Thursday, January 14, 2021

Are you a good candidate for 2021 CDPSE


Help build the world’s best community of privacy professionals. Recommend CDPSE.


CDPSE - Spread the Word! CDPSE Pros are in Demand



Who do you know that is a privacy expert? Or an up-and-coming star in the technical privacy field? Like you, they should be a Certified Data Privacy Solutions Engineer™ (CDPSE™). Will you forward this email to someone who would benefit from the CDPSE designation on their resume or business card? Or better yet, make a call and forward an email.

ISACA is actively recruiting qualified candidates for CDPSE certification to take the beta test later this month,
11-31 January. There is no experience requirement to take the exam, however to qualify for the certification, candidates need five years’ experience in the following fields (or three years’ experience plus a current ISACA certification):

  • Privacy Governance (governance, management and risk management)
  • Privacy Architecture (infrastructure, applications/software and technical privacy controls)
  • Data Lifecycle (data purpose and data persistence)

Registrants for the January exam receive a FREE CDPSE review manual and US$50 off the fee (in addition to ISACA member discounts) with promo code 50CDPSE. Exams will be individually graded and analyzed against others to help validate the test instrument. Individual results are expected in March 2021.

Help a colleague or professional acquaintance advance their career, affirm their privacy acumen and assist ISACA as we build a community of recognized technical privacy professionals. We appreciate your commitment to the advancement of the technical privacy field.




Explore CDPSE Beta.

Forward this email to your eligible colleagues and friends today.


Learn More




CDPSE was created by technical privacy practitioners for technical privacy practitioners and administered by ISACA. Certification holders gain the credential that proves their skillset in implementing privacy-by-design solutions.

Know Someone Who Knows Privacy? Tell Them About CDPSE!




Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environment


Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments

01/13/2021 02:44 PM EST


Original release date: January 13, 2021

CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques, including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices.

In response, CISA has released Analysis Report AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services which provides technical details and indicators of compromise to help detect and respond to potential attacks.

CISA encourages users and administrators to review AR21-013A and apply the recommendations to strengthen cloud environment configurations.

resilience against Solorigate and other sophisticated attacks

Title: Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender

Published On (YYYY-dd-MM): 2021-14-01

This blog is a guide for security administrators using Microsoft 365 Defender and Azure Defender to identify and implement security configuration and posture improvements that harden enterprise environments against Solorigate’s attack patterns.

The post Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender appeared first on Microsoft Security.

Cisco Releases Security Updates for Multiple Products

Original release date: January 14, 2021

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

Monday, January 4, 2021

Secret Backdoor Account in Several Zycel Firewall, VPN Products

 CVE: CVE-2020-29583


Zyxel has released a patch for the hardcoded credential vulnerability of firewalls and AP controllers recently reported by researchers from EYE Netherlands. Users are advised to install the applicable firmware updates for optimal protection.

What is the vulnerability?

A hardcoded credential vulnerability was identified in the “zyfwp” user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified the vulnerable products and are releasing firmware patches to address the issue, as shown in the table below. For optimal protection, we urge users to install the applicable updates. For those not listed, they are not affected. Contact your local Zyxel support team if you require further assistance.

Affected product seriesPatch available in
ATP series running firmware ZLD V4.60ZLD V4.60 Patch1 in Dec. 2020
USG series running firmware ZLD V4.60ZLD V4.60 Patch1 in Dec. 2020
USG FLEX series running firmware ZLD V4.60ZLD V4.60 Patch1 in Dec. 2020
VPN series running firmware ZLD V4.60ZLD V4.60 Patch1 in Dec. 2020
AP controllers
NXC2500 running firmware V6.00 through V6.10V6.10 Patch1 on Jan. 8, 2021
NXC5500 running firmware V6.00 through V6.10V6.10 Patch1 on Jan. 8, 2021

Go Here For more details go Here   or Here

Thursday, December 31, 2020

More Security Blogs From Microsoft


Title: Terranova Security Gone Phishing Tournament reveals continued weak spot in cybersecurity

Overview: See which industries had the highest click rates, as well as results sorted by organization size, previous training, and more.


Title: Data Connector Health - Push Notification Alerts

Overview: This enhanced solution builds on the existing “Connector Health Workbook” described in this video. The Logic App leverages underlying KQL queries to provide you with an option to configure “Push notifications” to e-mail and/or a Microsoft Teams channel based on user defined anomaly scores as well as time since the last “Heartbeat” from Virtual Machines connected to the workspace. Below is a detailed description of how the rule and the logic app are put together. The solution is available for deployment from the official Azure Sentinel GitHub repo on this link .


Title: Becoming resilient by understanding cybersecurity risks: Part 2

Overview: Whilst this may be uncomfortable reading, the ability to pre-empt and respond quickly to these attacks is now an organizational imperative that requires a level of close collaboration and integration throughout your organization (which may not have happened to date).


Title: A breakthrough year for passwordless technology

Overview: Learn how Microsoft and its partners are advancing IAM through secure passwordless access.


Title: A “quick wins” approach to securing Azure Active Directory and Office 365 and improving your security posture
Overview: This blog post will explain simple Microsoft security defaults and Secure Score—two features you should take advantage of that are easy to utilize and can significantly improve security in Azure AD and Office 365 configurations.


Title: New Advanced Hunting data source assists recent nation-state attack investigations
Overview: We are happy to announce the availability of a new data source in Microsoft 365 Defender Advanced Hunting.


Title: Announcing new Microsoft Information Protection capabilities to know and protect your sensitive data

Overview: Microsoft Information Protection (MIP) is a built-in, intelligent, unified, and extensible solution to protect sensitive data in documents and emails across your organization. MIP provides a unified set of capabilities to know and protect your data and prevent data loss across Microsoft 365 apps (e.g., Word, PowerPoint, Excel, Outlook), services (e.g., Microsoft Teams, SharePoint, Exchange, Power BI), on-premises locations (e.g., SharePoint Server, on-premises files shares), devices, and third-party apps and services (e.g., Box and Dropbox).


Title: Collaborative innovation on display in Microsoft’s insider risk management strategy

Overview: Partnering with organizations like Carnegie Mellon University allows us to bring their rich research and insights to our products and services, so customers can fully benefit from our breadth of signals.  


Title: New Threat analytics report shares the latest intelligence on recent nation-state cyber attacks

Overview: Microsoft security researchers have been investigating and responding to the recent nation-state cyber-attack involving a supply-chain compromise followed by cloud assets compromise.

Free, self-paced tutorials for Windows Virtual Desktop

 Deploy and scale virtualized desktops and apps on Azure for more secure, productive remote work—for all employees at any location. Explore these tutorials from Microsoft Learn to get started with Windows Virtual Desktop.

Take the tutorials to:

  • Understand configuration workflow steps and get a checklist to help you prepare, deploy, and optimize.
  • Learn how to enable concurrent users on a single virtual machine (VM) with simplified server management—and learn your options to load balance users using VM host pools.
Find out how to virtualize across devices—including Windows, Mac, iOS, and Android—to access remote desktops and apps.

Go here