Earlier this week, Apple issued another patch—this one is said to address a reported vulnerability that “an application may be able to execute arbitrary code with kernel privileges.” According to Apple, it “is aware of a...more
Security researchers from Avast have discovered that “Crackonosh” malware has been installed on free versions of some popular online games for the purpose of cryptomining. It is believed to be sourced from a Czech author....more
On July 28, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) issued a cybersecurity alert entitled “Top Routinely Exploited Vulnerabilities” in collaboration with the Australian Cyber Security Centre, the...more
On July 19, 2021, the Federal Bureau of Investigations issued a Private Industry Notification to service providers and “entities associated with the Tokyo 2020 Summer Olympics that cyber actors who wish to disrupt the event...more
7/22/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Denial of Service Attacks ,
Digital Service Providers ,
Events ,
FBI ,
Hackers ,
Olympics ,
Popular ,
Ransomware ,
Risk Management ,
Sports ,
Vulnerability Assessments
CYBERSECURITY -
Microsoft Issues Emergency Software Update for PrintNightmare Zero Day Vulnerability -
Following the release of a U.S. Cybersecurity & Infrastructure Security Agency (US-CERT) Coordination Center...more
7/9/2021
/ Bitcoin Mining ,
British Airways ,
Cryptocurrency ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Microsoft ,
Mobile Apps ,
Personal Data ,
Ransomware ,
Software ,
Vulnerability Assessments
In a rare move, the Department of Health and Human Services (HHS) has issued a warning to hospitals and health systems to prioritize the patching of a two-year-old vulnerability in picture archive communication systems...more
7/9/2021
/ Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Hackers ,
Health Care Providers ,
Hospitals ,
Popular ,
Risk Management ,
Security Risk Assessments ,
Vulnerability Assessments
Following the release of a U.S. Cybersecurity & Infrastructure Security Agency (US-CERT) Coordination Center VulNote “for a critical remote code execution vulnerability in the Windows Print spooler services” on June 30,...more
Another fall-out from the SolarWinds incident has surfaced prompting Microsoft to issue a notice to affected customers that an attacker gained access to one of its customer service agents to launch hacking attacks against...more
Although a patch has been available by VMware since May 25, 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and Cyber Command this week urged users of VMware to update and...more
The FBI recently issued a Flash Alert to Fortinet Fortigate users that Advanced Persistent Threat (APT) groups are continuing to exploit devices that have not been patched. Although Fortinet issued patches for these...more
Since the Colonial Pipeline and JBS meat manufacturing security incidents, attention is finally being paid to the cybersecurity vulnerabilities of critical infrastructure in the U.S. and in particular, the potential effect on...more
If you are on top of updating your iPhone patches when a new operating system is released by Apple, you probably updated your iOS to version 14.5 when Apple released it last week....more
Coveware issued its Q1 2021 Ransomware Report on April 26, 2021, which concludes that “[D]ata exfiltration extortion continues to be prevalent and we have reached an inflection point where the vast majority of ransomware...more
The National Security Agency (NSA) recently issued a warning to private industry about four zero-day vulnerabilities in Microsoft Exchange Server versions 2013, 2016, and 2019 used on-premises....more
Another example of the resiliency and creativity of cyber-attackers is outlined in a new blog by Cisco/Talos researchers, which outlines how, over the past year, and in particular as a result of the migration from work at the...more
4/16/2021
/ Cisco ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Information Technology ,
Malware ,
Remote Working ,
Risk Management ,
Slack ,
Telecommuting ,
Vulnerability Assessments
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) recently released a free tool that will assist organizations with identifying indicators of compromise following threat activity in...more
CYBERSECURITY -
GAO Report Identifies Need for DOE to Address Risks to Electrical Distribution System -
The United States Government Accountability Office (GAO) recently completed and published a study on electricity...more
4/2/2021
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Drones ,
Email ,
FBI ,
GAO ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Infrastructure ,
OCR ,
Personal Data ,
Personally Identifiable Information ,
Right of Access ,
Vulnerability Assessments ,
Wal-Mart
State and local governments have been hammered with business email compromise (BEC) attacks over the past few years and the onslaught does not appear to be abating....more
CYBERSECURITY -
$50 Million Ransom Demand is Largest Ever -
In what is being reported as the largest ransom demand ever, Taiwanese electronics and computer manufacturer Acer has reportedly been hit with a ransomware...more
3/26/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Drones ,
Facebook ,
Hackers ,
Honeywell International ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Vaccinations ,
Vulnerability Assessments
Although many students are returning to in-class learning, many others are still in a hybrid situation or fully remote at their own request. The rapid transition from in-school to the at-home learning setting has necessitated...more
CYBERSECURITY -
Microsoft Releases Additional Resources for Exchange Flaws and CISA Issues Alert -
As we alerted our readers last week, Microsoft announced that its Exchange email servers have been compromised, which is...more
3/12/2021
/ California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Drones ,
Hackers ,
Legislative Agendas ,
Microsoft ,
Personally Identifiable Information ,
Preemption ,
Regulatory Agenda ,
Surveillance ,
Vulnerability Assessments ,
Wal-Mart
As we alerted our readers last week, Microsoft announced that its Exchange email servers have been compromised, which is estimated to affect at least 30,000 companies based in the United States....more
I continue to be amazed in my day-to-day virtual conversations by how many people are unaware of one of the most devastating compromises ever to happen—the recent compromise of Microsoft’s Exchange versions 2013-2019....more
In a rare sharing of information about vulnerabilities in a blog post, Microsoft this week urged customers to download software patches to Microsoft Exchange Server after it detected “multiple 0—Day exploits being used to...more
Although somewhat obvious, the World Economic Forum, in partnership with Marsh McLennan, SK Group and Zurich Insurance Group, recently issued its 16th edition of the Global Risks Report (the Report), which analyzes “the risks...more