As cloud service consumers, we have become accustomed to downloading productivity applications or using cloud storage repositories to help us in our daily activities. With the recent rise of remote working, it was not uncommon for an employee to use apps and tools that helped them be productive and fill a need in their workday. Their good intentions were honorable, however, this type of activity can create cybersecurity risks for an organization. The practice of employees deploying tools and services without the knowledge or proper vetting from IT management is known as Shadow IT.
The July 2021 Microsoft Patch Tuesday updates were released on July 13. One of those patches addressed a publicly disclosed but unexploited, zero-day vulnerability classified as CVE-2021-34473 - Microsoft Exchange Server Remote Code Execution Vulnerability. This vulnerability affects on-premises Exchange servers 2013, 2016, and 2019, and was assigned a severity of critical.
It has been well over a year since the shift to remote work began, and now many companies are planning a move back to the office. Before the transition is made, a major point to consider is that the traditional workplace may no longer fit the needs of a post-pandemic workforce.
UPDATE: July 27, 2021
In a Friday, July 23, 2021 announcement, the Kaseya Incident Response team reported no reports or issues with their remediation efforts for customers impacted by the July 2nd localized ransomware attack against their VSA on-premises product. Due to this positive report, Systems Engineering has resumed the use of the two unaffected Kaseya modules we were monitoring as a result of the original VSA attack.
UPDATE: July 7, 2021
As of July 6th, Microsoft has completed investigations and released security updates (patches) to address the Windows Print Spooler vulnerability. Systems Engineering recommends patching your workstations and servers to address this and any future vulnerabilities. Our clients who
The promise of increased productivity in the cloud continues to ring true now more than ever. Access to corporate data from anywhere at any time while simultaneously collaborating as a team has kept so many businesses productive and competitive in our remote work environments. The caveat of access from anywhere is that without sufficient cybersecurity and risk management strategies, threat actors can also gain access to your sensitive corporate data.
Cybersecurity incidents are on the rise and not slowing down. This year, the nation has seen malicious cyberactivity against private sector companies such as SolarWinds, Microsoft Exchange, and most recently, the Colonial Pipeline. Cybercriminals also took advantage of the chaos brought on by the pandemic.
