ProxyNotShell because it’s reminiscent of the ProxyShell bugs that plagued Microsoft servers earlier this year.
Microsoft did not patch this vulnerability until its November Patch Tuesday release. It was a long wait, but Microsoft said it was necessary to protect customers. You should still take action, though — follow Microsoft’s instructions for the Autodiscover endpoint to mitigate the vulnerability until it can be patched.
However, CrowdStrike published a blog post last month revealing a new exploit chain called “OWASSRF” that can bypass Microsoft’s … Read the rest
Is Your Website ADA Compliant?
The Americans with Disabilities Act (ADA) is a landmark civil rights law that prohibits discrimination against disabled individuals in all areas of public life. It gives millions of people with disabilities equal access to employment, government, telecommunications, and businesses.
Businesses must make reasonable modifications to accommodate customers with disabilities. Title III of the ADA addresses businesses specifically. It prohibits discrimination on the basis of disability in places of public accommodation, which include restaurants, private schools, sports stadiums, office buildings, and more. Businesses are required to make “reasonable modifications” to serve people with disabilities.
Who Needs to Be Compliant?
Under Title III, businesses “open to the public” both in the physical world and online are required to provide equal access to people with disabilities.
Examples of businesses open to the public include:
- Restaurants and bars.
- Retail establishments.
- Hotels and other places of lodging.
- Parks, zoos, and other places of recreation.
How To Migrate UniFi Controller
In this tutorial you will learn how to migrate your UniFi Controller 7.0 to a new UniFi Controller. We are going to use the export site function for the migration. This is the simplest way to migrate your UniFi settings to a new UniFi Controller.
Task Details
- Log into Your UniFi Controller.
- Create A Backup Of Your UniFi Controller Settings.
- Export Site From The Existing UniFi Controller.
- Import Site Into The New Unifi Controller.
Task 1: Log Into your UniFi Controller
- Open a browser tab and direct yourself to your UniFi Controller
- Sign in with your local username and password or your Ubiquiti Account.
- Select your Unifi Controller.
Task 2: Create A Backup Of Your UniFi Controller Settings
1. Click Settings 
2. Click System
3. Locate Backup and click Download.
Task 3: Export Site From The Existing UniFi Controller
1. Click Settings
2. Click System
3. Locate Legacy … Read the rest
Black Friday Phishing Scams
Black Friday is approaching, and you should be aware of scams. Thirty percent of people in the US reported receiving phishing messages around Black Friday.
“[N]early a third of U.S. consumers (30%) said they received a phishing email around Black Friday last year, either by email or SMS to their personal email or cell,” the researchers write. “The thing is that consumers expect to receive more marketing and advertising emails from retailers during this time, touting their deals, along with updates about their orders and notifications about deliveries. Inboxes are noisier-than-usual and this makes it easier for cybercriminals to ‘hide’ their malicious messages. What’s more, attackers can leverage the ‘too-good-to-be-true’ deals people are expecting to receive, using them as lures to successfully deceive their victims. When the email looks like it has come from a legitimate brand and email address, people are more likely to click on malicious links that … Read the rest
Microsoft Security, Compliance, and Identity Fundamentals SC-900
I am happy to announce that I achieved my Microsoft Security, Compliance, and Identity Fundamentals SC-900 Certification.
SC-900 is the entry level security exam for a wide array of Microsoft products. I put products there, plural, because SC-900 is more than just understanding Azure products that fit the identity/security mold. You will also be tested on Microsoft 365 products, as well as identity products such as Active Directory in depth. Importantly, the exam is probably half and half Azure and Microsoft 365 products. If you are looking for solely Azure products, then AZ-500 may be a better exam (But is obviously much more difficult). The types of questions in SC-900 that involve M365 are often around security tools such as Microsoft Defender For Office 365/Identity/Endpoint/CloudApps, or around compliance tools such as “eDiscovery”.
If you’ve already sat AZ-900, then this exam might be a little easier as some Azure concepts
Cyber Threats For Retail Stores
Cyber attacks on retailers are real and can occur online or offline. Credit card records can be stolen by malicious cyber-intruders. These attackers are able to enter a retail store in person and hack into your systems. Physical access to your retail store is the first step to a successful cyber attack. Threat actors can gain access to your network by using devices that fit in your wallet, like card skimmers, as well as vulnerable Wi-Fi networks, USB drives, and other hacking equipment. They can also use social engineering tactics to have an insider to help them. All retailers have experienced data being stolen, networks being degraded, and infrastructure being compromised.
Attention To Detail
With cyber security a big problem for retailers, it’s important to know the various methods used by cyber criminals to attack your business. They commonly use card skimmers and unsecured point-of-sale systems to acquire credit … Read the rest
Android Malware Infects 20 Million Users
A newly discovered Android malware was confirmed to have infected around 20 million users. The Clicker Malware, used 16 different malicious apps to get into the Google Play Store. Once there, it affected millions of users.
The Clicker Campaign
McAfee researchers found that the malware is hiding in applications that are disguised as legitimate tools. These applications are targeting Android phone users.
- These tools include Flashlight (Torch), QR readers, Camera, Unit Converters, and Task Managers.
- Its hard to tell the difference these days the apps may look like well-made Android software. However, they are hiding ad fraud features, equipped with remote configuration and Firebase Cloud Messaging (FCM) techniques.
- These Android applications are opened the malware is secretly downloaded in the background.
The researchers found that this malware is designed to disrupt the mobile advertising industry. It targets the ad-supported business models of the mobile ecosystem. The malware in turn generates … Read the rest
Conduct A ISO 27001 Risk Assessment in 7 Steps
Risk assessments are the most important part of any ISO 27001 project. They help you determine how to get your ISMS in order and keep it that way. This is the core of your information security management system, which is what you get when you implement the Standard.
What is an information security risk assessment?
When you look at the bigger picture of an information security management system, your first step is to look for risks. A risk assessment is a tool used to assess and manage incidents that have the potential to cause harm to your sensitive data. Your first step is to identify vulnerabilities that a cyber criminal could exploit or mistakes that employees could make. Then you determine the risk level and decide on the best course of action to prevent them from happening.
How to conduct an ISO 27001 risk assessment
Risk assessments can be complicated. … Read the rest
Loading ...