As we have pointed out before, it is cumbersome yet critical, to patch vulnerabilities on a timely basis. Cyber-attackers move swiftly to take advantage of known vulnerabilities and are aware of the challenges organizations...more
Unscrupulous criminals use crises to their advantage. Scammers are using the conflict in Ukraine to bilk money from people trying to help those impacted from the attacks....more
The cybersecurity authorities of the United States (including CISA, FBI, NSA and DOE), Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) on April 20, 2022, “to warn...more
4/21/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Military Conflict ,
Regulatory Agencies ,
Risk Management ,
Russia ,
Ukraine ,
Vulnerability Assessments
Microsoft released its monthly patches this week to fix 128 vulnerabilities, including 10 rated as critical, 115 as important, and three flagged as moderately severe. One of the vulnerabilities (CVE-2022-24521 Windows Common...more
Scammers use familiarity to get victims to fall for their scams. One way to do that is to spoof a cell phone number from the same area code to make the targeted person think that the person calling or texting them is someone...more
Although we are receiving frequent alerts from CISA and the FBI about the potential for increased cyber threats coming out of Russia, China continues its cyber threat activity through APT41, which has been linked to China’s...more
Organizations often struggle with budgeting for cybersecurity risk and mitigation. It’s hard to see the return on investment for prevention of things that attack the company through the clouds....more
A joint Cybersecurity Advisory issued by U.S. and international partners, entitled “2021 Trends Show Increased Globalized Threat of Ransomware,” warns of “the growing international threat posed by ransomware over the past...more
Threat actors don’t wait for a convenient time to attack your company. They attack when it suits them, and when they can find any small opening. Being prepared for different types of attacks helps companies prepare for the...more
CYBERSECURITY -
CISA Warns “Every Organization” in U.S. to Assess + Respond to Cyber Risks -
The Cybersecurity & Infrastructure Security Agency (CISA) recently issued another warning to “every organization” in the...more
1/28/2022
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Drones ,
FERC ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Robots ,
Transmission Grid ,
Vulnerability Assessments
It’s very hard to keep up with digital and crypto lingo. But if you are dabbling in crypto, you need to know about rug pulls. What is a rug pull you ask? According to blogger Migi Delfin, “A rug pull is a fraud scheme that...more
1/28/2022
/ Bitcoin ,
Cryptocurrency ,
Digital Currency ,
Financial Crimes ,
Financial Fraud ,
Hackers ,
Risk Management ,
Smart Contracts ,
Token Sales ,
Virtual Currency ,
Vulnerability Assessments
The Cybersecurity & Infrastructure Security Agency (CISA) recently issued another warning to “every organization” in the U.S. about cybersecurity risks during the ongoing escalation of tension between the U.S. and Russia over...more
1/27/2022
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
New Guidance ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Russia ,
Ukraine ,
Vulnerability Assessments
Microsoft has issued frequent updates on the Log4j vulnerability that we have been hearing so much about. The vulnerability is a serious problem that will become more widespread as time goes on....more
1/14/2022
/ China ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
The Cybersecurity & Infrastructure Security Agency (CISA), jointly with the FBI and NSA, issued a Cybersecurity Advisory on January 22, 2022, to warn organizations, especially critical infrastructure operators, to be on...more
1/14/2022
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
National Security Agency (NSA) ,
Risk Management ,
Russia ,
Vulnerability Assessments
In what I would describe as an unusual but interesting move by the Federal Trade Commission (FTC), on January 4, 2022, it issued a warning to companies “to remediate Log4j security vulnerability” or face an enforcement action...more
It was a crazy weekend for cyberattacks. People seem surprised, but those of us in the industry aren’t surprised one bit. It is very logical and foreseeable that hackers are leveraging attacks that have maximum disruption on...more
12/17/2021
/ Cloud Computing ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Popular ,
Risk Management ,
Software ,
Vulnerability Assessments
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued guidance on protecting the security of organizations’ social media accounts to reduce the risk of unauthorized access to those accounts....more
On December 6, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) updated a previously issued Alert entitled APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine...more
Researchers at Mandiant have recently reported that a new ransomware group calling itself Sabbath appears to be the rebranded group Arcane and “picked up their pace” in November....more
12/2/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Educational Institutions ,
Hackers ,
Health Care Providers ,
Information Technology ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI issued a joint Alert this week, entitled “Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends” outlining...more
11/24/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Holidays ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
As we enter the holiday shopping season, cyber criminals are sharpening their cyber-scam strategies. We like to remind our readers about the enhanced risk during the holidays. There has been an increase in online shopping...more
The Cybersecurity & Infrastructure Security Agency (CISA) issued the Cybersecurity Incident & Vulnerability Response Playbooks: Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability...more
Staying current with Microsoft’s monthly patches is challenging, yet critical for one’s cybersecurity program. This week, Microsoft’s November Patch Tuesday released 55 patches, six of which were categorized as “critical,”...more
The FBI issued a Private Industry Notification on November 2, 2021, warning companies that “ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim...more
11/5/2021
/ Corporate Sales Transactions ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
FBI ,
Hackers ,
Information Technology ,
Investment Opportunities ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
In a blog post entitled “New activity from Russian actor Nobelium,” Microsoft’s V.P. of Customer Security & Trust Tom Burt discussed a recent alert issued by the Microsoft Threat Intelligence Center (MSTIC) regarding the...more
10/29/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Microsoft ,
Phishing Scams ,
Popular ,
Risk Management ,
SolarWinds ,
Supply Chain ,
Third-Party Service Provider ,
Vulnerability Assessments