CMMC | Compliance | DIB | DoD | IT Infrastructure | Legal | Privacy | Security News Update | User tips
Security News Update for January 19, 2025
This week’s news includes:
Creating a PIEE/SPRS Account and Entering Your Score
Here are two videos; the first one shows you how to create an SPRS account; the second shows how to enter a new score. NOTE: You will see that I got an error on the PIEE administrator role in the first setup. That may be due to the fact that I already have an account…
Staying Safe Online – Passwords
I see a lot of advice on passwords but unfortunately, some of it is wrong. Watch this short video to learn about managing your passwords.
A Secure Replacement for Passwords
Passkeys will ultimately replace passwords. How soon is unclear because 2 billion websites need to be upgraded to support it and the vendors still have some kinks to work out. But it will happen and you need to learn about it and start playing with it. Learn more here:
Lessons to Learn from the MGM-Caesars Breach
The breaches of both MGM and Caesars were not high tech; they were pure social engineering attacks. That means that you can harden your company and your information likely for very little money. While this is early in the game, there are some easy lessons to learn here. Here are some key takeaways from the…
Protecting Website Security Question Answers
In light of the recent Callaway golf equipment vendor’s websites (multiple) breaches, which compromised security questions and answers, here is a simple tip to reduce your risk going forward from these breaches.
CMMC | Compliance | DIB | DoD | IT Infrastructure | User tips
NIST SP 800-171 Update for July 2023
800-171 is the government’s chosen cybersecurity standard for protecting controlled unclassified information (CUI) and is the standard is required by a number of government departments and by private industry as a matter of contract for protecting sensitive unclassified information. Learn more about this new version of the standard here.
Internet of Things Dumpster Fire
The Internet of Things refers to a class of smart devices that are typically used to automate things. This can be anything from a smart TV or smart door lock to an automated oil refinery and everything in between. Unfortunately, the security of many of these devices is to be really kind, lacking. The hackers…
Old Attacks Never Die – USB Malware Spreader
In this case, it wasn’t the well known “candy drop” attack but rather an accidental USB attack. Still infected an entire hospital. This one is attributed to China. Learn more below.
Security of Network Devices with Public Management Interfaces
CISA, the Cybersecurity and Infrastructure Security Agency released a directive, which is binding on federal civilian executive branch agencies, that addresses the security of network and operational technology (OT, IoT) devices which can be managed from the public Internet. Learn what CISA and we are recommending below.