Firewall, InfoSec and Internet - Cyber Security Informer

Achieving PCI DSS Compliant Firewalls within a Small Business

Security Boulevard

MAY 6, 2021

The most important and integral part of any data security begins with having firewalls installed in the environment. Not just that, installing firewalls is an essential requirement of the Payment Card Industry Data Security Standard (PCI DSS ). What is a PCI DSS Compliant Firewall? Protect cardholder data with a firewall.

Small Business

Small Business Firewall Wireless Internet

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Risk

Risk VPN Internet Internet

Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs

DoublePulsar

OCTOBER 22, 2024

Back on October 13th, I started a Mastodon thread for something I’d come across: Kevin Beaumont (@GossiTheDog@cyberplace.social) The thread is a bit wild, I didn’t know about the FortiNet private notification as I’m just an InfoSec pleb (InfoSec porg?) FortiManager is a product you sit centrally to manage a load of FortiGate firewalls.

Firewall

Firewall InfoSec Internet Internet

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

“The infosec industry is always trying to distinguish [the work] of one APT group from another. . “From what they chat about we can see this is a very competitive industry, where companies in this space are constantly poaching each others’ employees and tools,” Danowski said. But that’s getting harder to do.”

Government

Government Hacking Cyber threats Mobile

Top Web Application Firewall (WAF) Vendors

eSecurity Planet

MAY 6, 2021

Web application firewalls (WAFs) are a critical component for robust application security. At the same time, WAF technology is increasingly a part of more comprehensive security solutions like next-generation firewalls (NGFW), unified threat management (UTM), and more. Best Web Application Firewalls (WAFs). Amazon Web Services.

Firewall

Firewall DDOS Marketing Technology

Data Loss Prevention in an API-Driven World

CyberSecurity Insiders

JUNE 16, 2023

They typically safeguard web applications with application security tooling or Web Application Firewalls (WAF). Data loss at the API layer needs to be high on the list of priorities for security and privacy teams in addition to protecting sensitive data with SASE, CASB solutions and NextGen firewalls.

Risk

Risk Firewall Data breaches InfoSec

Malicious Life Podcast: Understanding China’s Cyber Culture

Security Boulevard

SEPTEMBER 7, 2021

Bill Hagestad examines how China's culture and troubled history of western colonialism influenced its government views and actions regarding the global internet and its interactions with western technology companies such as Google and Nortel - check it out. Colonel (Ret.)

Internet

Internet Internet Government Technology

Cyber CEO – Cyber Hygiene is More Critical for Your Business Now Than Ever Before – Here’s Why

Herjavec Group

MAY 19, 2022

No matter how many firewalls or network controls you have in place, the risk of insider threat will always be present. I’ve been in infosec for over 30 years and have had the great privilege of evolving and learning as a cybersecurity executive in a space I love.

Penetration Testing

Penetration Testing Social Engineering Cybercrime InfoSec

Cyber Playbook: An Overview of PCI Compliance in 2022

Herjavec Group

MARCH 24, 2022

Internet-facing architecture that is being ASV scanned has grown more complex over the last years with the implementation of HTTPS load balancers, web application firewalls, deep packet inspection capable intrusion detection/prevention (IDS/IPS) systems, and next-gen firewalls.

Architecture

Architecture Firewall Penetration Testing eCommerce

Why Human Input Is Still Vital to Cybersecurity Tech

SecureWorld News

APRIL 17, 2022

It was once the case that cybersecurity technology consisted of little more than a firewall and antivirus software. One of the first was the storage of passwords by internet browsers. Yes, these advances have meant huge changes for the way that InfoSec operates, there are still many things that can only be managed with human input.

Cybersecurity

Cybersecurity Passwords Technology Password Management

RCE vulnerability in OpenSSH – RegreSSHion (CVE-2024-6387)

Pen Test Partners

JULY 1, 2024

There has been a lot of talk on various infosec news feeds about the RegreSSHion vulnerability. Also ask yourself the question: do I need to expose SSH to the untrusted internet? If the answer is “no” then remove or restrict the service by adjusting your firewall rules accordingly. Does CVE-2024-6387 affect me?

InfoSec

InfoSec Authentication VPN Firewall

Water utility CISO offers tips to stay secure as IT and OT converge

SC Magazine

APRIL 26, 2021

Kristin Sanders, chief information security officer for the Albuquerque Bernalillo County Water Utility Authority, revealed last week how New Mexico’s largest water and wastewater utility has been addressing this challenge by leveraging a series of software solutions, sensors and internet-of-things tech.

