Blog

Blog

Ransomware Strikes Again in the State of Louisiana

Ransomware hit Louisiana's state government hard yesterday, shutting down multiple websites and email systems after it fell victim for the second time in just a few months to a ransomware attack. In a series of tweets, Louisiana state governor John Bel Edwards revealed that his office had activated a cybersecurity response team in response to an...
Blog

Security for Cloud Services: SaaS Deep Dive

As business adoption of cloud services continues to grow at a rapid pace, so does the need to adapt security methods to accommodate the myriad of options. Traditional best practices often still provide a solid foundation from which to build on, but depending upon the technologies you opt to migrate to the cloud, different challenges and solutions...
Blog

Phishers Targeting Microsoft Office 365 Admin Credentials

Digital fraudsters are stealing Microsoft Office 365 administrator credentials as part of a broader phishing campaign targeting organizations. The campaign began with a phishing email that leveraged Microsoft and its Office 365 brand to lull recipients into a false sense of security. This attack email was unique, however, in that it originated from...
Blog

How to Implement an Efficient Cloud Security Strategy: The Experts Guide

According to IBM, 98 percent of companies will be using multiple hybrid cloud environments by 2021. This trend isn’t surprising. There are many benefits to operating in the cloud such as improved productivity, an increase in elasticity and huge cost-savings, to name a few. However, we keep seeing a range of issues when it comes to cloud security....
Blog

MITRE ATT&CK October Update: Extending to the Cloud

MITRE’s ATT&CK framework is ever evolving. The latest October update extends enterprise coverage to the cloud and adds a considerable list of cloud-specific adversarial techniques. The cloud has seen phenomenal growth over the past few years, as it offers businesses flexibility, reliability and cost-savings. Along with this growth comes new security...
Blog

Phishing Email Instructs Users to Click on "Keep Same Password" Button

Digital fraudsters have launched a new phishing campaign whose attack emails instruct recipients to click on a "Keep same password" button. Bleeping Computer observed that the phishing campaign uses attack emails that arrive with "Account Update" as their subject line. The emails list recipients' email addresses and inform them that their account...
Blog

Aligning SECaaS with Your Organization’s Cloud Security Needs

One cannot underestimate the effect that the ongoing skills gap is having on organizations’ digital security strategies. Gartner estimates that the global number of unfilled digital security positions is expected to grow to 1.5 million by 2020. Reflecting this trend, more than 70 percent of organizations feel that hiring skilled infosec personnel...
Blog

Mitigating Risk and High-Risk Vulnerabilities in Unsupported Operating Systems: BlueKeep Edition

How many times has a vendor released a critical cybersecurity patch for an operating system that is in “end of life” (EOL), or the lifecycle period where the vendor no longer issues patches for bug fixes, operational improvements and cybersecurity fixes free of charge? So if a vendor takes the time and resources to break this freeze and issue a patch...
Blog

Attackers Using PureLocker Ransomware to Target Enterprises' Servers

Researchers have detected a new ransomware family they're calling "PureLocker" which attackers are using to target enterprises' production servers. Intezer detected a sample of the ransomware masquerading as the Crypto++ C++ cryptography library. In their analysis of the sample, they noticed something unusual when they saw that alleged library...
Blog

VERT Threat Alert: November 2019 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-859 on Wednesday, November 13th. In-The-Wild & Disclosed CVEs CVE-2019-1429 A vulnerability in the scripting engine in Internet Explorer can lead to code execution. The attacker could...
Blog

Mexico's Pemex Said It Quickly Neutralized Digital Attack

Mexican state-owned petroleum company Petroleos Mexicanos (Pemex) said that it quickly neutralized a digital attack that struck its computer systems. In a statement released on November 11, a spokesperson for Pemex said that the company had quickly responded to digital attacks that struck its systems...
Blog

What Is NIST’s Cybersecurity Framework Manufacturing Profile?

Executive Order 13636, “Improving Critical Infrastructure Cybersecurity," directed the development of the voluntary Cybersecurity Framework that provides a prioritized, flexible, repeatable, performance-based and cost-effective approach to manage cybersecurity risk for those processes, information and systems directly involved in the delivery of...
Blog

BlueKeep: What you Need to Know

What is BlueKeep? BlueKeep is the name that has been given to a security vulnerability that was discovered earlier this year in some versions of Microsoft Windows' implementation of the Remote Desktop Protocol (RDP). The vulnerability was described as "wormable" by Microsoft, and users were warned that BlueKeep might be exploited in a similar...
Blog

Moving to the Cloud to Save Money? Think Again…

When I meet with customers, I always ask about their primary objective in moving to the cloud. The majority of these customers have the same response: “to save money.” I can’t blame customers for taking this position. Google “cloud deployment” and the headers are dominated by positive articles that offer up anecdotal evidence of how the cloud can...
Blog

Texas HHS Commission Penalized $1.6M for HIPAA Violations

The Texas Health and Human Services Commission (TX HHS) must pay a civil penalty of $1.6 million for having violated HIPAA. The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) imposed the penalty in response to HIPAA violations that took place between 2013 and...
Blog

Thunder on the Horizon: 4 Security Threats for the Cloud

Security is both a benefit and a concern for enterprises when it comes to cloud computing. On the one hand, Datamation found in its State of the Cloud, 2019 survey that many organizations are moving to the cloud because they found that cloud-service providers (CSPs) offer better all-around security than they could achieve by themselves. Specifically...