You are here

Home » Cybersecurity

Cybersecurity

Security Awareness – The Benefits of Executive Leadership Cybersecurity Training

Cybersecurity training is imperative for every employee of an organization, including C-suite executives. With the near saturation of Business Email Compromise (BEC) scams, threat actors are also targeting executive level accounts, in part because of their privileged access and sensitive communications. Thus, it’s important for executives to receive specialized role-based awareness training. To begin, executives should understand the financial risk associated with not maintaining an adequate cyber defense posture. Its also important for senior leadership to lead by example.

Encouraging a Zero Trust Culture

A zero trust framework can significantly reduce a threat actor’s ability to move laterally within a network and greatly enhance an organization’s overall cybersecurity posture. Unfortunately, despite federal guidance, zero trust has not gained much momentum. The concept of zero trust, to “never trust, always verify,” may seem daunting. However, according to an article in ThreatPost, zero trust isn’t necessarily about buying the next shiny thing, but “a change in mindset on how one wishes to operate their business in a secure way.”

Security Awareness – Google Products Exploited by Threat Actors

Threat actors are exploiting multiple Google products to scam victims for potential account takeovers. Fraudsters have been exploiting Google Docs to spread malware and harvest credentials. Since December 2021, security researchers at Avanan have observed a massive campaign of threat actors exploiting the comments feature in Google Docs to target victims. The attacks have mostly been observed targeting Outlook users.

(TLP:WHITE) Joint Cybersecurity Advisory (AA22-011A) Issued to U.S. Critical Infrastructure for Understanding and Mitigating Russian State-Sponsored Cyber Threats

Akin with public guidance and recommendations shared in mid-December by CISA and the White House regarding protecting against malicious cyber activity before the holidays, federal agencies have jointly released Understanding

FBI FLASH: FIN7 Cyber Actors Target US Businesses Through USB Keystroke Injection Attacks

The FBI has published a TLP:GREEN FLASH warning that FIN7 cyber actors are targeting U.S. businesses through USB keystroke injection attacks. The FLASH indicates that since November 2021, the cyber criminal group FIN7 has been observed targeting the US defense industry with a package containing a fraudulent thank you letter, counterfeit Amazon gift card, and a USB device.

Cybersecurity Tips for a Hybrid Workforce

As we enter another year of the pandemic, employees working from home and in the office has become the norm across many industries. This hybrid work model greatly increases the attack surface for threat actors to exploit. Thus, the beginning of the new year, when many reevaluate organizational strategies, may be a good time to review existing cyber defenses in regard to the hybrid work environment. Email and enterprise-grade tools/applications could be a good place to start.

Situational Awareness – Microsoft Releases Emergency Windows Server Update

This week, Microsoft issued an Out-of-band (OOB) update to resolve Remote Desktop issues affecting Windows server products. While this is not a security update, it is notable for utilities relying on Remote Desktop that might be experiencing performance issues. According to Microsoft, users “might experience a black screen, slow sign in, or general slowness. You might also be unable to use Remote Desktop to reach the server. In some circumstances, the server might stop responding.” As of January 5, Microsoft released OOB updates for all Windows Server versions.

Pages

Subscribe to Cybersecurity