CISO

CISO IoT VPN InfoSec

Threats to ICS and industrial enterprises in 2022

SecureList

NOVEMBER 23, 2021

Further evolution of cyberthreats as a response to infosec tools and measures. Known vulnerabilities in internet-facing hardware are also sure to remain a popular penetration vector. Update firewalls and SSL VPN gateways in good time. Moreover, the latter is the most dangerous and hard-to-detect method.

Spyware

Spyware Phishing Cybercrime Energy and Utilities

Embracing Automation in Cyber Threat Intelligence: The Key to Timely Protection

SecureWorld News

SEPTEMBER 27, 2023

Threat Intelligence (TI) representation across different levels There is a lot of information on cyberattacks on the internet, and, as a rule, the most helpful information is contained in cyber threat reports ( Threat Intelligence Reports ). Highlighting the AI advantages in ITSM and InfoSec, you can use ChatGPT.

Cyber threats

Cyber threats Artificial Intelligence Malware Threat Reports

WordPress and the Dark Side of Defacements

SiteLock

AUGUST 27, 2021

WordPress remains the largest CMS and holds a large market share of the internet. According to author Nimrod Luria in a recent Infosec Island article , “The (hacked) sites appear to have one thing in common: they are all built on the WordPress content management platform.” Use a malware scanner and web application firewall (WAF).

eCommerce

eCommerce Cyber Attacks InfoSec Marketing

Episode 162: Have We missed Electric Grid Cyber Attacks for Years? Also: Breaking Bad Security Habits

The Security Ledger

SEPTEMBER 25, 2019

» Related Stories Spotlight Podcast: Security Automation is (and isn’t) the Future of Infosec Episode 159: Deep Fakes and Election (in)Security with ZeroFOX Spotlight Podcast: Rethinking Your Third Party Cyber Risk Strategy. Also: Rachel Stockton of the firm LastPass* joins. Read the whole entry. »

Cyber Attacks

Cyber Attacks Energy and Utilities Cyber Risk Firewall

A Paramedic’s Top 2 Tips for Cloud Incident Response

Security Boulevard

OCTOBER 11, 2023

I love using this one to help infosec professionals gauge how bad an incident is. Because they aren’t used to everything (potentially) being on the Internet. The entire management plane is on the Internet, so if an attacker gets credentials, you can’t stop them with a firewall or by shutting down access to a server.

Accountability

Accountability Internet Internet InfoSec

Cliché: Security through obscurity (yet again)

Errata Security

SEPTEMBER 12, 2020

Infosec is a largely non-technical field. Then an 0day is discovered, and a worm infecting SSH spreads throughout the Internet. The (hypothetical) reason is that your organization immediately put a filter for port 22 on the firewalls, scanned the network for all SSH servers, and patched the ones they found. You do this.

InfoSec

InfoSec Passwords Accountability CISO

Introducing the Control Plane for Machine Identity Management

Security Boulevard

OCTOBER 10, 2022

The applications that were first to appear on the internet in the 90s ran in data centers. Developers want to go incredibly fast and infosec wants to be secure even if it slows down development. Infosec must provide the intellectual property and expertise to accelerate development while securing it. What’s new here? fastsecure.

Digital transformation

Digital transformation Software Authentication InfoSec

Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends

Security Boulevard

APRIL 22, 2025

Exploit Chain Targets Unpatched Juniper EX Switches and SRX Firewalls CVE-2023-36845 Juniper Networks Junos OS PHP External Variable Modification Vulnerability 9.8 The consulting industry had the longest average remediation rate while the software, internet and technology sector had the shortest at 172 days.

Energy and Utilities

Energy and Utilities Authentication Data breaches VPN

The Network Perimeter: This Time, It’s Personal

Threatpost

SEPTEMBER 29, 2020

Botnets and IoT devices are forming a perfect storm for IT staff wrestling with WFH employee security.

IoT

IoT Firewall InfoSec Internet

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

That meant I tested the release candidates -- not the final product you’d buy in the stores - for consumer-grade antivirus programs, desktop firewalls, and desktop Intrusion detection systems. Mashable: Move over Heartbleed and welcome to shell shock, the latest security threat to hit the internet. And it's a doozy program.

Software

Software Passwords Internet Internet

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

That meant I tested the release candidates -- not the final product you’d buy in the stores - for consumer-grade antivirus programs, desktop firewalls, and desktop Intrusion detection systems. Mashable: Move over Heartbleed and welcome to shell shock, the latest security threat to hit the internet. And it's a doozy program.

