Archive for 'Vulnerability News' Category
GoTo Breach Response
By Vigilize - Last updated: Wednesday, January 25, 2023
infotex and GoTo To all infotex managed security service Clients: As recently reported by major news outlets there was a data breach affecting GoTo (formerly LogMeIn) wherein attackers stole encrypted backups containing customer information in November 2022. Based on the advisory from GoTo the products they offer that are affected include LogMeIn Pro, LogMeIn Central, […]
NIST Announces Retirement of SHA-1
By Vigilize - Last updated: Monday, December 19, 2022
The cryptographic algorithm is vulnerable to attack and is no longer considered secure… An article review. NIST has announced that it plans to retire the SHA-1 cryptographic algorithm by the end of 2030, citing multiple vulnerabilities in the standard, effectively ending its use after nearly 30 years. Introduced in 1995, SHA-1 used a 160-bit hash […]
Watch Where You Click: Google Ads May Spread Malware
By Vigilize - Last updated: Monday, November 21, 2022
Google Ads, Gitlab and OneDrive have been used to distribute the BATLOADER malware… An article review. We’ve always believed that “watch where you click” has always been good advice when it comes to security online, however Microsoft is tracking the spread of malware that has been using legitimate websites to help facilitate its spread, counting […]
New Attacks Target Multi-Factor Authentication
By Vigilize - Last updated: Monday, October 17, 2022
Microsoft, Cisco and Uber are among the companies hit by this new threat… An article review. As more organizations adopt multi-factor authentication to help safeguard their systems hackers have adapted, and several major corporations have been among those hit by this new style of attack. This new technique, called MFA Fatigue or Push Spamming, involves […]
Industrial Technology Cybersecurity Concerns Persist
By Vigilize - Last updated: Monday, June 20, 2022
Over 85 percent of surveyed companies report having no centralized monitoring of networked industrial devices… An article review. If you are involved in IT within your organization, you’re probably aware of the importance of being able to monitor relevant activity from your networked devices, especially if your organization is involved in healthcare, finance, or government. […]
Managing Software Supply Chain Risk
By Steven Jakubin - Last updated: Monday, April 25, 2022
Software Bill of Materials (SBOMs) are becoming more and more important. . . We are all very familiar with one aspect of the software supply chain – updates. New features, bug fixes, and performance upgrades are a regular occurrence to any device’s lifecycle, however what if these kinds of updates also include deliberately malicious code? […]
The Importance of Proper Multi-Factor Authentication (MFA) in 2022
By Steven Jakubin - Last updated: Monday, February 28, 2022
Not just because it is becoming an issue of compliance. . . We all know the plot of your typical heist movie – a group of robbers seeks out special bits of information, such as PIN numbers, keycards, FOBs, and even biometrics, all to relentlessly gain entry to a secured vault. These vaults use several […]
Log4j Vulnerability
By Vigilize - Last updated: Wednesday, December 15, 2021
infotex and Log4j We are keeping our Clients’ safety in mind. To all infotex managed security service Clients: On Friday December 10th, infotex became aware of a zero-day vulnerability in the Apache Log4j library that allows unauthenticated remote code execution. We began incident response and took steps to proactively disable potentially vulnerable applications until we […]
New Chinese Law Highlights Disclosure Debate
By Vigilize - Last updated: Monday, September 13, 2021
Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
Pegasus Making You Mega-Sus?
