Welcome to my website where you will find valuable information about Quality Management, Risk Management and Cyber Security. I specialize in Quality Management Systems, Software and Network Cyber Security, Network Vulnerability Assessments, Risk Management, Risk-based Audits, and Quality booksQuality Management Integration (Abridged) by Warren Alford
Quality Management Integration: Quality in Modern Business (Abridged) explains QMS principles such as quality management, effective quality improvement, meaningful measures and metrics, value-added activities, quality control, audits and reporting.
Mission Statement: My mission is to connect people, places and ideas using quality management, risk management, cyber security, technology, education and training utilizing value-added interactive media sources. I strive to provide useful information to help keep you and your family safe.
Warren Alford.com is also your source for Quality Management and Cyber training. This short video provides more information. You can also subscribe to my training videos on iTunes and YouTube. Enjoy!
ISO certification bodies have three years to migrate certificates to the new ISO 9001:2015 version
The new version of ISO 9001 follows a new, higher level structure to make it easier to use in conjunction with other management system standards, with increased importance given to risk. ISO 9000:2015, which defines the concepts and language used throughout the ISO 9000 family of standards, is also released. These Quality Management Training Courses can help you manage and improve your business.
Hackers claim to have stolen attack code from a team of sophisticated cyber spies known as the "Equation Group”, widely believed to be associated with the National Security Agency. The hackers have offered to sell the exploits to the highest bidder in an online Bitcoin auction. The "teaser" files appear to date back to June 2013 and the file names, such as “BANANAGLEE”, “EPICBANANA”, and “JETPLOW” are consistent with NSA programs leaked by whistleblower Edward Snowden. Read More
tags: NSA Allegedly Hacked, National Security Agency NSA, Bitcoin, Edward Snowden, BANANAGLEE, EPICBANANA, JETPLOW
Under a plan being considered at the White House, officials said U.S. Cyber Command would become what the military calls a "unified command" equal to combat branches of the military. Cyber Command would be separated from the National Security Agency, a spy agency responsible for electronic eavesdropping, providing Cyber Command leaders a larger voice in arguing for the use of both offensive and defensive cyber tools in future conflicts. Read More
tags: President Barack Obama, National Security Agency NSA, U.S. Cyber Command plan
TCP and networking stacks have recently been shown to leak various types of information via side channels, to a blind off-path attacker. Johannes Ullrich of the SANS Internet Storm Center provides detailed insight into this issue published in a University of California, Riverside paper by Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, and Lisa M. Marvel.
tags: Off-Path TCP Exploits, Johannes Ullrich, SANS Internet Storm Center, Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, Lisa M. Marvel, University of California, Riverside
The SANS Securing The Human Creating a Cyber Secure Home poster walks families through the five key steps on how to create a cyber secure home. What makes this poster so powerful is these are the same secure behaviors that most organizations want employees to exhibit at work. SANS Securing The Human, a division of the SANS Institute, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their human cybersecurity risk. Cyber Secure Home
tags: SANS Creating a Cyber Secure Home, Securing The Human, security awareness
Famed car hackers Charlie Miller and Chris Valasek have taken their remote hack of a Jeep Cherokee to the next level by controlling the accelerator, brakes, steering, and electronic parking brake at driving speeds. During Black Hat 2016 in Las Vegas, Miller and Valasek reverse-engineered the electronic control unit (ECU) firmware, which communicates via the unsecured CAN bus in short messages. In a nutshell, they tricked the Jeep’s controls by impersonating messages. They basically took the ECU offline and impersonated real traffic to force it to follow their instructions, whether it was to accelerate, or turn the steering wheel 90 degrees. Full Story
tags: Jeep Cherokee remote hack, Miller and Valasek, Black Hat Las Vegas 2016, hacking
Apple announced it will opening a bug bounty program, inviting security researchers to test a number of its systems and find vulnerabilities. The company will pay bug hunters upwards of $200,000 for certain critical flaws. Apple will officially launch the program in September 2016.
The program will have five categories of risk and reward.
• Vulnerabilities in secure boot firmware components: Up to $200,000
• Vulnerabilities that allow extraction of confidential material from Secure Enclave: Up to $100,000
• Executions of arbitrary or malicious code with kernel privileges: Up to $50,000
• Access to iCloud account data on Apple servers: Up to $50,000
• Access from a sandboxed process to user data outside the sandbox: Up to $25,000
Apple Bug Bounty
tags: Apple, Apple Bug Bounty, Black Hat, iOS
The ‘Anniversary Update’ is the largest Windows 10 upgrade so far. It is compulsory, but as it began rolling out, reports followed that the mega update is causing PCs to freeze, delivering the Microsoft Blue Screen of Death (BSOD).
tags: Windows 10 Anniversary Update, Microsoft, BSOD Read More
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. You can help protect your system by installing an update from Microsoft.
tags: Microsoft Internet Explorer 11 vulnerability, Microsoft Security Bulletin MS16-095, BSOD Get Update
Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability due to a use-after-free error. Specifically, this issue occur within the 'CAnchor' object. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 11 and Edge are vulnerable.
tags: Microsoft Internet Explorer 11 vulnerability, Microsoft Edge vulnerability, CVE-2016-3289, BSOD Get Update
A DLL hijacking vulnerability is present in the VMware Tools Shared Folders (HGFS) feature running on Microsoft Windows. Exploitation of this issue may lead to arbitrary code execution with the privileges of the victim. There are no known workarounds for this issue.
tags: VMware Tools, Windows, vCenter Server, ESXi, HTTP header injection Read More
Ranscam deletes victim's computer files and then demands ransom to restore them or it will delete them. Yes, in that order. Ranscam further justifies the importance of ensuring that you have a sound, offline backup strategy in place rather than a sound ransom payout strategy.
tags: Ranscam, Cisco Talos, Crypto-ransomware, malware, ransomware Read More
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks.
tags: Adobe, Flash Player critical vulnerabilities, CVE-2016-4171, APSB16-18, Windows, Macintosh, Linux, ChromeOS Read More
Symantec Anti-Virus Engine susceptible to memory access violation. The most common symptom of a successful attack would result in a Blue Screen of Death (BSOD).
tags: Symantec, Symantec Anti-Virus Engine, 20126.96.36.199, CVE-2016-2208 Read More
|DNS Leak Test|
|Myip Live Whois IP|