Coronavirus (Covid-19) has been a worry all over the world in these past few weeks. We are seeing canned goods fly off the shelves, toilet paper being hoarded and videos on how to make your own hand sanitizer because stores are sold out. We’ve also seen companies make big decisions about how to best manage business with Covid-19 looming.Continue reading
Boyle Software has received its SOC 2 Type 2 certification for 2019. After our initial SOC 2 Type 1 certification in 2018, we are happy to have completed a full year with our Service Organization Controls successfully in place.
Our appreciation to the good folks at Assure Professional for working with us to complete this rigorous battery of tests of our practices and procedures.Continue reading
If you use Google Chrome as your browser on Windows, Mac, or Linux, you need to update your browser immediately to avoid falling victim to the “zero-day bug.”
October is National Cybersecurity Awareness Month (NCSAM) in the United States. Started by National Cyber Security Alliance and the Department of Homeland Security in 2003 it was conceived to raise awareness of the importance of cybersecurity.Continue reading
Boyle Software, Inc. is now a member of the Center for Internet Security (CIS) SecureSuite®. This new partnership provides us access to multiple cyber-security resources including the CIS-CAT Pro configuration assessment tool, remediation content, full-format CIS Benchmarks™ and more.
Researchers from security firm ICEBRG found malicious extensions in the Google Chrome Web Store with more than 500,000 overall downloads. Firstly they discovered that “HTTP Request Header” extension were using for a click-fraud scam when they noticed unusual spike in outgoing network traffic. The extension visited advertising-related links in the Web from the infected machines to generate revenue from per-click rewards. Later they investigated another three Chrome extensions that did the same: Nyoogle, Stickies, and Lite Bookmarks.
Earlier this week, research published by the Project Zero security team at Google brought to public attention a group of security vulnerabilities affecting many modern processors. The vulnerabilities have been given the names Meltdown and Spectre, and could allow an attacker to read arbitrary locations in virtual memory (e.g. read data stored in memory belonging to other user or kernel processes).
The site Freedom to Tinker, which is hosted by Princeton’s Center for Information Technology Policy, has started publishing an ongoing series called “No Boundries” around the topic of how third-party scripts on sites can exploit browsers to collect/extract user data in growing ways.
Their second installment focuses on how the well-known vulnerabilities of browser login managers can provide trackers with user information – not for the purposes of stealing passwords which has been looked at many times, but for the purposes of web tracking which can then be monetized to other companies. Continue reading
In an age where the next major data security breach seems to be lurking just around the corner, or perhaps has already happened and we just don’t know about it yet, it’s refreshing to hear talk of sunsetting the archaic social security number as a universal identifier for US citizens. While it should come as no surprise, with cybersecurity at the forefront of international headlines, and regular password-update requirements all but ubiquitous with online accounts, the onus has been largely on the individual to vigilantly guard their own digital information. At the heart of this information lies a single, 9 digit identifier meant to last a lifetime – big red flag. Continue reading