Quality Management and Cyber Security
Website of Warren Alford



Warren Alford Quality Management, Risk Management, and Cyber Security

Welcome to my website where you will find valuable information about Quality Management, Risk Management and Cyber Security. I specialize in Quality Management Systems, Software and Network Cyber Security, Network Vulnerability Assessments, Risk Management, Risk-based Audits, and Quality booksQuality Management Integration (Abridged) by Warren Alford

Quality Management Integration explains quality management, quality improvement, measures and metrics, quality control, and audits.Quality Management Integration: Quality in Modern Business (Abridged) explains QMS principles such as quality management, effective quality improvement, meaningful measures and metrics, value-added activities, quality control, audits and reporting.

Buy Quality Management Integration: Quality in Modern Business (Abridged) by Warren Alford
.

Mission Statement: My mission is to connect people, places and ideas using quality management, risk management, cyber security, technology, education and training utilizing value-added interactive media sources. I strive to provide useful information to help keep you and your family safe.
Warren Alford Certified Information Systems Auditor CISA
Warren Alford.com is also your source for Quality Management and Cyber training. This short video provides more information. You can also subscribe to my training videos on iTunes and YouTube. Enjoy!


ISO 9001:2015 QMS Requirements - Are You Ready?

ISO certification bodies have three years to migrate certificates to the new ISO 9001:2015 versionISO 9001:2015 Released

The new version of ISO 9001 follows a new, higher level structure to make it easier to use in conjunction with other management system standards, with increased importance given to risk. ISO 9000:2015, which defines the concepts and language used throughout the ISO 9000 family of standards, is also released. These Quality Management Training Courses can help you manage and improve your business.


NSA Allegedly Hacked

Hackers Have Allegedly Stolen NSA Cyber Weapons and Are Auctioning Them Off

Hackers claim to have stolen attack code from a team of sophisticated cyber spies known as the "Equation Group”, widely believed to be associated with the National Security Agency. The hackers have offered to sell the exploits to the highest bidder in an online Bitcoin auction. The "teaser" files appear to date back to June 2013 and the file names, such as “BANANAGLEE”, “EPICBANANA”, and “JETPLOW” are consistent with NSA programs leaked by whistleblower Edward Snowden. Read More
tags: NSA Allegedly Hacked, National Security Agency NSA, Bitcoin, Edward Snowden, BANANAGLEE, EPICBANANA, JETPLOW

Obama to Separate Cyber Command from NSA

Obama to Separate Cyber Command from NSA

Under a plan being considered at the White House, officials said U.S. Cyber Command would become what the military calls a "unified command" equal to combat branches of the military. Cyber Command would be separated from the National Security Agency, a spy agency responsible for electronic eavesdropping, providing Cyber Command leaders a larger voice in arguing for the use of both offensive and defensive cyber tools in future conflicts. Read More
tags: President Barack Obama, National Security Agency NSA, U.S. Cyber Command plan

ACK Out-of-Whack?

Off-Path TCP Exploits Global Rate Limit Considered Dangerous

TCP and networking stacks have recently been shown to leak various types of information via side channels, to a blind off-path attacker. Johannes Ullrich of the SANS Internet Storm Center provides detailed insight into this issue published in a University of California, Riverside paper by Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, and Lisa M. Marvel.
tags: Off-Path TCP Exploits, Johannes Ullrich, SANS Internet Storm Center, Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, Lisa M. Marvel, University of California, Riverside

Is Your Home Cyber Secure?

SANS Securing The Human steps to create a cyber secure home

The SANS Securing The Human Creating a Cyber Secure Home poster walks families through the five key steps on how to create a cyber secure home. What makes this poster so powerful is these are the same secure behaviors that most organizations want employees to exhibit at work. SANS Securing The Human, a division of the SANS Institute, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their human cybersecurity risk. Cyber Secure Home
tags: SANS Creating a Cyber Secure Home, Securing The Human, security awareness

Jeep Cherokee Remote Hack

Miller and Valasek hack a Jeep Cherokee

Famed car hackers Charlie Miller and Chris Valasek have taken their remote hack of a Jeep Cherokee to the next level by controlling the accelerator, brakes, steering, and electronic parking brake at driving speeds. During Black Hat 2016 in Las Vegas, Miller and Valasek reverse-engineered the electronic control unit (ECU) firmware, which communicates via the unsecured CAN bus in short messages. In a nutshell, they tricked the Jeep’s controls by impersonating messages. They basically took the ECU offline and impersonated real traffic to force it to follow their instructions, whether it was to accelerate, or turn the steering wheel 90 degrees. Full Story
tags: Jeep Cherokee remote hack, Miller and Valasek, Black Hat Las Vegas 2016, hacking

Apple announces Bug Bounty Program at Black Hat

Apple announces Bug Bounty Program at Black Hat

Apple announced it will opening a bug bounty program, inviting security researchers to test a number of its systems and find vulnerabilities. The company will pay bug hunters upwards of $200,000 for certain critical flaws. Apple will officially launch the program in September 2016.

