Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Patching vulnerabilities is a difficult task. Keeping up with and patching them without disrupting users’ experience is tricky. Nonetheless, it is a necessary evil and crucial to cybersecurity hygiene and incident prevention....more
CYBERSECURITY - CISA Recommends Following Microsoft’s Mitigation for Zero Day Exploits - Microsoft recently issued mitigation steps for vulnerabilities that are being actively exploited by threat actors. Microsoft...more
Microsoft recently issued mitigation steps for vulnerabilities that are being actively exploited by threat actors. Microsoft stated that it is aware that two vulnerabilities are being actively exploited to access users’...more
On March 15, 2021, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which will require critical infrastructure owners and operators (among other things) to report...more
CYBERSECURITY - November's "Patch Tuesday" Includes 55 Patches - Staying current with Microsoft’s monthly patches is challenging, yet critical for one’s cybersecurity program. This week, Microsoft’s November Patch...more
Following the release of a U.S. Cybersecurity & Infrastructure Security Agency (US-CERT) Coordination Center VulNote “for a critical remote code execution vulnerability in the Windows Print spooler services” on June 30,...more
CYBERSECURITY - Law Enforcement Takes Down DoubleVPN - I love seeing another win for law enforcement in the cyber context. Servers and web domains owned by DoubleVPN, a virtual private network, were seized recently...more
CYBERSECURTY - U.S. CISA + Cyber Command Warns of Critical Flaw in VMware - Although a patch has been available by VMware since May 25, 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure...more
The National Security Agency (NSA) recently issued a warning to private industry about four zero-day vulnerabilities in Microsoft Exchange Server versions 2013, 2016, and 2019 used on-premises....more
CYBERSECURITY - Cisco/Talos Researchers Find Attackers Using Slack and Discord to Distribute Malware - Another example of the resiliency and creativity of cyber-attackers is outlined in a new blog by Cisco/Talos...more
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) recently released a free tool that will assist organizations with identifying indicators of compromise following threat activity in...more
As we alerted our readers last week, Microsoft announced that its Exchange email servers have been compromised, which is estimated to affect at least 30,000 companies based in the United States....more
I continue to be amazed in my day-to-day virtual conversations by how many people are unaware of one of the most devastating compromises ever to happen—the recent compromise of Microsoft’s Exchange versions 2013-2019....more
- Utah Pathology Services, based in Salt Lake City, has reported a data breach involving approximately 112,000 patients. According to the medical practice’s “Notice of Data Incident,” the practice learned June 30 that “an...more