Articles by 'Nancy Rand'

Blog Author - Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.

By Nancy Rand, Posted in Security

From Dark Reading on 1/24/18: Intel provided another update on advice for patching: https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/ From Dark Reading on 1/23/18: Intel Says to Stop Applying Problematic Spectre, Meltdown Patch Cause of reboot problems with its Broadwell and Haswell microprocessor patching now identified, the chipmaker said. Intel is now advising its customers and partners to halt the installation of patches for its Bro... read more.

  • January 24, 2018

By Nancy Rand, Posted in Security

The National Institute of Standards and Technology (NIST) finalized its Digital Identity Guidelines in December 2017 and published the following four documents: NIST Special Publication 800-63-3, Digital Identity Guidelines Presents an executive summary of the series along with a glossary. NIST Special Publication 800-63A, Digital Identity Guidelines, Enrollment and Identity Proofing Provides requirements for enrollment and identity proofing of applicants for access to resources at each Identity Assuran... read more.

  • January 12, 2018

By Nancy Rand, Posted in Security

Earlier this week, the public was apprised of a major hardware vulnerability in Intel, AMD and ARM. This vulnerability affects practically every computer and mobile device in use today.   First and foremost, you should patch all devices up to the current releases to ensure you receive the latest protection combined with Endpoint Detection and Response software. The articles linked below present the information in detail.   The following Common Vulnerabilities and Exposures (CVE) are associate... read more.

  • January 05, 2018

By Nancy Rand, Posted in Security

This year was once again filled with major security breaches. In fact, these breaches have impacted so many of us that they are becoming a routine fact of life for companies and individuals alike. The Equifax breach in particular affects practically every person or entity that has had a credit check done in recent years.  Protection of our personally identifiable information (PII) and financial information should have been a priority with a credit bureau. As we've seen, it was not. And of course... read more.

  • November 30, 2017

By Nancy Rand, Posted in Security

February 23, Techcrunch.com - Major Cloudflare bug leaked sensitive data from customers’ websites. Cloudflare revealed a serious bug in its software today that caused sensitive data like passwords, cookies, authentication tokens to spill in plaintext from its customers’ websites. The announcement is a major blow for the content delivery network, which offers enhanced security and performance for more than 5 million websites. This could have allowed anyone who noticed the error to collect a... read more.

  • February 27, 2017

By Nancy Rand, Posted in Security

January 16, SecurityWeek – (International) Flaws found in Carlo Gavazzi energy monitoring products. Carlo Gavazzi released firmware updates after a security researcher found that the company’s VMU-C product was plagued with a flaw that grants a malicious actor access to most of the application’s functions without authentication, as well as a cross-site request forgery (CSRF) issue that can be exploited to change configuration parameters. The researcher also found the product stores some se... read more.

  • January 18, 2017

By Nancy Rand, Posted in Security

January 12, SecurityWeek – (International) GoDaddy revokes nearly 9,000 SSL certificates. GoDaddy revoked nearly 9,000 Secure Sockets Layer (SSL) certificates after discovering that a software bug, which was introduced in July 2016 as part of a routine code change intended to improve the certificate issuance process, can cause the domain validation process to be unreliable. GoDaddy provides the customer a random code and directs the customer to place it in a specific location on their Website in order... read more.

  • January 17, 2017

By Nancy Rand, Posted in Security

January 12, SecurityWeek – (International) Eight vulnerabilities patched in WordPress. WordPress version 4.7.1 was released, resolving a total of 8 security flaws and 62 bugs including 2 cross-site request forgery (CSRF) flaws, several cross-site scripting (XSS) vulnerabilities, and a weak crypto issue related to multisite activation keys. Source January 12, SecurityWeek – (International) Four high severity DoS flaws patched in BIND. The Internet Systems Consortium (ICS) released BIND versions... read more.

  • January 13, 2017

By Nancy Rand, Posted in Security

January 10, SecurityWeek – (International) Microsoft patches flaws in Windows, Office, Edge. Microsoft released a total of four security bulletins, including a critical bulletin that resolves a memory corruption flaw in Office that can be exploited by convincing a targeted user to open a maliciously crafted file or to visit a Website hosting a malicious file due to the way the software handles objects in memory. Microsoft also released bulletins patching a privilege escalation flaw in Edge, a denial-o... read more.

  • January 12, 2017

By Nancy Rand, Posted in Security

January 6, SecurityWeek – (International) New “Ghost Host” technique boosts botnet resiliency. Cyren security researchers reported that malware developers have started leveraging a new technique, dubbed ghost host, which fools Web security and Uniform Resource Locator (URL) filtering systems by inserting non-malicious host names that are both registered and unregistered into the Hypertext Transfer Protocol (HTTP) host fields of a botnet’s communications, in order to guarantee communi... read more.

  • January 10, 2017