Skip to main content

Posts

Top 20 Most Asked Third Party Risk Questions for Vendors  These questions help organizations assess the overall risk posed by third-party vendors, covering critical areas like data protection, regulatory compliance, and incident response. Here’s a list of the Top 20 Most Asked Third-Party Risk Management (TPRM) Questions for Vendors in TPRM questionnaires: 1. What types of sensitive data do you handle for our organization? Vendors should clarify the types of data they collect, process, or store, such as personal information, financial data, or intellectual property. 2. How do you protect data at rest and in transit? This question probes into the encryption methods, protocols, and security controls in place for safeguarding data during storage and transmission. 3. Do you have a formal Information Security Program in place? Vendors should describe their overall cybersecurity framework, including policies, procedures, and governance. 4. How do you manage user access to our data and syste
Recent posts

10 Important Cybersecurity Practices for your Business

  10 Important Cybersecurity Practices for your Business 1. EDUCATION  It’s much easier to prevent a hack than it is to recover from a hack. Once your company’s sensitive data is stolen through a ransomware attack, recovering it is often a long and arduous process. Teaching employees about basic security, personal cybersecurity, and the prevalence of cyber threats goes a long way in stopping ransomware attacks before they can really do damage. Your employees should understand that they might be targets of malicious actors, eager to exploit any entry they can find in your company. The average cost of a cyberattack is 3.86 million and the cumulative total for global cybercrime is expected to cost $6 trillion. If you don’t pay to train your employees about cybersecurity best practices eventually you may end up paying more in the long run. High quality and free trainings for your employees are available from several government resources including Department of Homeland Security. 2. BETTER

WhatsApp Security Check!!! Do this Now

  An Urgent warning has gone viral on social media recently, urging you to check your privacy settings after WhatsApp reportedly secret update.  What's the truth behind this latest warning? Just days after its controversial update to facilitate data sharing with Facebook, social media is ablaze with messages suggesting the platform has suddenly updated your group privacy settings and you need to urgently change them back. You can change your settings to avoid anyone one adding you to a group without having them on your contact Follow the steps below: Go to WhatsApp: Go into Settings Go to Account Go to Privacy Go to Groups Change from (Everyone) to (My Contacts)

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

  Thursday - Microsoft warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them," the Microsoft Security Intelligence team  said  in a series of tweets. The new wave of attacks, which the company spotted last week, commences with spam emails sent from compromised email accounts with "Outgoing Payments" in the subject line, luring the recipients into opening malicious PDF documents that claim to be remittances, but in reality, connect to a rogue domain to download the STRRAT malware. Besides establishing connections to a command-and-control server during execution, the malware comes with a range of features that allow it to collect browser passwords, log keystrokes, and run remote commands an

Nearly 500,000 workers are needed in cybersecurity roles around the country

The push to work from home during the coronavirus pandemic is straining cybersecurity professionals around the country tasked with ensuring workers are able to not only work efficiently from remote locations — but to do so safely. This rapid shift is a tall order for an industry that was already in need of skilled professionals long before the pandemic took hold.  Cybersecurity workers were taken off some or all of their typical security duties to assist with other IT-related tasks, including equipping mobile workforces, according to an April survey from global nonprofit (ISC)2, the largest association of certified cybersecurity professionals. The survey of 256 cyber pros found nearly half were re-tasked and that a quarter said cybersecurity incidents increased since the transition to remote work, with some seeing as many as double the number of incidents. Separate data from another nonprofit cybersecurity group, the Information Systems Security Association, found a 63% increase in cyb

What is Zero Trust?

  Zero trust  is a security model based on the principle of maintaining strict access controls and not trusting anyone by default, even those already inside the network perimeter. Zero Trust  is a security concept that requires all users, even those inside the organization’s enterprise network, to be authenticated, authorized, and continuously validating security configuration and posture, before being granted or keeping access to applications and data. This approach leverages advanced technologies such as multifactor authentication, identity and access management (IAM), and next-generation endpoint security technology to verify the user’s identity and maintain system security. Zero Trust is a significant departure from traditional network security , which followed the “trust but verify” method. The traditional approach automatically trusted users and endpoints within the organization’s perimeters, putting the organization at risk from malicious internal actors and allowing unauthorize

6 Tools you should know as a Cybersecurity Analyst/ Pen Tester

  Wireshark Wireshark Having a solid foundation in Networking is essential to becoming a good penetration tester.  Wireshark is the world’s best network analyzer tool. It is an open-source software that enables you to inspect real-time data on a live network. Wireshark can dissect packets of data into frames and segments giving you detailed information about the bits and bytes in a packet. Wireshark supports all major network protocols and media types. Wireshark can also be used as a packet sniffing tool if you are in a public network. Wireshark will have access to the entire network connected to a router. Wireshark Packet Capture Sites like Facebook and Twitter are encrypted now, thanks to https. This means that even though you can capture packets from a victim computer in transit to Facebook, those packets will be encrypted. Still, being able to capture data packets in realtime is an important utility for a penetration tester. Nmap Nmap is the first tool you will come across when you