The Future Of Identification And Authentication
IN THE BEGINNING…
Passwords have been around since ancient times, back when you needed to know the correct word to pass or enter an area, and have evolved over the course of history to meet specific demands. The military developed a challenge and response system that required not just a password, but also a counter-password. For example, the challenge would be Mango, and the response to Mango would be Peach. This form of authentication verified both sides.
The first computer password was born out of necessity in 1961 at MIT for use with their CTSS—one of the first time-sharing systems, which is a computing resource used by multiple individuals. Since there were multiple people who had private sets of files, it made sense that each person should be given their own login and password. The rest, as they say, is history.
PASSWORDS AREN’T DEAD
To this day, the debate over … Read the rest
HIPAA For Business Associates
HIPAA defines business associates as a person or entity that provides services to a covered entity that involves the disclosure of PHI.
What is HIPAA?
HIPAA, the Health Insurance Portability and Accountability Act, was enacted in 1996 primarily to simplify the flow of healthcare information, and to make sure that all PHI (Personal Health Information) is kept confidential and private and is only used in the way for which it was intended. This means that medical information can only be collected, shared, stored, and used for legitimate purposes, and must be properly protected.
Who must follow HIPAA?
Business associates who work for HIPAA-covered entities must comply with HIPAA. Business associates are people who work with, or provide a service to, a covered entity and, in doing so, have access to PHI. They could be attorneys, accountants, or transcriptionist’s. HIPAA-covered entities include healthcare providers (pharmacists, doctors, hospitals, and labs), healthcare plans … Read the rest
Vulnerability in Cisco Small Business Switches
Nothing new with these Cisco Small Business Switches. A researcher, Jasper Adriaanse has identified several vulnerabilities, including ones that have been rated high severity, in Cisco’s Small Business 220 series smart switches.
These vulnerabilities were discovered to impact switches that run firmware versions earlier than 1.2.0.6 and have the web-based management interface enabled which the interface is enabled by default. In an advisory released a few days ago, Cisco said Jasper Adriaanse found a few types of security holes in the small business switches.
One of them, tracked as CVE-2021-1542 and rated high severity, can be exploited by a remote, unauthenticated attacker to hijack a user’s session and gain access to the switch’s web interface. Depending on the privileges of the targeted user, the attacker could gain admin-level access to the management interface.
Another high-severity issue is CVE-2021-1541, which allows a remote attacker with admin permissions on the … Read the rest
How to direct Unifi VLAN traffic to OpenDNS
In this tutorial you will be shown how to direct UniFi VLAN traffic to OpenDNS. Many companies love using OpenDNS due to it ease of use but sometimes it can be tricky to deploy on UniFi since the GUI keeps changing. This tutorial guides you through Unifi Controller Version 6.1.71.
OpenDNS is a Internet security company based in San Francisco that provides easy-to-implement Internet navigation and Web security solutions for families, schools, governmental organizations and businesses of all sizes. The services provided by OpenDNS increase the speed of navigating websites and prevent unintended access to phishing and malware sites as well as to any Web content that you configure to be restricted.
Lets Get Started
In this tutorial I will be using a UniFi UDM Pro on Controller Version 6.1.71. Please update your controller as needed as some times may vary if your not up to date. I will be … Read the rest
Ransomware Risk Management
The National institute of Standards and Technology (NIST) has released a new document called: cybersecurity framework profile for ransomware risk management. The document contains detailed steps that you can take to reduce the risk of infection and it has was to prevent ransomware attacks.
They outline these basics
NIST has provided the basic and best approach to preventing, mitigating and protecting critical data against ransomware events and they recommend the following:
- Use Antivirus Software to scan your system, emails and flash drives.
- Keep Systems up to date and all software fully patched.
- Use a services or products that blocks access to ransomware sites.
- Put a policy in place that only allows authorized apps to be used in computers.
- Restrict personal devices to internal network access resources.
- Do not provide users with local administrative privileges.
- Block use of personal apps on work computer for example: email, chat, social media.
- Provide
Install Windows 11 Within VirtualBox
In this tutorial you will be shown how to install Windows 11 within VirtualBox. VirtualBox is great VM software to test releases of different types of OS’s.
Lets get started
- Lets download Virtual Box
- Once downloaded go through the wizard and leave default settings.
- If you need Windows 11 you can follow this Windows 11 Download tutorial.
- Open Virtual Box.
- Click on the New icon.
- Name your Virtual Machine
- Find and select version and select Windows 10. Click Next
- Memory Size 2GB will be fine. Click Next
- Hard Disk, Select Create a Virtual hard disk now. Click Next
- Hard Disk File type can be left with VDI selected. Click Next
- Storage on physical hard disk, select Dynamically allocated. Click Next
- File location and size can be left as default. Click Create
- Start the virtual machine
- VM should boot into the ISO, go through the process of installing windows.
If you
… Read the rest
How to Download Windows 11
In this tutorial you will be shown how to download and install Windows 11 and use Rufus bootable USB. This is the latest release of Microsoft Windows 11 is visually great in my option however it all comes down to how you feel about it.
This tutorial I will show you how to download Windows 11 iso. Make sure you have proper backups of your system before making any changes. You choose to move forward at your own digression and I will not be liable for any data loss.
Keep in mind that this stolen software release was not supposed to be leaked to the public. This ISO was found from random link sources and may have been tampered with.
Windows 11: Release Date
We could expect Microsoft to announce the release date of Windows 11 at its event next week. The event is scheduled for June 24 at 11:00 … Read the rest
Phishing Attacks Growing At Rapid Pace
What’s going on?
- The frequency of phishing attacks is different for each industry and is based on the targeted firm’s size. Healthcare and manufacturing sectors are the most targeted by phishing scams.
- Social media are also lucrative targets, with social messaging apps being the main target. Accounts with single sign-on accounted for 40% of all phishing attacks.
- There are many different types of phishing attacks
SSL VPN Attacks Up Nearly 2000%
A recent report published by Nuspire outlined what activity cyber criminals have been up to. SSL VPN attacks have gone up nearly 2000%.
Increase in VPN attacks
In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware.
“2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, CSO at Nuspire. “This added multiple new attack vectors that enabled threat actors to prey on organizations, which is what we started to see in Q1 and are continuing to see today.”
Because of the significant increase in VPN and RDP … Read the rest
How To Execute Docker without using sudo privilege on Ubuntu 20.04
In this tutorial you will be shown how to configure Ubuntu 20.04 to execute Docker without using sudo. By default, you have to run docker commands with sudo privilege or by a user in the docker group. This tutorial will show you how to bypass that.
To test your privileges to confirm you cannot run Docker without sudo type in docker run hello-word. You should get the following message and if should move forward with the tutorial.
$ docker run hello-world Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker. sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.27/containers/json: dial unix /var/run/docker.sock: connect: permission denied
Lets Get Started
- SSH into your Ubuntu 20.04 server.
- Create new group. This command will likely fail as group maybe already exist, but let’s run it anyways.
sudo groupadd docker
3. Now we will add the current logged in user to the docker group
sudo
Loading ...