-
Federal Goals for Cybersecurity in Healthcare
The Department of Health and Human Services (HHS) has released their 2024-2030 strategic plan which includes increasing security around Electronic Health Information (EHI).
-
Remote Code Execution on Ivanti Products Found in the Wild
In early January, Ivanti acknowledged two critical zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in their Connect Secure and Policy Secure Gateways. These vulnerabilities open the door for remote unauthenticated code execution across all supported versions. Volexity’s investigation, which we’ve linked below, reveals active exploitation in the wild.
-
Abusing Unconstrained Delegation via Service Principal Name hijacking
. When conducting penetration tests, abusing delegation is one of my favorite attacks to conduct. Not only is it usually a quick and easy way to elevate privileges, but I often find that many clients do not fully understand the risks associated with delegation and perhaps more importantly, they don’t know how to detect it.
-
IT and Cybersecurity Challenges Facing the Construction Industry
In 2021, Nordlocker, an encryption software firm, analyzed 1,200 companies to discover which industries were affected by ransomware attacks the most. The construction sector was revealed to be targeted the most out of the 35 industries analyzed.
-
Recent Ransomware Surge:
In an era defined by digital connectivity, the increase of ransomware attacks has cast a glaring spotlight on the relentless and ever-evolving nature of cyber threats. As these attacks continue to target entities across industries, comprehending the underlying reasons for their surge is paramount as is their potential to disrupt operations and extract ransoms underscores the critical need for fortified cybersecurity measures.
-
Hacking to Get Paid
Authored by Jake Moraites; Cybersecurity Consultant and Lindsay Timcke; Cybersecurity Director
In the current digital landscape, hacking has become a lucrative business opportunity for cybercriminals across the globe. Gone are the days where hacking was limited to isolated incidents of curiosity or mischief. Hacking is a business now and one way or another, hackers will ensure they get paid.
-
Are YOU Protected? Recent MOVEit Application Hack.
The MOVEit application, a popular managed file transfer (MFT) solution developed by Ipswitch showed some recent vulnerabilities that threatens the security and confidentiality of the transferred data. The impact of this vulnerability can be severe, compromising the privacy and integrity of sensitive data. Organizations should take proactive measures to mitigate the risks and secure their file transfer operations.
-
New Threat Targeting Fortinet FortiGuard Devices
A state-sponsored actor based in China, “Volt Typhoon,” has recently created waves of concern within the cybersecurity industry. The threat actor, who has been known for carrying out cyber espionage, has managed to establish persistent access within telecom networks and other critical infrastructure.
-
Cyber Security/Response Plan Preparedness in Trucking
Cyber Security/Response Plan Preparedness in Trucking Authored by Lindsay Timcke ; Director, IT & Cyber Going back 10-20 years ago the biggest threats to your trucking business were fuel costs, the weather and staffing. Then, almost appearing overnight the internet came into the picture and soon dominated the conversations surrounding Incident Response (IR), Disaster Recovery (DR) and […]
-
2023’s Artificial Intelligence Proliferation
Early into 2023, there have already been a slew of new technical and regulatory developments within the artificial intelligence field. Most notably, OpenAI, an American artificial intelligence laboratory, made a splash with its chatbot Chat Generative Pre-Trained Transformer, better known as ChatGPT, in which users can enter a prompt and the model will generate a response. OpenAI shows no signs of slowing down AI development with its plans to train a model to complete entry level coding work
