Cybersecurity Blog

Information Security

  • Cybersecurity & Infrastructure Security Agency (CISA) Malware Alert (AA22 054A)

     “Sandworm”, a Russian state-backed hacker group within the GRU (Russian military intelligence organization) has released new malware called ‘Cyclops Blink’….’Cyclops Blink’ can lead to a complete network compromise, by allowing attackers to gain access to the external perimeter firewall.

    Read More

  • How the Events in Ukraine Could Impact U.S. Businesses

    As we watch history unfold in the Ukraine, it’s important to think about how these events can impact you and your business.  One way in which you could be impacted is by a cyber-attack.  The Russian government has used cyber as a key component of their force projection over the last decade.  The last week has seen an unprecedented level of disruptive activity including activation of the new “HermeticWiper” malware attack discovered on February 23.  While these attacks are currently focused outside the US, it is generally believed that sanctions imposing on Russia by Ukraine’s western allies, including the United States may cause retaliatory cyber-attacks here in our homeland.

    Read More

  • Gramm-Leach-Bliley Act (GLBA) Final Ruling Presentation

    What is included in the final GLBA rule published on October 2021? How might this impact you? When does the rule take effect? We will be presenting on the updated rule at the Higher Education virtual conference on 2/22/22. Here is the link if you are interested. 2022 Higher Education Virtual Conference : 2022 : […]

    Read More

  • Build Your Own OSINT APIs for Pen Testers

    tend to rely heavily on open-source intelligence (OSINT) data sources and APIs. This blog post is all about the value of mining OSINT data ourselves, and shows how to index very large datasets for quick searches.

    Read More

  • Cybersecurity in Higher Education – People, Process, and Associated Risks

    Authored by Jacob Paullus

    Information Technology and Information Security are some of the most important yet most complicated ecosystems to construct in a Higher Education environment. Between students, staff, and faculty, many of these institutions have a larger technological footprint than some of the largest companies in the world.

    Read More

  • StopRansomware – New Website

    Ramsomware continues to be a high risk for organizations and the number of cases reported continue to increase. There are also those cases that are not reported. As you continue to develop your strategy for responding to these attacks, visit the newly formed government page at Stop Ransomware | CISA. If you would also like […]

    Read More

  • Preventing a Password Compromise

    Authored by Zoran Jovic

    Password compromise is one of the most serious threats organizations face today. Attackers are attempting to gain access to your credentials 24/7, and tailor many, if not most attacks with the main goal of gaining access to credentials. Once the attacker has a username and a password, they become an authenticated user with access to systems and applications! While it may be hard to expect you to never make a mistake, a combination of user awareness training and effective security controls can help minimize the risk of a compromise. Whether you already have implemented mitigating controls, or are just starting on your journey, CLA can help verify and enhance your security posture.

    Read More

  • Learn about CIS Controls v8

    Authored by Bill Sugnet On May 18th, The Center for Internet Security (CIS) released version 8 of the CIS Controls. From the earliest versions, the CIS Controls totaled 20 and were even referred to as the CIS Top 20 at one point. In version 8, CIS has added one control, and combined a few others. […]

    Read More

  • Ransomware? – Tips to Mitigate Against Ransomware

    I presume that you are also aware of the most recent attack on one of the nation’s largest pipelines that carries gas from Texas to New York. This was also as a result of ransomware. On May 13, 2021 the National Institute of Standards and Technology (NIST) released some tips and tricks for dealing with ransomware.

    Read More

  • Web Application Security – API Data Exposure

    In this age of technology, APIs arguably have become the core essential piece of web-based services and applications. APIs are used to make “calls” or “requests” to send or receive information between two systems. Some APIs are utilized to transmit sensitive data, such as credit card numbers or medical information. It is important that organizations evaluate their applications to gain confidence that the APIs are secured and hardened.

    Read More

Subscribe to Blog   

Protecting your data from cyber threats starts with confidentiality, integrity, and availability. CLA’s cybersecurity team understands the threats you face — and how to help keep your organization safe. Check back often to learn about risks, trends, IT security attack and defense, and mitigation and response techniques.