Systems Engineering is aware of the FBI and CISA joint security advisory indicating threat actors are potentially using multiple Common Vulnerabilities and Exposures (CVE) to exploit Fortinet operating systems, known as FortiOS. The advisory calls out three vulnerabilities that may be used to gain access to business networks to begin data exfiltration or data encryption attacks. Vulnerabilities include;

Systems Engineering is aware of multiple vulnerabilities within Cisco Jabber Client software. These vulnerabilities affect Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for Mobile platforms. Vulnerabilities include:

In 1970, around the same time David Bowie was writing “Changes”, Alvin and Heidi Toffler wrote a book entitled “Future Shock,” arguing that the ever-accelerating rate of technological and social change would create fear, confusion, and tension across the globe. In the last 50 years, their predictions have been largely prescient. While cloud technologies keep getting better and have improved our lives in a myriad of ways, there is no doubt that it leaves some people’s heads spinning. So how do you keep up with the cloud?

Would it surprise you to know that cybercriminals aggressively target individuals over corporate infrastructures in their attacks? This is because it is easier and ultimately more profitable for hackers to target unsuspecting people. Threat actors target people in a myriad of ways in hopes of stealing credentials or uploading malicious apps into business networks to obtain a solid payday or gain access to sensitive data. According to research done by Proofpoint, a leading cybersecurity and compliance company, more than 99% of the attacks observed required human interaction to succeed.

Qualys Cloud Platform is the incident response and breach prevention vendor used at Systems Engineering to perform monthly external vulnerability scan for our customers. Recently, Qualys released a statement relating to a previously identified zero-day exploit in one of their third-party solutions (Accellion FTA).

UPDATE MARCH 8, 2021

Systems Engineering learned of the Exchange on-premises server vulnerability on Tuesday, March 2nd, and activated our incident response plan.  

Have you wanted to move some or all of your organization's infrastructure to a cloud service provider (CSP) such as Microsoft Azure, but have reservations? These could include security, compliance, and/or costs — areas you would not want to have surprises. This is why it is important to consider how you will get you there in a way that is both secure and optimized for cost and performance. To help you navigate this process, we put together some key points to consider in your cloud migration strategy.

Important information for organizations who have Microsoft Windows Server 2008 Domain Controllers or with unsupported systems.

Within the last decade, small to medium-sized businesses (SMB) have embraced cloud technologies. The promises of agility, productivity, resiliency, and scalability are appealing benefits to any business leader. If you were to look around your business today, you may find the cloud touching almost every aspect of it. While cloud technologies offer significant benefits, they also introduce new security risks. This leaves executives searching for effective cybersecurity tools and solutions to reduce chances of a high-priced, high-profile data breach.

Cybercriminals have small to medium-sized businesses in their crosshairs, and they are using phishing emails to lure them in. The reality is, any organization with sensitive data can be a target for cybercriminals. They have learned to precisely craft their phishing emails to trick spam filters and fool unsuspecting victims into clicking. Once this happens, the cybercriminals have the green light to proceed with their scam. Learn about the types of phishing emails used today and steps your organization can take to reduce the risk of phishing attacks.