The program will have five categories of risk and reward.
• Vulnerabilities in secure boot firmware components: Up to $200,000
• Vulnerabilities that allow extraction of confidential material from Secure Enclave: Up to $100,000
• Executions of arbitrary or malicious code with kernel privileges: Up to $50,000
• Access to iCloud account data on Apple servers: Up to $50,000
• Access from a sandboxed process to user data outside the sandbox: Up to $25,000
Apple Bug Bounty
tags: Apple, Apple Bug Bounty, Black Hat, iOS


Cyber Security Alerts

Windows 10 Freezes After Anniversary Update

Windows 10 may freeze after installing the Anniversary Update

The ‘Anniversary Update’ is the largest Windows 10 upgrade so far. It is compulsory, but as it began rolling out, reports followed that the mega update is causing PCs to freeze, delivering the Microsoft Blue Screen of Death (BSOD).
tags: Windows 10 Anniversary Update, Microsoft, BSOD Read More

Microsoft Internet Explorer 11 Vulnerability

Microsoft Internet Explorer 11 Vulnerability

Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. You can help protect your system by installing an update from Microsoft.
tags: Microsoft Internet Explorer 11 vulnerability, Microsoft Security Bulletin MS16-095, BSOD Get Update

Microsoft Internet Explorer 11 and Edge Vulnerability

Microsoft Internet Explorer 11 and Edge Vulnerability

Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability due to a use-after-free error. Specifically, this issue occur within the 'CAnchor' object. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 11 and Edge are vulnerable.
tags: Microsoft Internet Explorer 11 vulnerability, Microsoft Edge vulnerability, CVE-2016-3289, BSOD Get Update

VMware updates address Windows-based DLL hijacking

VMware product updates address a DLL hijacking issue in Windows-based VMware Tools and an HTTP Header injection issue in vCenter Server and ESXi

A DLL hijacking vulnerability is present in the VMware Tools Shared Folders (HGFS) feature running on Microsoft Windows. Exploitation of this issue may lead to arbitrary code execution with the privileges of the victim. There are no known workarounds for this issue.
tags: VMware Tools, Windows, vCenter Server, ESXi, HTTP header injection Read More

Cisco Talos Reports Ranscam Crypto-ransomware

Ranscam malware reported by Cisco Talos Security Intelligence and Research Group

Ranscam deletes victim's computer files and then demands ransom to restore them or it will delete them. Yes, in that order. Ranscam further justifies the importance of ensuring that you have a sound, offline backup strategy in place rather than a sound ransom payout strategy.
tags: Ranscam, Cisco Talos, Crypto-ransomware, malware, ransomware Read More

Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS Critical Vulnerabilities

Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS critical vulnerabilities

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks.
tags: Adobe, Flash Player critical vulnerabilities, CVE-2016-4171, APSB16-18, Windows, Macintosh, Linux, ChromeOS Read More

Symantec Anti-Virus Memory Access Violation

Symantec Anti-Virus Engine susceptible to memory access violation

Symantec Anti-Virus Engine susceptible to memory access violation. The most common symptom of a successful attack would result in a Blue Screen of Death (BSOD).
tags: Symantec, Symantec Anti-Virus Engine, 20151.1.0.32, CVE-2016-2208 Read More


Quick Links
DNS Leak Test
infoSNIPER
IPLocation
MAC Lookup
Myip Live Whois IP
Ransomware Tracker
Research
Traceroute
VirusTotal



Most Popular Trending Pages

Product Recall News and Information

Norse Cyber Attack Map

XFINITY® Speed Test



Warren Alford ASQ Certified Manager of Quality / Organizational Excellence Warren Alford ASQ Certified Quality Auditor Warren Alford ASQ Certified Six Sigma Black Belt Warren Alford ASQ Certified Software Quality Engineer PMI, the PMI Logo, PMP and PMBOK® Guide are registered marks of Project Management Institute, Inc. ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems

Warren Alford Product RecallsWarren Alford Product Recalls

Email Warren

©2016 Warren Alford