Category: Security
Cybersecurity Threat Advisory: December 2020 Global Intrusion Campaign
Summary On December 8th, 2020, an extremely pervasive and serious global intrusion campaign was detected and communicated to the broader cybersecurity community and the media. The actors behind this campaign gained access to numerous public and private organizations around the...
Cybersecurity Threat Advisory: Cisco Update to Global Intrusion Campaign
Advisory Overview Cisco has reported that internal machines were compromised within one of their lab environments as a result of the vulnerability found in SolarWinds Orion. There were approximately two dozen computers compromised internally, which have reportedly already been identified...
Cybersecurity Threat Advisory: Multiple Vulnerabilities in SolarWinds N-Central
Advisory Overview The Center for Internet Security has announced that multiple vulnerabilities have been discovered in SolarWinds N-Central. The SolarWinds N-Central vulnerabilities are not associated with the SolarWinds Orion security incident. SolarWinds has released patches for the vulnerabilities and all...
Cybersecurity Threat Advisory: Microsoft Update to Global Intrusion Campaign
Advisory Overview Microsoft has released additional information from their investigation into the SolarWinds Orion incident. Part of their investigation revealed that the threat actors execute multiple levels of privilege escalation and authentication theft after initial compromise through the Orion application....
Untrained end users are the biggest threat to cybersecurity
What is the biggest threat to IT infrastructure right now? According to one of Canada’s premier cybersecurity experts, if you answered malware or ransomware or crypto, you’d be wrong. According to Calgary-based cybersecurity leader Sonya Goulet, the most significant risk...
Cybersecurity service providers need to band together
Managed security service providers (MSSPs) along with global systems integrators that focus on security have a unique marketing and sales challenge. A recent global survey of 2,404 business decision makers conducted by B2B International on behalf of STANLEY Security, a...
Zero-Tolerance: Cheap cybersecurity is always a bad bargain
Cybercriminals have discovered a simple trick for multiplying their effectiveness: target MSPs themselves. If breaching one business’ systems is like slipping past a security guard unnoticed, infiltrating an MSP is like stealing that guard’s whole key ring. A successful MSP...
Cybersecurity Threat Advisory: SolarWinds Orion Backdoor
Advisory Overview SolarWinds Orion, a prominent IT monitoring and management solution, has been compromised with a backdoor by a sophisticated state-sponsored threat actor. The application has been discovered communicating with unknown third-party servers through traffic deliberately designed to mimic normal...
AI poised to make a comeback in 2021
After much fanfare and promise in 2018 and 2019, AI’s role in cybersecurity seemed to fly under the radar in 2020. But AI didn’t go anywhere, and we expect to hear much more about it in 2021. A couple of factors...
Cybersecurity Threat Advisory: FireEye Breach
Advisory Overview FireEye, a major cybersecurity organization, has reported a compromise that resulted in the theft of their suite of Red Team tools. While these tools do not contain any zero-day vulnerabilities, only widely known and documented methods, the theft...
