Are you ready to close this book? What a journey 2021 has been. We’ve extremely enjoyed seeing our customers face-to-face and online, and building stronger relationships by understanding their challenges — because it’s what we do! 2021 did read through like a thriller book of phishing scams and ransomware attacks. And as a typical thriller, some […]
13
Dec
Dec
Some of you may know, a severe vulnerability was discovered in Log4j, a Java logging package. This ubiquitous package is included in products such as Apache and Apple products. Worse yet, this component is so widely used — that it is believed to be within multiple components within applications. This means that security teams worldwide […]
30
Nov
Nov
Threat actors are actively exploiting a misconfigured Google Cloud Platform (GCP) infrastructure to mine cryptocurrency. Google’s recent threat horizon report detailed that out of 50 recently compromised GCP instances, 86% were used for crypto mining. Statistics show that 48% of intrusions were the result of poor password hygiene and or insecure API configurations. However, 26% […]
23
Nov
Nov
Threat actors are leverage known vulnerabilities against unpatched exchange servers to distribute malware and avoid detection by abusing internal reply-chain emails. TrendMicro researchers have discovered that threat actors have distributed malicious emails to internal employees on corporate networks through an interesting tactic. They start by exploiting Microsoft exchange servers which remain vulnerable to ProxyLogon and […]
16
Sep
Sep
An ongoing Zloader campaign utilises a new methodology to disable Microsoft Defender Antivirus. Formerly known as Windows Defender. Microsoft Defender Antivirus is currently running on over a billion instances of Windows 10, according to Microsoft’s own statistics. The threat actors have begun to utilise various applications such as Discord, TeamViewer and Zoom advertisements on Google […]
15
Sep
Sep
Software companies have naturally embraced the cloud. It provides countless benefits for their clients, ranging from the lack of installation or maintenance of on-premises solutions to the ease of scalability. However, with benefits come risks as it provides Threat Actors with a single, centralised internet-facing target. Consequently, security becomes paramount. If you are a SaaS […]
12
Aug
Aug
Introduction Whitelisting is a cyber security strategy where a user granted administrative rights could take action on their computer. However, rather than attempting to keep one stride in front of threat attackers to recognise and obstruct malicious code, the IT staff would rather order a rundown of supported applications that a computer or a mobile […]
21
Jul
Jul
If only it were as simple as the popular ‘XYZ’ Antivirus (AV) software solution is the best antivirus software and outperforms all the rest. But, unfortunately, sometimes marketing can be deceiving. As expected, popularity and quality do not go hand in hand with most AVs. As a result, there has been poor progress in AV […]
09
Jun
Jun
A malware strain has been at large for over a year, which was observed to compromise Kubernetes Clusters clearing the way for a backdoor, giving the attacker persistent access. Kubernetes was originally developed by Google and is currently maintained by the Cloud Native Computing Foundation. It is an open-source system that helps automate the deployment, […]
17
May
May
Virtual CISO Services Get access to a skilled, experienced information security risk management and compliance professional on-demand Request a Quote