Software

Software Passwords Internet Internet

The Hacker Mind: Hacking Social Media

ForAllSecure

JUNE 2, 2021

With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. Robert Vamosi: Before there was the internet as we know it today, there were bulletin boards, BBSs. By anyone’s measure that would make him an infosec influencer, would it not? Massive numbers.

Media

Media Hacking InfoSec Marketing

The Hacker Mind: Hacking Social Media

ForAllSecure

JUNE 2, 2021

With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. Robert Vamosi: Before there was the internet as we know it today, there were bulletin boards, BBSs. By anyone’s measure that would make him an infosec influencer, would it not? Massive numbers.

Media

Media Hacking InfoSec Marketing

SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats

eSecurity Planet

FEBRUARY 25, 2022

Firewalls work both ways. Start treating the entire internet as hostile… because it is.” “If my boutique infosec consultancy has these resources…what does a state sponsored one have?” ” “Watch your egress. Carefully monitor outbound traffic. DMZ servers RESPOND to external requests.

B2B

B2B Cyber Attacks Firewall Cyber threats

Inside the Complex Universe of Cybersecurity

SecureWorld News

JANUARY 11, 2024

DeSouza has also earned numerous industry accolades, including Top Global CISO by Cyber Defense Magazine, Top 10 InfoSec Professional by OnCon, and induction into the CISO Hall of Fame by the global Cyber Startup Observatory.

Cybersecurity

Cybersecurity CISO Cyber threats Risk

The Hacker Mind Podcast: Hacking Real World Criminals Online

ForAllSecure

MAY 2, 2023

That, of course, was not all, but it is an example of how someone -- anyone on the internet -- can take a photo or blog post or Yelp review from social media, or some other seemingly random open source item and tie it back to a crime. Which then I could configure to get on the internet, you know. Daniel, he keeps a low profile.

Hacking

Hacking Media InfoSec Internet

Petya Ransomware: What You Need to Know and Do

Andrew Hay

JUNE 29, 2017

Unless you’ve been away from the Internet earlier this week, you’ve no doubt heard by now about the global ransomware outbreak that started in Ukraine and subsequently spread West across Western Europe, North America, and Australia yesterday. Checking out the new Petya variant – SANS ISC InfoSec Forums. By: Andrew Hay.

Ransomware

Ransomware Firewall Malware InfoSec

The Hacker Mind Podcast: What Star Wars Can Teach Us About Threat Modeling

ForAllSecure

JANUARY 22, 2023

Having a common framework around vulnerabilities, around threats , helps us understand the infosec landscape better. Adam has more than 20 years in the infosec world, and he even helped create the CVE system that we all use today. And they wrote an article which you can now find on the internet, titled The threats to our products.

Engineering

Engineering Technology Information Security Authentication

Cyber Security Informer

Achieving PCI DSS Compliant Firewalls within a Small Business

CISA Order Highlights Persistent Risk at Network Edge

Webinars

Trending Sources

Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs

Webinars

New Leak Shows Business Side of China’s APT Menace

Top Web Application Firewall (WAF) Vendors

Data Loss Prevention in an API-Driven World

Malicious Life Podcast: Understanding China’s Cyber Culture

Cyber CEO – Cyber Hygiene is More Critical for Your Business Now Than Ever Before – Here’s Why

Cyber Playbook: An Overview of PCI Compliance in 2022

Why Human Input Is Still Vital to Cybersecurity Tech

RCE vulnerability in OpenSSH – RegreSSHion (CVE-2024-6387)

Water utility CISO offers tips to stay secure as IT and OT converge

Threats to ICS and industrial enterprises in 2022

Embracing Automation in Cyber Threat Intelligence: The Key to Timely Protection

WordPress and the Dark Side of Defacements

Episode 162: Have We missed Electric Grid Cyber Attacks for Years? Also: Breaking Bad Security Habits

A Paramedic’s Top 2 Tips for Cloud Incident Response

Cliché: Security through obscurity (yet again)

Introducing the Control Plane for Machine Identity Management

Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends

The Network Perimeter: This Time, It’s Personal

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

The Hacker Mind: Hacking Social Media

The Hacker Mind: Hacking Social Media

SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats

Inside the Complex Universe of Cybersecurity

The Hacker Mind Podcast: Hacking Real World Criminals Online

Petya Ransomware: What You Need to Know and Do

The Hacker Mind Podcast: What Star Wars Can Teach Us About Threat Modeling

Stay Connected