Category: Security
IT spending outlook for 2022 looks better than 2021
The outlook for IT spending for cloud and managed services for 2022 looks promising, assuming organizations can acquire the hardware needed to drive application deployments. A Spiceworks Ziff Davis (SWZD) survey of more than 1000 IT buyers in North America...
Cybersecurity chain of command crucial to deterring a breach
Who’s on first? What’s on second? I don’t know who’s on third? That’s an old comedic bit from the classic comedy duo Abbott and Costello. Anyone under age 50 probably isn’t familiar with them. But if you are, that classic...
Cybersecurity Threat Advisory: Microsoft Azure OMIGOD Vulnerability
Threat Update Microsoft’s September 2021 Patch Tuesday addressed four major vulnerabilities that impact users of Microsoft’s Azure platform. They are tracked as CVE-2021-38647 and CVE-2021-38648. They are referred to as OMIGOD, referencing “Open Management Infrastructure,” the agent which makes Azure...
Cybersecurity Threat Advisory: BulletProofLink Phishing-as-a-Service (PhaaS) Campaign
Threat Update Microsoft recently released the results and analysis from its deep dive into BulletProofLink, a large-scale phishing-as-a-service (PHaaS) operation that follows a software-as-a-service (SaaS) business model. This model allows threat actors to purchase phishing kits and email templates in...
Cybersecurity Threat Advisory: AWS Workspaces Remote Code Execution
Threat Update Rhino Security Labs has discovered a vulnerability in the AWS WorkSpaces desktop client, tracked as CVE-2021-38112, which allows commands to be executed if a victim opens a malicious WorkSpaces URI from their browser. Since the report’s release, Amazon...
Cybersecurity Threat Advisory: Office 365 Zero-Day Attacks
Microsoft has released a mitigation for a vulnerability which exists on Windows 10 and can be exploited to launch zero-day attacks against Office 365 and Office 2019. Identified as CVE-2021-40444, this vulnerability could allow attackers to execute arbitrary code on...
Tech Time Warp: Swen worm poses as security patch
The hits for network admins kept coming in late summer/early fall 2003. Just weeks after the Blaster-Welchia-SoBig.F triple punch, the Swen worm wriggled its way onto at least 1.5 million computers. Like so many other pieces of malware, Swen exploited...
Cybersecurity implications of PIPL
Idyllic fields of corn and soybeans spread out in all directions from a small midwestern manufacturing campus. Tucked within a town of around 20,000 people, the facility seems worlds away. But a recent data breach on the company’s servers illustrates...
MSPs need to keep an eye on “soft targets”
I talk to MSP owners weekly about cybersecurity trends in the industry and which trends are the most troubling. By far, what I hear about most in 2021 is ransomware. And the statistics bear out the fear of ransomware hitting...
Cybersecurity Threat Advisory: Malicious Word Files Disguised as Windows 11 Documentation
Threat Update Security researchers have discovered recent attempts by threat actors to infect machines with malicious Word documents containing VBA macros and JavaScript to plant a backdoor and create persistence. These Word documents are disguised as documentation or information related...
