Cybersecurity Legal and Compliance Focus: State of Ransomware
Mar 23, 2022
There is a vast digital crime wave unleashing against public and private sector organizations around the world.
The rise of crimeware, also known as software designed to commit a crime, is so significant that analysts predict the global market could reach a value of $10.5 trillion as soon as 2025.
Ransomware has enjoyed a renaissance as of late. Cring, REvil, Ryuk, Maze, and Conti all make international headlines and are tied to high-profile exploit attempts at market-leading companies worldwide.
RCE Vulnerability found in Cisco Small Business RV Series routers
Mar 22, 2022
On April 7th, Cisco released a security advisory announcing the discovery of a vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers that could allow for an unauthenticated, remote attacker to execute arbitrary and potentially malicious code on affected devices.
This vulnerability is being caused by improper validation of user-supplied input in the web-based management interface. A malicious threat actor could exploit this vulnerability by sending specially designed HTTP requests to a targeted device. A successful exploit would allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.
At this time, Cisco has not released software updates that will address this vulnerability. There are also no known workarounds that address this vulnerability.
Historic White Hat Hacking Bounties and the Benefits of White Hat Hacking
Mar 21, 2022
2021 is on-track to be one of the most significant years of all-time when it comes to white hat hacking bounties being paid out for efforts to identify bugs, secure digital infrastructure, and help public and private organizations to be more secured in quickly changing digital environments.
In this article, we will cover everything you need to know about bug bounty programs in 2021 and why they can be such lucrative and tempting options for information security professionals.
2021 Cybersecurity Guide to Law Firm Data Security – Developing a More Resilient Posture to Emerging Cyber Threats
Mar 21, 2022
Read on to learn more about the steps law firms must take to develop a more resilient posture to emerging cyber threats.
Is It Time for Your Law Firm to Switch to Managed IT Services?
Mar 20, 2022
Learn about the importance of switching to managed IT services to build cyber resilience within your law firm.
On-Going Cybersecurity Challenges Faced by Credit Unions and Community Banks
Mar 19, 2022
Financial service institutions traditionally relied on making strategic capital investments to complete physical infrastructure projects to secure the valuable assets their customers entrusted them to protect. Think special features such as the New York Federal Reserve's 90-ton steel cylinder door blocking entry to the vault containing the world's largest bullion depository. Today, however, banks are forced to think of security in a more holistic way to counter the ongoing and evolving landscape of cybersecurity challenges.
Protecting Account Holders Data Security at Credit Unions and Community Banks
Mar 18, 2022
Learn more about the importance of developing enhanced cybersecurity practices to support credit unions and community banks
Global Penetration Testing Industry Market Analysis: White Hat Hacking for Enhanced Digital Security
Mar 18, 2022
There has never been a time in global history when penetration testing was more important to governments and companies around the world.
In just the first 4 months of 2021, high profile events such as the State Capitol Attack , SolarWinds attack, and Microsoft Exchange Data Breach have brought a renewed focus to the topic of cyber security by revealing how vulnerable physical and digital infrastructure can be in a rapidly evolving world.
In this article, we will explore the unique market dynamics driving the global penetration market and the immense opportunities available for white hat hackers to apply their skills and help secure our world.
Implementing KYC Practices to Meet Regulatory Challenges
Mar 14, 2022
Anti-Money Laundering (AML) and Know-Your-Customer (KYC) guidelines, and the regulatory requirements driving them, are constantly evolving.
Learn more about implementing KYC practices to meet regulatory challenges and associated ongoing challenges.
Countering Microsoft Exchange Vulnerabilities: DOJ Authorizes Warrant to Address Cybercrime Against Americans
Mar 12, 2022
Learn about Microsoft Exchange vulnerabilities and what this could mean for your organization, how you should respond, and government implications.
FBI and CISA Release Bulletin Citing Hackers’ On-Going Efforts to Exploit Fortinet Vulnerabilities
Feb 10, 2022
On Friday, April 2nd, the United States Federal Bureau of Investigation (FBI) and Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) released a joint bulletin titled APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks announcing that they had observed advanced persistent threat (APT) actors scanning devices and seeking to exploit vulnerabilities in Fortinet’s FortiOS.
Detailing the Ransomware Attack that Shut Down US Gas Pipeline
Jan 15, 2022
One of the most disruptive cyber-attacks in history, the ransomware attack on the Colonial Pipeline shut down, caused outages at gas stations in more than a dozen states. The FBI has named the group responsible, which operates Ransomware as a Service (RaaS) for itself and other cybercriminals.
Part 2: Security Blind Spots: How Trust Concealed the SolarWinds Attack
Jan 14, 2022
The concept of trust is fundamental to cyber security. It is how cyber security professionals control access to private information. Trusted users and applications are allowed to access private information and those that are untrusted are not.
The SolarWinds attack demonstrated how this defense can be breached on an incredibly grand scale. Over 100 organizations were penetrated by Russian-state hackers that surreptitiously inserted malware into trusted software. Prestigious U.S. government agencies and Fortune-ranked corporations blithely installed the Trojan horse in their networks because they trusted its source.
Part I: Security Blind Spots: How the Microsoft Exchange Hack Preys on SMBs
Jan 13, 2022
For most SMBs, email remains the lifeblood of business communications, carrying vital internal messages between employees, plus critical information needed externally by customers, suppliers and partners. A disruption to the organization’s email service can cause serious financial harm and damage to its brand.
Gradient for Microsoft 365
Our analysts monitor the Gradient Cyber platform for data from Microsoft Active Directory looking for activity that provides information about user behavior and threat detection. High-value accounts are closely monitored for additional parameters with custom alerts based on customers’ needs.
