| New England Safety Partners, LLC

Cyber Security

Security convergence is the consolidation of traditionally disparate risk management spheres of influence, Physical Security, Information Security and Compliance into a unified view of risk. Find Out More.

Cyber Security

Compliance

We maintain extensive partnerships with regional accounting and audit firms. Find Out More.

Compliance

New England Safety Partners helps small and medium sized business with comprehensive Risk Management services in cyber security, physical security and compliance management.

Please contact us for details.

****

Proud Sponsor of the Boston Chapter of InfraGard

NESP consultants had a very thorough understanding of the PCI-DSS requirement. (The word ‘encyclopedic’ comes to mind.) This was very helpful in areas where the written standard leaves room for interpretation. In those situations, they helped us to assess our risk and to develop practical solutions.

They brought strong operating systems and networking expertise. They quickly earned the respect of, and collaborated effectively with, our technical staff. Consistently their recommendations were technically sound.

Information Security Staff Member, Large University

Working with technology and people can be messy and a sometimes befuddling proposition. NESP exercised effective people skills in balance with deep understanding of project technical issues to yield positive results for ITG.

CEO, Interactive Tactical Group

NESP was a strong business partner on information security issues particularly as they related to our employees, data security, data access and data controls. They were instrumental in putting a robust information security program in place for the organization, and for educating senior management on the criticality of security awareness. They demonstrated strong technical expertise, but also had the ability to align with business demands/appetite.

VP HR, Property and Casualty Insurance Company

Friday Squid Blogging: Ram’s Horn Squid Shells

by Bruce Schneier | Sep 17, 2021 | Cyber Security | 0 Comments

You can find ram’s horn squid shells on beaches in Texas (and presumably elsewhere).
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.

Zero-Click iMessage Exploit

by Bruce Schneier | Sep 17, 2021 | Cyber Security | 0 Comments

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware.
Apple patched the vulnerability; everyone needs to update their OS immediately.
News articles on the exploit.

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

by BrianKrebs | Sep 16, 2021 | Cyber Security | 0 Comments

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.

Customer Care Giant TTEC Hit By Ransomware

by BrianKrebs | Sep 15, 2021 | Cyber Security | 0 Comments

TTEC, [NASDAQ: TTEC], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident that appears to be the result of a ransomware attack, KrebsOnSecurity has learned.

Identifying Computer-Generated Faces

by Bruce Schneier | Sep 15, 2021 | Cyber Security | 0 Comments

It’s the eyes:

The researchers note that in many cases, users can simply zoom in on the eyes of a person they suspect may not be real to spot the pupil irregularities. They also note that it would not be difficult to write software to spot such errors and for social media sites to use it to remove such content. Unfortunately, they also note that now that such irregularities have been identified, the people creating the fake pictures can simply add a feature to ensure the roundness of pupils.

And the arms race continues….

Research paper.

…

Microsoft Patch Tuesday, September 2021 Edition

by BrianKrebs | Sep 14, 2021 | Welcome | 0 Comments

Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google’s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software.

Upcoming Speaking Engagements

by Schneier.com Webmaster | Sep 14, 2021 | Cyber Security | 0 Comments

This is a current list of where and when I am scheduled to speak:

I’m keynoting CIISec Live—an all-online event—September 15-16, 2021.
I’m speaking at the Infosecurity Magazine EMEA Autumn Online Summit on September 21, 2021.
I’m speaking at the Cybersecurity and Data Privacy Law Conference in Plano, Texas, USA, September 22-23, 2021.
I’m speaking at the fourth annual Managing Cyber Risk from the C-Suite conference—a virtual event conducted through Webex—on October 5, 2021.
I’ll be speaking at an Informa event on November 29, 2021. Details to come…

Designing Contact-Tracing Apps

by Bruce Schneier | Sep 13, 2021 | Welcome | 0 Comments

Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps.
Also see her excellent book on the topic.

Friday Squid Blogging: Possible Evidence of Squid Paternal Care

by Bruce Schneier | Sep 10, 2021 | Cyber Security | 0 Comments

Researchers have found possible evidence of paternal care among bigfin reef squid.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

by BrianKrebs | Sep 10, 2021 | Cyber Security | 0 Comments

On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from “Meris,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.

« Older Entries