Can’t Afford a CISO? There are Good Alternatives
A Chief Information Security Officer has been the province of large firms. Recent shifts to shared or virtual CISOs have put these valuable but higher priced resources in the reach of small and medium sized firms.
Virtual CISO Offers Hope for SME
Outsourced Software Poses Greater Risks to Enterprise Application Security
The use of outsourced software has been around for many years. But the recent SolarWinds breach and other similar breaches have highlighted the risks of outsourced software.
Outsourced Software Seen As Increased Security Risk
Sneaky Android Trojan Siphons Millions Using Premium SMS
Over 200 Android apps, all in the lower interest categories, have been using the internet and browsers bypass security. These apps delivered a multiple ads which when successful would signer people up for a number of premium SMS services.
Low Volume Android Apps Sneak Past Security
Why Windows Print Spooler Remains a Big Attack Target
The ubiquitous print spooler has been a cyber risk for over a decade. Despite the efforts of Microsoft to make it more secure, it remains a source of penetration for cyber attackers.
Print Spooler Still A Cyber Risk After Many Years
Why Building or Office Access Control Has Become an Important Front in the War Against Cybercrime
Systems that control who can enter have not been on the on the top of cybersecurity agendas. But more companies are realizing that if these systems are compromised it can endanger all the occupants and the company.
Building Access Systems Gain Importance in Cyber Security
How to Make a Ransomware Attack Worse
Will your actions after a successfully ransomware attack affect the outcome? Yes, without a doubt. Learn what to do and not do after a ransomware attack.
What you do after matters
Apple Ships Urgent Patch for FORCEDENTRY Zero-Days
This week Apple issued patches for the macOS and iOS platforms on vulnerabilities it said are currently being exploited.
Install new Apple patches ASAP
Microsoft Patches MSHTML Vuln Among 66 CVEs
Microsoft issued patches for 66 vulnerabilities. Some under active exploitation and considered severe. Be sure and update your systems.
Install MS Patches ASAP
Nearly 50% of On-Premise Databases Have Vulnerabilities
Nearly every company has databases. Recent research shows that almost half have multiple unpatched vulnerabilities, the average being 26 of them. Males you think twice about sharing private information if a company doesn’t even protect its own information.
Half of on prem databases have vulnerabilities
Ransomware Operators Ramp Up Pressure on Victims via Multiple Extortion Attacks
As if ransomware wasn’t enough, attackers are using data theft, denial of service attackers and even harassing the customers of the ransomware attack. All to get you to pay.
Ransomware operators up the pressure
Multi Factor Authentication Is Not The Ultimate Answer
Multi Factor Authentication, MFA, is an important tool. But MFA by itself will not protect against two of the most successful attack methods, exploiting bugs, and social engineering. If you aren’t addressing those attack methods, then you are not serious about protecting your data.
MFA won't protect against 2 popular attack types
Patch now! Microsoft Exchange is being attacked via ProxyShell
Three current vulnerabilities in Exchange are being exploited. Implementing the patches is essential but will not counter an attack that already took place. Many customers of Microsoft’s cloud based Exchange service don’t understand that they may still have an exchange server on premises making them vulnerable.
MicroSoft Exchange under serious attack
FBI Issues Advisory on 'OnePercent' Ransomware Group
This group has been targeting companies since Fall 2020 with two powerful exploits. One is the PowerShell exploit described in another Insight post. But both are being used to deliver ransomware and to cause widespread infections before the ransomware is triggered.
FBI Issues Warning About Serious Attacks
Microsoft Azure Cosmos Vulnerability: ChaosDB Exposure Details
Microsoft closed a vulnerability in the Azure database service that has been exploited for months. After implementing the fix, users of the service need to regenerate their databases to be on the safe side.
Microsoft Azure database being exploited
Tech giants pledge at least $30 billion to improve cybersecurity following White House meeting
A recent White House meeting of the major tech companies resulted in a commitment of significant money to combat cyber threats. Equally important is the recognized need for a coordinated effort to enable an effective cyber defense.
Tech Giants Join Forces to Improve Cybersecurity