As an update to our blog post, SolarWinds Software is Being Actively Exploited, SolarWinds has issued an advisory today in which they ask customers who are using affected products listed in conjunction with: Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to upgrade to Orion Platform version 2020.2.1 HF 2 and Orion Platform […]
Active exploitation, possibly dating back to the Spring of this year, in the form of a global intrusion campaign directed at the SolarWinds Orion Platform, software versions 2019.4 HF5 through 2020.2 (with no hotfix installed), and 2020.2 HF1 has been reported by SolarWinds and FireEye. The victims appear to be numerous public and private organizations […]
As an update to our blog post FireEye Red Team Tools Hacked, the NSA has issued a Cybersecurity Advisory stating that state sponsored actors are exploiting a vulnerability in VMWare Access and VMware Manager, which allows malicious actors to access protected data and to abuse federated authentication. This vulnerability, tracked as CVE-2020-4006, has been patched […]
FireEye, a top cybersecurity company, which is involved in the detection and prevention of cyber attacks and cybersecurity related assessments around the world has announced that its Red Team tools have been hacked, and that a nation state actor is responsible. Red Team tools are designed to mimic the tactics of malicious actors and are […]
The Better Business Bureau has issued an alert regarding Zoom related phishing, in which malicious actors seek to deploy malware or steal your credentials via bogus Zoom notifications and invitations. How the scam works: You may receive an email, text or social media update informing you that your Zoom account has been suspended and to […]
CISA (Cybersecurity and Infrastructure Security Agency) advises immediate application of the following Chrome browser updates as these vulnerabilities are currently being exploited. Updating Chrome on Desktops: Google has released version 86.0.4240.183 for Windows, Mac & Linux desktops, which addresses multiple security vulnerabilities, including CVE- 2020 -16009, CVE-2020-15999 & CVE-2020-17087. Updating Chrome on Android Devices: Additionally, […]
As an update to the NYU IT Security News & Alerts post, Zerologon Vulnerability, Windows Admins Advised to Patch Now, Microsoft has issued a blog post advisory reinforcing the original guidance supplied due to the observance of continued exploit of the vulnerability tracked as CVE-2020-1472. Further CISA (Cybersecurity and Infrastructure Security Agency) reports that nation […]
As an update to the recent post, Educational Institutions Worldwide Are Experiencing a Spike in Ransomware Attacks, please be advised that the FBI and DHS (U.S. Department of Homeland Security) have issued a joint advisory, stating that Ryuk, a Russian cyber criminal gang, is preparing to release ransomware targeting those in the healthcare sector. We […]
As part of the August 2020 Patch Tuesday security updates, Microsoft fixed a critical vulnerability in Windows Server systems, dubbed “Zerologon” and tracked as CVE-2020-1472, “Netlogon Elevation of Privilege Vulnerability”, with a criticality score of 10/10. This vulnerability is being actively exploited and allows malicious actors to elevate their privileges to domain level administrator and […]
There has been an uptick in ransomware attacks targeting universities worldwide. Ransomware is a type of malware that is typically deployed via malicious links in phishing messages. Once a malicious link is clicked, ransomware begins encrypting or scrambling files on your device and connected systems. Following the encryption/scrambling of files, a ransom note displays on […]