Insights

Cyber Regulations Grow Stricter

California and New York already have strict regulations governing the protection of citizens’ private information. Proposed changes will make them even stricter and provide better protection for peoples’ private information. 

Are you still compliant?


New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar

A new exploit rated at most serious CVSS 10.0 allows attackers to execute code on the compromised devices and servers. It is imperative that the patch be installed as soon as possible. If the servers can be removed from the internet, even better. 

Install patch immediately


Patch high-severity ‘Reptar’ Intel chip bug soon, say security pros

A recently discovered vulnerability in some Intel chips is quite serious with a CVSS rating of 8.8. The vulnerability allows attackers to shut down hypervisors which oversee all the cloud servers. If this occurs, every user would be unable to work. There is a patch available, install it immediately. 

Patch Intel chips ASAP


'AlphaLock' Hackers Launch 'Pen-Testing Training' Group

Why attempt to break into company devices and servers when you can be invited in? In a new attack angle, cybercriminals are training their people in Pen testing, penetration testing that looks for holes. They then set up companies that performed pen testing. Every company needs pen testing. Be careful who you hire. 

 

Attackers set up Pen testing company


BlackCat Gang Tattles to SEC About Victim Not Disclosing Breach

First cybercriminals encrypted your information and required a ransom payment to decrypt it. When companies began not paying, they exfiltrated private information and threatened to reveal it publicly if the ransom wasn’t paid. Now they went a step further. One company didn’t pay the ransom or report the breach. The attackers reported them to the regulators.    

 

Cyberattackers report victim to SEC


Cyber Insurers – Friend or Foe?

Cyber insurers are demanding more information about protections in place before approving a policy application. This can be challenging but can also be helpful in being cybersafe. The rates increases for not having the proper precautions in place can be used to justify cyber security expenses. 

Cyber Insurers demanding more information


Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable

The Atlassian bug reported recently has been raised to a 10, the highest level of severity. If you use any of the affected systems patch now!

 

Atlassian vuln raised to a 10


CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation

CISA, the government cyber security watchdog issued an alert about a vulnerability in the Service Location Protocol, SLP, that allows attackers to compromise the device and use it in Distributed Denial of Service attacks against others. 

 

Atlassian Vuln raised to a 10


Treasury Markets Disrupted by ICBC Ransomware Attack

In an unfortunate example of how interconnected the financial markets are around the world, a breach at China’s largest bank disrupted trading around everywhere. 

 

Bank compromise affects world wide trading


Court rules automakers can record and intercept owner text messages

Few people know that connecting your phone to your car’s infotainment system gives the car manufacturer permission to capture all your texts and sell information about you to advertisers. 

 

Car makers can record your texts and sell them