Tools & Practices November 25, 2022 CISA Releases Updated Version of its Infrastructure Resilience Planning Framework The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an updated version of its Infrastructure Resilience Planning Framework (IRPF). The IRPF was developed to ... Read more
Cyber Threats November 22, 2022 Multiple Threat Actors Exploiting Windows 0Day That Prevents Generation of MotW Warnings A phishing campaign has been detected that exploits a zero-day Windows vulnerability to drop Qbot malware, a password-stealing Trojan cum malware dropper. QBot has been ... Read more
Security Breaches November 21, 2022 FBI, CISA, HHS Issue Warning About Hive Ransomware Attacks A joint security alert has been issued to the healthcare and public health sector (HPH) warning about Hive ransomware attacks. The Hive ransomware gang has ... Read more
Security Breaches November 17, 2022 Password Attacks Have Increased by 74% in the Past Year The 2022 Microsoft Digital Defense Report has highlighted a worrying cybercrime trend – A massive increase in password attacks. In the past year there has ... Read more
Security Breaches November 17, 2022 Iranian APT Actor Breached US Government Organization Using Log4Shell Exploit An Iranian Advanced Persistent Threat (APT) actor has exploited the Log4Shell vulnerability (CVE-2021-44228) in an unpatched VMware Horizon server of a Federal Civilian Executive Branch ... Read more
Cyber Threats November 15, 2022 Massive WhatsApp Phishing Campaign Detected Involving 42,000 Malicious Domains A massive phishing campaign is being conducted via WhatsApp that alerts recipients that they have won a prize and need to visit a website using ... Read more
Cyber Threats November 14, 2022 CISA Issues Guidance on Vulnerability Categorization, Prioritization, and Management Many organizations struggle with vulnerability management due to the number and complexity of new resources and limited resources to devote to remediating vulnerabilities. The U.S. ... Read more
Trends & Reports November 13, 2022 Cybersecurity Education Failing to Improve Password Hygiene Businesses are realizing the importance of providing security awareness training for the workforce to teach cybersecurity best practices, how to recognize phishing emails, and to ... Read more
Tools & Practices November 11, 2022 Summary of the NIST Password Recommendations The National Institute of Standards and Technology (NIST) has created password guidance for federal agencies to ensure passwords achieve their intended purpose – preventing unauthorized ... Read more
Security Breaches November 10, 2022 Q3 Sees Insider Threat Incidents Reach All-Time High The Kroll Q3 2022 Threat Landscape report shows an increase in insider threat incidents, which reached the highest level to date in Q3, accounting for ... Read more
Cyber Threats November 9, 2022 Six Actively Exploited Zero Day Vulnerabilities Patched by Microsoft on November Patch Tuesday Microsoft released patches to fix 68 vulnerabilities on November 2022 Patch Tuesday, 11 of which are rated critical with the remainder rated important. This round ... Read more
Insights November 8, 2022 What is HIPAA Compliance? Although most individuals and organization in healthcare-related industries will be aware of HIPAA and the legal requirement to comply with its regulations, there may be ... Read more
Security Breaches November 8, 2022 Medibank Refuses to Pay Ransomware Gang to Prevent Release of Customer Data In October, Medibank, one of the largest private health insurers in Australia, suffered a ransomware attack that involved the theft of the data of almost ... Read more
Security Breaches November 4, 2022 MFA Bypassed in Dropbox Phishing Attack Targeting GitHub Credentials Dropbox has announced that it has suffered a phishing-related data breach in which hackers gained access to proprietary code stored in GitHub repositories. The San ... Read more
Security Breaches November 3, 2022 U.S News Websites Delivering Malware Through Compromised Third-Party JavaScript Code A media company that provides video content and advertising on the websites of major news outlets in the United States has been compromised, and its ... Read more
Insights November 2, 2022 Developing an Effective MSP Software Security Stack Most managed service providers are now offering managed security services to some degree, but what products should be included in an MSP software security stack? ... Read more
Insights November 2, 2022 DNS Content Filtering for MSPs Many cybersecurity companies offer DNS content filtering for MSPs but finding the best solution can be time-consuming. The features included in DNS filtering solutions can ... Read more
Cyber Threats November 1, 2022 OpenSSL Vulnerability Downgraded from Critical to High Severity On October 25, 2022, a warning was issued about a critical vulnerability in OpenSSL that had the potential to be as bad as the 2014 ... Read more
Trends & Reports November 1, 2022 Survey Reveals Younger Generations More Likely to Take Cybersecurity Risks Organizations can invest heavily in cybersecurity and implement multiple layers of defense to stop malicious actors from gaining access their networks, but those defenses can ... Read more
Compliance October 31, 2022 Why You Stop Using Your Web Browser as a Password Manager Passwords are often all that stands between a cybercriminal and your sensitive personal information. If the password for an online account is guessed, all information ... Read more
Tools & Practices October 27, 2022 Half of Businesses Have Adopted Passwordless Authentication to Some Degree Bitwarden has published the findings of its 2023 Password Decisions Survey, which explores password practices and habits, strategies that have been adopted for managing passwords, ... Read more
Tools & Practices October 26, 2022 What are the Disadvantages of Password Managers? You will no doubt have heard that one of the most important steps to take to improve security is to use a password manager. A ... Read more
Cyber Threats October 26, 2022 Apple Fixes Actively Exploited 0Day Vulnerability Affecting iPhones and iPads Apple has released a batch of security updates to fix known vulnerabilities in its iOS operating system, including a fix for zero-day iOS vulnerability that ... Read more
Trends & Reports October 25, 2022 Healthcare Industry Warned About Daixin Team Cybercrime Group A joint security alert has been issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Department of Health ... Read more
Cyber Threats October 25, 2022 Threat Actors Advertising Tool for Exploiting Vulnerabilities in Veeam Backup & Replication Several remote code execution vulnerabilities have been identified in the Veeam Backup & Replication application which have been exploited by threat actors, with some threat ... Read more
Cyber Threats October 24, 2022 Study Suggests Risk of Malware Infection from GitHub-Hosted PoC Exploits is Over 10% A recent study, conducted by researchers at Leiden Institute of Advanced Computer Science, suggests the risk of being infected with malware from downloading proof-of-concept (PoC) ... Read more
Trends & Reports October 24, 2022 Cybersecurity Awareness Month: Time to Improve Password Security The theme of October 2022 Cybersecurity Awareness Month is “See Yourself in Cyber” which focuses on people. As the Cybersecurity and Infrastructure Security Agency (CISA) ... Read more
Compliance October 20, 2022 Information of up to 3 Million Advocate Aurora Health Patients Impermissibly Disclosed to Meta and Others Advocate Aurora Health has recently announced that patient data has been impermissibly disclosed to Meta/Facebook and Google as a result of the use of third-party ... Read more
Cyber Threats October 17, 2022 Zimbra Zero-Day Flaw Exploited to Infect at Least 1,600 Servers with Web Shells Patches have been released by Zimbra to fix an actively exploited flaw affecting Zimbra Collaboration (Zimbra Collaboration Suite). The critical flaw, tracked as CVE-2022-41352, is ... Read more
Compliance October 12, 2022 October Patch Tuesday: 90+ Vulnerabilities Patched, but Not ProxyNotShell Flaws Microsoft released patches to fix 96 vulnerabilities across its suite of products on October 2022 Patch Tuesday, including fixes for two zero-day vulnerabilities, one of ... Read more