A Chief Information Security Officer has been the province of large firms. Recent shifts to shared or virtual CISOs have put these valuable but higher priced resources in the reach of small and medium sized firms.
The use of outsourced software has been around for many years. But the recent SolarWinds breach and other similar breaches have highlighted the risks of outsourced software.
Over 200 Android apps, all in the lower interest categories, have been using the internet and browsers bypass security. These apps delivered a multiple ads which when successful would signer people up for a number of premium SMS services.
The ubiquitous print spooler has been a cyber risk for over a decade. Despite the efforts of Microsoft to make it more secure, it remains a source of penetration for cyber attackers.
Systems that control who can enter have not been on the on the top of cybersecurity agendas. But more companies are realizing that if these systems are compromised it can endanger all the occupants and the company.
Will your actions after a successfully ransomware attack affect the outcome? Yes, without a doubt. Learn what to do and not do after a ransomware attack.
This week Apple issued patches for the macOS and iOS platforms on vulnerabilities it said are currently being exploited.
Install new Apple patches ASAP
Microsoft issued patches for 66 vulnerabilities. Some under active exploitation and considered severe. Be sure and update your systems.
Nearly every company has databases. Recent research shows that almost half have multiple unpatched vulnerabilities, the average being 26 of them. Males you think twice about sharing private information if a company doesn’t even protect its own information.
Half of on prem databases have vulnerabilities
As if ransomware wasn’t enough, attackers are using data theft, denial of service attackers and even harassing the customers of the ransomware attack. All to get you to pay.
Multi Factor Authentication, MFA, is an important tool. But MFA by itself will not protect against two of the most successful attack methods, exploiting bugs, and social engineering. If you aren’t addressing those attack methods, then you are not serious about protecting your data.
Three current vulnerabilities in Exchange are being exploited. Implementing the patches is essential but will not counter an attack that already took place. Many customers of Microsoft’s cloud based Exchange service don’t understand that they may still have an exchange server on premises making them vulnerable.
This group has been targeting companies since Fall 2020 with two powerful exploits. One is the PowerShell exploit described in another Insight post. But both are being used to deliver ransomware and to cause widespread infections before the ransomware is triggered.
Microsoft closed a vulnerability in the Azure database service that has been exploited for months. After implementing the fix, users of the service need to regenerate their databases to be on the safe side.
A recent White House meeting of the major tech companies resulted in a commitment of significant money to combat cyber threats. Equally important is the recognized need for a coordinated effort to enable an effective cyber defense.