Insights

Can’t Afford a CISO? There are Good Alternatives

A Chief Information Security Officer has been the province of large firms. Recent shifts to shared or virtual CISOs have put these valuable but higher priced resources in the reach of small and medium sized firms. 

 

Virtual CISO Offers Hope for SME


Outsourced Software Poses Greater Risks to Enterprise Application Security

The use of outsourced software has been around for many years. But the recent SolarWinds breach and other similar breaches have highlighted the risks of outsourced software.    

 

Outsourced Software Seen As Increased Security Risk


Sneaky Android Trojan Siphons Millions Using Premium SMS

Over 200 Android apps, all in the lower interest categories, have been using the internet and browsers bypass security. These apps delivered a multiple ads which when successful would signer people up for a number of premium SMS services. 

 

Low Volume Android Apps Sneak Past Security


Why Windows Print Spooler Remains a Big Attack Target

The ubiquitous print spooler has been a cyber risk for over a decade. Despite the efforts of Microsoft to make it more secure, it remains a source of penetration for cyber attackers. 

 

Print Spooler Still A Cyber Risk After Many Years


Why Building or Office Access Control Has Become an Important Front in the War Against Cybercrime

Systems that control who can enter have not been on the on the top of cybersecurity agendas. But more companies are realizing that if these systems are compromised it can endanger all the occupants and the company. 

 

Building Access Systems Gain Importance in Cyber Security


How to Make a Ransomware Attack Worse

Will your actions after a successfully ransomware attack affect the outcome? Yes, without a doubt. Learn what to do and not do after a ransomware attack. 

 

What you do after matters


Apple Ships Urgent Patch for FORCEDENTRY Zero-Days

This week Apple issued patches for the macOS and iOS platforms on vulnerabilities it said are currently being exploited. 

 

Install new Apple patches ASAP

 


Microsoft Patches MSHTML Vuln Among 66 CVEs

Microsoft issued patches for 66 vulnerabilities. Some under active exploitation and considered severe. Be sure and update your systems. 

 

Install MS Patches ASAP


Nearly 50% of On-Premise Databases Have Vulnerabilities

Nearly every company has databases. Recent research shows that almost half have multiple unpatched vulnerabilities, the average being 26 of them. Males you think twice about sharing private information if a company doesn’t even protect its own information. 

 

Half of on prem databases have vulnerabilities

 


Ransomware Operators Ramp Up Pressure on Victims via Multiple Extortion Attacks

As if ransomware wasn’t enough, attackers are using data theft, denial of service attackers and even harassing the customers of the ransomware attack. All to get you to pay. 

 

Ransomware operators up the pressure


Multi Factor Authentication Is Not The Ultimate Answer

Multi Factor Authentication, MFA, is an important tool. But MFA by itself will not protect against two of the most successful attack methods, exploiting bugs, and social engineering. If you aren’t addressing those attack methods, then you are not serious about protecting your data. 

 

MFA won't protect against 2 popular attack types


Patch now! Microsoft Exchange is being attacked via ProxyShell

Three current vulnerabilities in Exchange are being exploited. Implementing the patches is essential but will not counter an attack that already took place. Many customers of Microsoft’s cloud based Exchange service don’t understand that they may still have an exchange server on premises making them vulnerable. 

 

MicroSoft Exchange under serious attack


FBI Issues Advisory on 'OnePercent' Ransomware Group

This group has been targeting companies since Fall 2020 with two powerful exploits. One is the PowerShell exploit described in another Insight post. But both are being used to deliver ransomware and to cause widespread infections before the ransomware is triggered. 

 

FBI Issues Warning About Serious Attacks


Microsoft Azure Cosmos Vulnerability: ChaosDB Exposure Details

Microsoft closed a vulnerability in the Azure database service that has been exploited for months. After implementing the fix, users of the service need to regenerate their databases to be on the safe side. 

 

Microsoft Azure database being exploited


Tech giants pledge at least $30 billion to improve cybersecurity following White House meeting

A recent White House meeting of the major tech companies resulted in a commitment of significant money to combat cyber threats. Equally important is the recognized need for a coordinated effort to enable an effective cyber defense. 

 

Tech Giants Join Forces to Improve Cybersecurity