By Tanvee Dhir - Last updated: Monday, August 16, 2021
If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
infotex and GoTo To all infotex managed security service Clients: As recently reported by major news outlets there was a data breach affecting GoTo (formerly LogMeIn) wherein attackers stole encrypted backups containing customer information in November 2022. Based on the advisory from GoTo the products they offer that are affected include LogMeIn Pro, LogMeIn Central, […]
The cryptographic algorithm is vulnerable to attack and is no longer considered secure… An article review. NIST has announced that it plans to retire the SHA-1 cryptographic algorithm by the end of 2030, citing multiple vulnerabilities in the standard, effectively ending its use after nearly 30 years. Introduced in 1995, SHA-1 used a 160-bit hash […]
Watch Where You Click: Google Ads May Spread Malware
By Vigilize - Last updated: Monday, November 21, 2022
Google Ads, Gitlab and OneDrive have been used to distribute the BATLOADER malware… An article review. We’ve always believed that “watch where you click” has always been good advice when it comes to security online, however Microsoft is tracking the spread of malware that has been using legitimate websites to help facilitate its spread, counting […]
New Attacks Target Multi-Factor Authentication
By Vigilize - Last updated: Monday, October 17, 2022
Microsoft, Cisco and Uber are among the companies hit by this new threat… An article review. As more organizations adopt multi-factor authentication to help safeguard their systems hackers have adapted, and several major corporations have been among those hit by this new style of attack. This new technique, called MFA Fatigue or Push Spamming, involves […]
Industrial Technology Cybersecurity Concerns Persist
By Vigilize - Last updated: Monday, June 20, 2022
Over 85 percent of surveyed companies report having no centralized monitoring of networked industrial devices… An article review. If you are involved in IT within your organization, you’re probably aware of the importance of being able to monitor relevant activity from your networked devices, especially if your organization is involved in healthcare, finance, or government. […]
Managing Software Supply Chain Risk
By Steven Jakubin - Last updated: Monday, April 25, 2022
Software Bill of Materials (SBOMs) are becoming more and more important. . . We are all very familiar with one aspect of the software supply chain – updates. New features, bug fixes, and performance upgrades are a regular occurrence to any device’s lifecycle, however what if these kinds of updates also include deliberately malicious code? […]
The Importance of Proper Multi-Factor Authentication (MFA) in 2022
By Steven Jakubin - Last updated: Monday, February 28, 2022
Not just because it is becoming an issue of compliance. . . We all know the plot of your typical heist movie – a group of robbers seeks out special bits of information, such as PIN numbers, keycards, FOBs, and even biometrics, all to relentlessly gain entry to a secured vault. These vaults use several […]
Log4j Vulnerability
By Vigilize - Last updated: Wednesday, December 15, 2021
infotex and Log4j We are keeping our Clients’ safety in mind. To all infotex managed security service Clients: On Friday December 10th, infotex became aware of a zero-day vulnerability in the Apache Log4j library that allows unauthenticated remote code execution. We began incident response and took steps to proactively disable potentially vulnerable applications until we […]
New Chinese Law Highlights Disclosure Debate
By Vigilize - Last updated: Monday, September 13, 2021
Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
Pegasus Making You Mega-Sus?
By Tanvee Dhir - Last updated: Monday, August 16, 2021
If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
Google Ads, Gitlab and OneDrive have been used to distribute the BATLOADER malware… An article review. We’ve always believed that “watch where you click” has always been good advice when it comes to security online, however Microsoft is tracking the spread of malware that has been using legitimate websites to help facilitate its spread, counting […]
Microsoft, Cisco and Uber are among the companies hit by this new threat… An article review. As more organizations adopt multi-factor authentication to help safeguard their systems hackers have adapted, and several major corporations have been among those hit by this new style of attack. This new technique, called MFA Fatigue or Push Spamming, involves […]
Industrial Technology Cybersecurity Concerns Persist
By Vigilize - Last updated: Monday, June 20, 2022
Over 85 percent of surveyed companies report having no centralized monitoring of networked industrial devices… An article review. If you are involved in IT within your organization, you’re probably aware of the importance of being able to monitor relevant activity from your networked devices, especially if your organization is involved in healthcare, finance, or government. […]
Managing Software Supply Chain Risk
By Steven Jakubin - Last updated: Monday, April 25, 2022
Software Bill of Materials (SBOMs) are becoming more and more important. . . We are all very familiar with one aspect of the software supply chain – updates. New features, bug fixes, and performance upgrades are a regular occurrence to any device’s lifecycle, however what if these kinds of updates also include deliberately malicious code? […]
The Importance of Proper Multi-Factor Authentication (MFA) in 2022
By Steven Jakubin - Last updated: Monday, February 28, 2022
Not just because it is becoming an issue of compliance. . . We all know the plot of your typical heist movie – a group of robbers seeks out special bits of information, such as PIN numbers, keycards, FOBs, and even biometrics, all to relentlessly gain entry to a secured vault. These vaults use several […]
Log4j Vulnerability
By Vigilize - Last updated: Wednesday, December 15, 2021
infotex and Log4j We are keeping our Clients’ safety in mind. To all infotex managed security service Clients: On Friday December 10th, infotex became aware of a zero-day vulnerability in the Apache Log4j library that allows unauthenticated remote code execution. We began incident response and took steps to proactively disable potentially vulnerable applications until we […]
New Chinese Law Highlights Disclosure Debate
By Vigilize - Last updated: Monday, September 13, 2021
Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
Pegasus Making You Mega-Sus?
