Systems Engineering is aware of the FBI and CISA joint security advisory indicating threat actors are potentially using multiple Common Vulnerabilities and Exposures (CVE) to exploit Fortinet operating systems, known as FortiOS. The advisory calls out three vulnerabilities that may be used to gain access to business networks to begin data exfiltration or data encryption attacks. Vulnerabilities include;
Systems Engineering is aware of multiple vulnerabilities within Cisco Jabber Client software. These vulnerabilities affect Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for Mobile platforms. Vulnerabilities include:
Would it surprise you to know that cybercriminals aggressively target individuals over corporate infrastructures in their attacks? This is because it is easier and ultimately more profitable for hackers to target unsuspecting people. Threat actors target people in a myriad of ways in hopes of stealing credentials or uploading malicious apps into business networks to obtain a solid payday or gain access to sensitive data. According to research done by Proofpoint, a leading cybersecurity and compliance company, more than 99% of the attacks observed required human interaction to succeed.
Qualys Cloud Platform is the incident response and breach prevention vendor used at Systems Engineering to perform monthly external vulnerability scan for our customers. Recently, Qualys released a statement relating to a previously identified zero-day exploit in one of their third-party solutions (Accellion FTA).
UPDATE MARCH 8, 2021
Systems Engineering learned of the Exchange on-premises server vulnerability on Tuesday, March 2nd, and activated our incident response plan.
Important information for organizations who have Microsoft Windows Server 2008 Domain Controllers or with unsupported systems.
Within the last decade, small to medium-sized businesses (SMB) have embraced cloud technologies. The promises of agility, productivity, resiliency, and scalability are appealing benefits to any business leader. If you were to look around your business today, you may find the cloud touching almost every aspect of it. While cloud technologies offer significant benefits, they also introduce new security risks. This leaves executives searching for effective cybersecurity tools and solutions to reduce chances of a high-priced, high-profile data breach.
Cybercriminals have small to medium-sized businesses in their crosshairs, and they are using phishing emails to lure them in. The reality is, any organization with sensitive data can be a target for cybercriminals. They have learned to precisely craft their phishing emails to trick spam filters and fool unsuspecting victims into clicking. Once this happens, the cybercriminals have the green light to proceed with their scam. Learn about the types of phishing emails used today and steps your organization can take to reduce the risk of phishing attacks.
Cybercrime is a persistent, complex fight against the unseen. Elusive cybercriminals continually hone their hacking skills to target millions of unsuspecting users and exploit their digital weaknesses. They are usually driven by financial gain, and it is predicted that ransomware attacks against businesses will occur every 11 seconds by the end of this year. This estimate doesn't include individual attacks which occur even more frequently (Cybersecurity Ventures). Employing the right cybersecurity strategies to stay ahead of their endless attacks can sometimes feel like the cybersecurity goalpost is moving every second.
On Tuesday, January 26, 2021 Apple support released a new update for iPhone and iPad with security fixes for three vulnerabilities that may have been actively exploited. The latest version of iOS & iPadOS 14.4 fixes the security bugs that may be under active attack by hackers.