BuzzSec

Original release date: September 30, 2019 October is National Cybersecurity Awareness Month (NCSAM), which is a collaborative effort between the Cybersecurity and Infrastructure Security Agency (CISA) and its public and private partners— including the National Cyber Security Alliance (NCSA) —to ensure every American has the resources they need to stay safe and secure online while increasing the resilience of the Nation against cyber threats. This year’s theme, “Own IT. Secure IT. Protect IT.,” focuses on promoting personal accountability and positive behavior when it comes to cybersecurity. CISA encourages organizations to see the NCSAM 2019 webpage and the NCSAM 2019 Toolkit for ways to participate in and promote NCSAM. This product is provided subject to this Notification and this Privacy & Use policy. from CISA All NCAS Products https://www.us-cert.gov/ncas/current-activity/2019/09/30/prepare-national-cybersecurity-awareness-month

The U.S. Senate has approved new legislation aimed at helping government agencies and private-sector companies combat ransomware attacks. The legislation comes as local governments and schools continue to be hit by sophisticated – and in some cases coordinated – ransomware attacks. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/senate-passes-bill-aimed-at-combating-ransomware-attacks

John Strand // I have quite a few calls with customers who do not know where to begin when it comes to application whitelisting. Often, the approach some organizations take is to try and implement full application whitelisting on every single application across their entire environment.  While this goal is fun and seems like a […] The post Getting Started With AppLocker appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/getting-started-with-applocker/

Original release date: September 30, 2019   The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD . In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info centreon -- centreon SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. 2019-09-25 7.5 CVE-2019-16194 MISC MISC emlog -- emlog emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. 2019-09-25 7.5 CVE-2019-16868 MISC forcepoint -- vpn_client Forcepoint VPN Client for Windows versions lower t