By Tanvee Dhir - Last updated: Monday, August 16, 2021
If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
Over 85 percent of surveyed companies report having no centralized monitoring of networked industrial devices… An article review. If you are involved in IT within your organization, you’re probably aware of the importance of being able to monitor relevant activity from your networked devices, especially if your organization is involved in healthcare, finance, or government. […]
Software Bill of Materials (SBOMs) are becoming more and more important. . . We are all very familiar with one aspect of the software supply chain – updates. New features, bug fixes, and performance upgrades are a regular occurrence to any device’s lifecycle, however what if these kinds of updates also include deliberately malicious code? […]
The Importance of Proper Multi-Factor Authentication (MFA) in 2022
By Steven Jakubin - Last updated: Monday, February 28, 2022
Not just because it is becoming an issue of compliance. . . We all know the plot of your typical heist movie – a group of robbers seeks out special bits of information, such as PIN numbers, keycards, FOBs, and even biometrics, all to relentlessly gain entry to a secured vault. These vaults use several […]
Log4j Vulnerability
By Vigilize - Last updated: Wednesday, December 15, 2021
infotex and Log4j We are keeping our Clients’ safety in mind. To all infotex managed security service Clients: On Friday December 10th, infotex became aware of a zero-day vulnerability in the Apache Log4j library that allows unauthenticated remote code execution. We began incident response and took steps to proactively disable potentially vulnerable applications until we […]
New Chinese Law Highlights Disclosure Debate
By Vigilize - Last updated: Monday, September 13, 2021
Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
Pegasus Making You Mega-Sus?
By Tanvee Dhir - Last updated: Monday, August 16, 2021
If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
Not just because it is becoming an issue of compliance. . . We all know the plot of your typical heist movie – a group of robbers seeks out special bits of information, such as PIN numbers, keycards, FOBs, and even biometrics, all to relentlessly gain entry to a secured vault. These vaults use several […]
infotex and Log4j We are keeping our Clients’ safety in mind. To all infotex managed security service Clients: On Friday December 10th, infotex became aware of a zero-day vulnerability in the Apache Log4j library that allows unauthenticated remote code execution. We began incident response and took steps to proactively disable potentially vulnerable applications until we […]
New Chinese Law Highlights Disclosure Debate
By Vigilize - Last updated: Monday, September 13, 2021
Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
Pegasus Making You Mega-Sus?
By Tanvee Dhir - Last updated: Monday, August 16, 2021
If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
Questions about China’s new disclosure laws only highlight the uncertainty about disclosure in general… An article review. China recently made waves in the security world by announcing a new set of data security laws, one of which has added new fuel to a long running debate: how and when should security vulnerabilities be disclosed…and to […]
If Zero days need Zero clicks, are there any secure devices in the mix? Tanvee Dhir explores the Pegasus spyware. Another technical post, meant to inspire thought about IT Governance . . . . Introduction Over the past couple of weeks, we have seen multiple stories regarding a powerful piece of spyware called Pegasus sold […]
