Welcome - New England Safety Partners, LLC

NSA on Supply Chain Security

November 4, 2022 Welcome Ed Gardner 0

The NSA (together with CISA) has published a long report on supply-chain security: “Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.“:

Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. But the supplier also holds a critical responsibility in ensuring the security and integrity of our software. After all, the software vendor is responsible for liaising between the customer and software developer. It is through this relationship that additional security features can be applied via contractual agreements, software releases and updates, notifications and mitigations of vulnerabilities…

Iran’s Digital Surveillance Tools Leaked

November 1, 2022 Welcome Ed Gardner 0

It’s Iran’s turn to have its digital surveillance tools leaked:

According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where. Such a system could help the government invisibly quash the ongoing protests —or those of tomorrow —an expert who reviewed the SIAM documents told The Intercept…

CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication

October 31, 2022 Welcome Ed Gardner 0

Original release date: October 31, 2022CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication (MFA). CISA strongly urges all organizations to implement phishing-resistant MF…

Apple Only Commits to Patching Latest OS Version

October 31, 2022 Welcome Ed Gardner 0

People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions.

From ArsTechnica:

In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent upgrades will receive updates for every security problem Apple knows about. Apple currently provides security updates to macOS 11 Big Sur and macOS 12 Monterey alongside the newly released macOS Ventura, and in the past, it has released security updates for older iOS versions for devices that can’t install the latest upgrades…

CISA Releases Twenty-Five Industrial Control Systems Advisories

October 13, 2022 Welcome Ed Gardner 0

Original release date: October 13, 2022CISA has released twenty-five (25) Industrial Control Systems (ICS) advisories on October 13, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surround…

Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses

September 23, 2022 Welcome Ed Gardner 0

Okay, it’s an obscure threat. But people are researching it:

Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.” That corresponds to 28 pt, a font size commonly used for headings and small headlines.
[…]
Being able to read reflected headline-size text isn’t quite the privacy and security problem of being able to read smaller 9 to 12 pt fonts. But this technique is expected to provide access to smaller font sizes as high-resolution webcams become more common…

CISA Releases Eight industrial Control Systems Advisories

September 19, 2022 Welcome Ed Gardner 0

Original release date: September 19, 2022 | Last revised: September 20, 2022CISA has released eight (8) Industrial Control Systems (ICS) advisories on September 20, 2022. These advisories provide timely information about current security issues, vulner…

CISA Releases Eleven Industrial Control Systems Advisories

September 15, 2022 Welcome Ed Gardner 0

Original release date: September 15, 2022CISA has released eleven (11) Industrial Control Systems (ICS) advisories on September 15, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surroundi…

CISA Releases Four Industrial Control Systems Advisories

September 8, 2022 Welcome Ed Gardner 0

Original release date: September 8, 2022CISA released four Industrial Control Systems (ICS) advisories on September 08, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CIS…

CISA Releases Five Industrial Control Systems Advisories

September 6, 2022 Welcome Ed Gardner 0

Original release date: September 6, 2022CISA has released five Industrial Control Systems (ICS) advisories on September 06, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
…

« 1 2 3 4 5 … 11 »

Category: Welcome