[via Nextgov] “Inspectors found the case management system as part of a criminal investigation but did not say if the former employee is the target of that investigation. The case management system contained personal information on 247,167 Homeland Security employees who worked for the department when the information was removed in 2014, the department said. It also contained information about non-employees who were subjects, witnesses or complainants in inspector general investigations between 2002 and 2014, the department said. The statement does not say how many non-employees were in that group.”

https://www.csoonline.com/article/3245037/security/researcher-drops-15-year-old-macos-zero-day-that-leads-to-full-system-compromise.html

US-CERT has released a security update regarding a vulnerability in Apache Struts versions 2.5 to 2.5.14. The Apache Software Foundation released Apache Security Bulletins S2-054 and S2-055, which respectively address CVE-2017-15707 and CVE-2017-7525.

The vulnerabilities could allow a remote, unauthenticated attacker to perform a denial-of-service (DOS) by submitting malicious JSON data. The vulnerable systems use an outdated JSON-lib library with the Struts REST plugin. Read More

Title: “A Corporate Guide to Surviving Cyberwarfare Through Cyber Resiliency”

My presentation from Hacker Halted – Atlanta, GA – October 9, 2017 Read More

Join us for our first Cyber Town Hall along with the Quad Cities Chamber of Commerce, Quad Cities Cybersecurity Alliance and the QC Manufacturing Innovation Hub – For more information and to register: