Search This Blog

Showing posts with label security threat. Show all posts

A Series Of Cyber Essentials Toolkits Released To Address Cyber-Security Risks


As a major starting point for small businesses and government agencies to comprehend and address cybersecurity risk as they indulge with other risks, Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essential Toolkits following its own November 2019 release.

CISA's toolkits will give greater detail, insight, and assets on every one of the Cyber Essential' six "Essential Elements" of a Culture of Cyber Readiness.

The launch of the introductory "Essential Element: Yourself, The Leader" will be followed every month by another toolkit to compare with every one of the six "Essential Elements." Toolkit 1 targets on the role of leadership in fashioning a culture of cyber readiness in their organization with an accentuation on methodology and investment.

CISA Director Christopher Krebs says “We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit. We hope this toolkit and the ones we are developing, fills gaps, and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.”

Cyber Essential created in collaboration with small businesses and state and local governments, plans to prepare smaller organizations that generally have not been a part of the national dialogue on cybersecurity with basic steps and assets to improve their cybersecurity.

The CISA incorporates two sections, the core values for leaders to build up a culture of security, and explicit activities for them and their IT experts to put that culture into action. Every one of the six Cyber Essential incorporates a list of noteworthy items anybody can take to bring down cyber risks.

These are:

  •  Drive cybersecurity strategy, investment, and culture; 
  •  Develop a heightened level of security awareness and vigilance;
  •  Protect critical assets and applications; 
  •  Ensure only those who belong on your digital workplace have access; 
  •  Make backups and avoid loss of info critical to operations; 
  • Limit damage and restore normal operations quickly.

Detection of Suspicious Activity Leads Reddit into Locking Down Its Users Account




The discovery of a suspicious activity has driven Reddit into 'locking down’ a substantial number of its user accounts as a security concern.

Reddit brought up that the main cause of the accounts lockdown is caused by the utilization of straightforward and simple to detect passwords on its site and from the reuse of those passwords on different services. However, the users claim that they were still locked out of their accounts even after utilizing solid passwords and not utilizing the Reddit credentials on different sites.

While a few users reported that their accounts were locked in spite of the fact that the activity page indicates they were the only ones getting to them, others rather revealed that somebody got to their accounts and were accessing them from numerous locations around the world.

The users who were unfortunately locked out from their accounts were requested yet again to reset their passwords to re-establish their respective accounts.

 “Over the next few hours, affected accounts will be allowed to reset their passwords to be unlocked and restored. This will take the form of either a notification to the account (yes, you’ll be able to log in to get it) and/or an email to any support ticket you’ve already sent in.

It may be a little while before you receive your notice, but please be patient. There’s no need to file additional support tickets or send messages to the admins at this time. If you haven’t seen any update by tomorrow, contact us at that time via the Help Centre.

We’re sorry for the unpleasant surprise and are working to get you all back to redditing as usual. I’ll be monitoring this thread for a while to answer questions where I can, but please keep in mind we can’t answer most account-specific inquiries in public,” concluded the Reddit Admin.


Security Flaw in Nordstrom Gift Cards Revealed by Security Expert

Cybersecurity expert Jim Stickley has found a flaw in the Nordstrom gift cards that allows hackers to drain money from the card by pulling the pins from the website.

He demonstrated the same in an interview with TODAY by hacking a $50 gift card from Nordstrom.

According to Stickley, the Nordstrom cards have shorter PINs and had no protection from bots, which has made this method of hacking possible. He added that this was the reason why Nordstrom cards are especially susceptible to hacking.

The flaw has since been fixed after NBC News brought it to the retailer’s attention.

“Our customers are always our top priority, and if we learn they were negatively impacted by an issue with our gift card systems, we'd work quickly to take care of them,” the company said. “We have a number of gift card security controls in place, and a team of experts that regularly test, review and enhance those controls."

According to National Retail Federation, Americans are expected to spend more than $27.6 million on gift cards this year.