IT Controls
-
Federal Goals for Cybersecurity in Healthcare
The Department of Health and Human Services (HHS) has released their 2024-2030 strategic plan which includes increasing security around Electronic Health Information (EHI).
-
Remote Code Execution on Ivanti Products Found in the Wild
In early January, Ivanti acknowledged two critical zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in their Connect Secure and Policy Secure Gateways. These vulnerabilities open the door for remote unauthenticated code execution across all supported versions. Volexity’s investigation, which we’ve linked below, reveals active exploitation in the wild.
-
Abusing Unconstrained Delegation via Service Principal Name hijacking
. When conducting penetration tests, abusing delegation is one of my favorite attacks to conduct. Not only is it usually a quick and easy way to elevate privileges, but I often find that many clients do not fully understand the risks associated with delegation and perhaps more importantly, they don’t know how to detect it.
-
Hacking to Get Paid
Authored by Jake Moraites; Cybersecurity Consultant and Lindsay Timcke; Cybersecurity Director
In the current digital landscape, hacking has become a lucrative business opportunity for cybercriminals across the globe. Gone are the days where hacking was limited to isolated incidents of curiosity or mischief. Hacking is a business now and one way or another, hackers will ensure they get paid.
-
Are YOU Protected? Recent MOVEit Application Hack.
The MOVEit application, a popular managed file transfer (MFT) solution developed by Ipswitch showed some recent vulnerabilities that threatens the security and confidentiality of the transferred data. The impact of this vulnerability can be severe, compromising the privacy and integrity of sensitive data. Organizations should take proactive measures to mitigate the risks and secure their file transfer operations.
-
Shadow IT and Rogue Applications
Authored by Lindsay Timcke
The last ten years have shown an unprecedented growth in application development and deployment. Presently there is pretty much an application for anything and everything you can imagine. From a corporate standpoint what this has led to is a dramatic increase in groups or even individuals within companies purchasing software that meets their department needs. Over time this application will grow in size and complexity while the user community and importance to the group for completing their daily tasks will also increase. From a compliance and audit standpoint the above introduces many points of concern.
-
Vendor Management – Outsourcing the Task, Not the Risk
Authored by Lindsay Timcke
One of the most overlooked areas of Cybersecurity and creating a solid defensible cybersecurity posture for your firm is vendor management. With most firms in the 21st century being heavily invested in relationships with outside vendors who monitor, develop, deploy, extract, and oversee many aspects of our network infrastructure, it is imperative that each firm approach these outside resources as just an extension of their own organization. This means the controls you have in place at your organization should also be in place at each of your vendors.
-
Microsoft 365 Security: Is Your Organization’s Data Safe?
Authored by David Sun
Microsoft 365 came of age just as organizations quickly adopted remote work during the pandemic. In their urgency to migrate, many IT departments did not have the time to fully research the new platform and all its security features, opting to use the default settings. Once migration was complete and systems running reliably, organizations — fearing disruption — may not have gone back to change the settings.
-
Ransomware that Your Cybersecurity Insurance Can’t Cover
The latest alert from various US government agencies through the Cybersecurity & Infrastructure Security Agency (CISA) warns that actors affiliated with Iran’s Islamic Revolutionary Guard Corps are targeting vulnerabilities in Fortinet networking equipment and Microsoft Exchange email software. Like other threat actors, they leverage vulnerabilities to deploy tools and encrypt systems and exfiltrate data, creating significant business interruption and consumer risk, while demanding a large ransom payment.
-
Education Sector Being Targeted for Cyber Attacks
Back to school apparently also applies to hackers. Educational institutions are currently being targeted for ransomware attacks. The FBI, Cybersecurity & Infrastructure Security Agency (CISA) issued a warning on September 6, 2022 about the increase in ransomware attacks by hacking group Vice Society. This group has been using compromised credentials to exploit internet-facing applications to gain access, explore the network, exfiltrate sensitive student data and deploy ransomware. In the past, we have seen this disruptive activity lead to classes being cancelled, exams being delayed, to schools being shut down permanently.