Develop and enforce a telework security policy, such as having tiered levels of remote access. Require multi-factor authentication for enterprise access. Use validated encryption technologies to protect communications and data stored on client devices. Ensure […]
“An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run […]
Microsoft finally patched a zero-day that has existed for years named “GlueBall” (CV-2020-1464: Windows Spoofing Vulnerability). A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass […]
During the COVID-19 Pandemic, many companies have been required to set-up their employee base to work remotely. This includes not only employees, but also contractors, business partners, vendors, and other users to perform work from […]
Antivirus software is designed to detect and remove malware; malware is the broad term used to describe all kinds of malicious or unwanted code. Antivirus solutions are installed on individual devices such as desktops, laptops, and […]
Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are usually showed instructions for how to pay a fee to get the decryption key.
The Under Armour subsidiary MyFitnessPal has officially confirmed the theft of account data for over 150 million users. The MyFitnessPal Hack In February 2018, unknown actors accessed the protected data of MyFitnessPal (MFP), a fitness […]
In the days following the latest Facebook scandal, in which we learned that Cambridge Analytica collected and misused the personal data of potentially 50 million American Facebook users, we have seen: A large social media […]
On February 28th, 2018, GitHub reported that it experienced the largest DDoS attack on record, with a maximum volume of 1.35Tbps. The GitHub Attack Process Many applications use a memory caching system called “memcached“. Administrators […]