UPDATE, 12.20.2021: For the latest information on the Log4j cybersecurity threat as it emerges, please see the Cybersecurity & Infrastructure Security Agency (CISA) website. As an update to the recent post, Critical Zero-Day Java Vulnerability, please be advised that CISA (Cybersecurity & Infrastructure Security Agency) and its partners have setup a webpage to track the […]
UPDATE, 12.20.2021: For the latest information on the Log4j cybersecurity threat as it emerges, please see the Cybersecurity & Infrastructure Security Agency (CISA) website. Please be advised that the Java zero-day, dubbed Log4Shell, is being actively exploited. This critical vulnerability affects the Java utility Log4j versions 2.0 – beta9 to 2.14.1, and is being tracked […]
As an update to our prior blog posts on gift card scams, please be advised that gift card scams remain prevalent, and scammers are trying to trick you in new ways. We’ve reported on scammers posing as trusted individuals, groups or charitable organizations, seeking your assistance with gift card purchases, and then asking you for […]
A Server-Side Request Forgery (SSRF) vulnerability, which is being tracked as CVE-2020-40438 impacting Apache HTTP Server 2.4.48 and prior versions has been patched. The CVSS score for this vulnerability is 9/10 (critical). This vulnerability allows unauthenticated malicious actors to force vulnerable HTTP servers to forward requests to arbitrary servers. There are reported exploits, and on […]
On November 17th, it was discovered that the email addresses and customer numbers of 1.2 million active and inactive GoDaddy Managed WordPress customers had been exposed to a malicious actor who used a compromised password to gain access. GoDaddy states that the malicious actor has now been blocked from their system. They are able to […]
With the holidays fast approaching, make sure to that your shopping online safely. For tips on how to spot fake online stores, scammers on legitimate sites and online payment best practices, please see the following SANS newsletter: Shopping Online Securely.
During the final week of CSAM, the call to action is “Cybersecurity First” or to keep cybersecurity in the forefront of our minds as we buy, set-up and use new devices, create new passwords, and review default privacy and security settings. To further the goal of “Cybersecurity First, we are sharing the following tips from […]
“You are entitled to your own opinions, but you are not entitled to your own facts” – Senator Daniel Patrick Moynihan Disinformation is a form of social engineering that aims to play on emotions, and to deceive, mislead and divide people. The goals of malicious actors may be varied, and include creating chaos and doubt […]
What is ransomware? Ransomware is a type of malware and an increasingly common and highly destructive cyber threat. Once a single system or device is infected, ransomware spreads quickly to other connected systems and mounted devices. Ransomware is used to target individuals, corporations, universities, hospitals, utility companies, cities and nation-states. Ransomware encrypts data and locks […]
Cybersecurity Awareness Month is now in its 18th year. The effort serves as a timely reminder for organizations across all sectors to reevaluate their cybersecurity posture. For 2021, the theme is ‘Do Your Part. #BeCyberSmart,’ helping to empower individuals and organizations to own their role in protecting their part of cyberspace. Throughout October, we will […]