Collaborate Disseminate
More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%,” ransomware incident response firm Coveware ha… Continue reading Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!
Your organization has been hit by ransomware and a decision has to be made on whether or not to make the ransom payment to get your data decrypted, deleted from attackers’ servers, and/or not leaked online. The decision will depend on a variety o… Continue reading Ransomware group maturity should influence ransom payment decision
Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC e… Continue reading PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)
Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. “Many of… Continue reading BSAM: Open-source methodology for Bluetooth security assessment
This collection of free cybersecurity guides covers a broad range of topics, from resources for developing cybersecurity programs to specific guides for various sectors and organizations. Whether you work for a small business, a large corporation, or a… Continue reading 10 free cybersecurity guides you might have missed
Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML aut… Continue reading Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)
The US National Institute of Standards and Technology’s framework defines federal policy, but it can be used by private enterprises, too. Here’s what you need to know. Continue reading NIST Cybersecurity Framework: A Cheat Sheet for Professionals
A swift esponse to a major outage can make a big difference in regards to retaining customer confidence. Continue reading What the AT&T Outage Can Teach Organizations About Customer Communication and IT Best Practices
ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. “There is no evidence that these vulnerabilities have been exploited in the wil… Continue reading Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!
QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the … Continue reading QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)