This article is contributed. See the original author and article here.
CISA has announced the joint National Security Agency (NSA) and CISA publication of the final of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part IV: Ensure Integrity of Cloud Infrastructure focuses on platform integrity, microservices infrastructure integrity, launch time integrity, and build time security to ensure that 5G cloud resources are not modified without authorization. This series was published under the Enduring Security Framework (ESF), a public-private cross-sector working group led by NSA and CISA.
CISA encourages 5G providers, integrators, and network operators to review the guidance and consider the recommendations. See CISA’s 5G Security and Resilience webpage for more information.
This article was originally posted by the FTC. See the original article here.
If you suddenly need to hire a lawyer, you might start searching online. When you do, you’re likely to see lawyers and law firms with fancy-looking seals and badges on their websites claiming they’re among the best in their field. Before you move forward, know that some of these seals or badges might be “vanity” or “ego” awards that lawyers can buy.
It can be tricky to tell whether an award is earned through merit or is simply a marketing ploy, but a few questions can help. How long has this award been in existence? What requirements does someone have to meet to earn the award? How many awards are given out each year? Is a marketing company awarding it? Try searching online for the name of whoever’s giving the award plus words like “vanity,” “ego,” “marketing,” and “scam” to find out.
When choosing a lawyer, be sure to look beyond any seals or badges on lawyers’ websites:
Ask for recommendations from people you trust who already have experience hiring lawyers. Online reviews can be made up or written by people with personal ties to the lawyers.
Lawyers must pass a state bar exam to practice law in the U.S., and they often have to be admitted to the bar in the state where they practice. Check the state bar association to see if the attorney is active, inactive, disciplined, or disbarred.
Look for actual accomplishments and past work experience. Many court documents are public record and you can see if the lawyer you’re considering has experience handling your type of legal issue.
And check out ftc.gov/hiring-lawyer for more information on how to hire the right kind of lawyer and what to ask about lawyers’ fees.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
This article is contributed. See the original author and article here.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
CVE Number
CVE Title
Remediation Due Date
CVE-2021-43890
Microsoft Windows AppX Installer Spoofing Vulnerability
12/29/2021
CVE-2021-4102
Google Chromium V8 Engine Use-After-Free Vulnerability
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.
This article was originally posted by the FTC. See the original article here.
If you have a federal student loan, you probably already know that the Coronavirus emergency relief program that has paused your payments is ending. Repayments will begin again after January 31, 2022. Scammers know it, too, and are looking for ways to take advantage: they’re calling, texting, and e-mailing to try to use any confusion around restarting your student loan payments to steal your money and personal information.
Check out what some of these scam calls sound like.
If you get a call, text, e-mail, or message on social media from someone about your federal student loan, here are some things to keep in mind:
Never pay an upfront fee. It’s illegal for companies to charge you before they help you. If you pay up front to reduce or get rid of your student loan debt, you might not get any help — or your money back. Also, remember that there’s nothing a company can do for you that you can’t do yourself for free. And you never have to pay to get help from the Department of Education.
Never give out your Federal Student Aid ID, your Social Security number, or other personal information to anyone who contacts you. Scammers posing as student loan servicers can use this information to log into your account, change your contact information, and even divert your payments to them. Instead of giving out your FSA ID, call or contact your servicer.
Don’t sign up for quick loan forgiveness. Scammers might say they can get rid of your loans before they know the details of your situation. Or they might promise a loan forgiveness program — that most people won’t qualify for. They might even say they’ll wipe out your loans by disputing them. But they can’t.
Scammers use fake seals and logos to lure people in. They promise special access to repayment plans, new federal loan consolidations, or loan forgiveness programs. It’s a lie. If you have federal loans, go to the Department of Education directly at StudentAid.gov.
This article is contributed. See the original author and article here.
In light of persistent and ongoing cyber threats, CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential cyberattacks. CISA has released CISA Insights: Preparing For and Mitigating Potential Cyber Threats to provide critical infrastructure leaders with steps to proactively strengthen their organization’s operational resiliency against sophisticated threat actors, including nation-states and their proxies.
CISA encourages leadership at all organizations—and critical infrastructure owners and operators in particular—to review the CISA Insights and adopt a heighted state of awareness.
This article is contributed. See the original author and article here.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.
Recent Comments