Cybersecurity Blog

Network Security

  • Remote Code Execution on Ivanti Products Found in the Wild

    In early January, Ivanti acknowledged two critical zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887) in their Connect Secure and Policy Secure Gateways. These vulnerabilities open the door for remote unauthenticated code execution across all supported versions. Volexity’s investigation, which we’ve linked below, reveals active exploitation in the wild.

    Read More

  • Hacking to Get Paid

    Authored by Jake Moraites; Cybersecurity Consultant and Lindsay Timcke; Cybersecurity Director

    In the current digital landscape, hacking has become a lucrative business opportunity for cybercriminals across the globe. Gone are the days where hacking was limited to isolated incidents of curiosity or mischief. Hacking is a business now and one way or another, hackers will ensure they get paid.

    Read More

  • Shadow IT and Rogue Applications

    Authored by Lindsay Timcke

    The last ten years have shown an unprecedented growth in application development and deployment. Presently there is pretty much an application for anything and everything you can imagine. From a corporate standpoint what this has led to is a dramatic increase in groups or even individuals within companies purchasing software that meets their department needs. Over time this application will grow in size and complexity while the user community and importance to the group for completing their daily tasks will also increase. From a compliance and audit standpoint the above introduces many points of concern.

    Read More

  • Vendor Management – Outsourcing the Task, Not the Risk

    Authored by Lindsay Timcke

    One of the most overlooked areas of Cybersecurity and creating a solid defensible cybersecurity posture for your firm is vendor management. With most firms in the 21st century being heavily invested in relationships with outside vendors who monitor, develop, deploy, extract, and oversee many aspects of our network infrastructure, it is imperative that each firm approach these outside resources as just an extension of their own organization. This means the controls you have in place at your organization should also be in place at each of your vendors.

    Read More

  • Microsoft 365 Security: Is Your Organization’s Data Safe?

    Authored by David Sun

    Microsoft 365 came of age just as organizations quickly adopted remote work during the pandemic. In their urgency to migrate, many IT departments did not have the time to fully research the new platform and all its security features, opting to use the default settings. Once migration was complete and systems running reliably, organizations — fearing disruption — may not have gone back to change the settings.

    Read More

  • Education Sector Being Targeted for Cyber Attacks

    Back to school apparently also applies to hackers.  Educational institutions are currently being targeted for ransomware attacks.  The FBI, Cybersecurity & Infrastructure Security Agency (CISA) issued a warning on September 6, 2022 about the increase in ransomware attacks by hacking group Vice Society.  This group has been using compromised credentials to exploit internet-facing applications to gain access, explore the network, exfiltrate sensitive student data and deploy ransomware.  In the past, we have seen this disruptive activity lead to classes being cancelled, exams being delayed, to schools being shut down permanently.

    Read More

  • Cybersecurity Education Series for Nonprofits – Security Basics

    Please check out the post below written by Javier Young where he highlights how to protect your hard drives, hardware and software decommissioning, and device configuration. Cybersecurity Education Series for Nonprofits – Security Basics

    Read More

  • Discord Users Beware of Server Hijacks

    Users of the popular messaging platform Discord have been targeted recently with threat actors hijacking servers and stealing assets.  This has been particularly problematic in the Non-Fungible Token (NFT) space where CLA’s incident response team has recently responded to a rash of NFT’s being compromised resulting in tremendous losses.  These compromises have allowed threat actors to use legitimate accounts to announce fake drops or links, where participating victims end up losing assets in fake transactions.   To evade detection, sometimes these announcements are made via direct message (DM) so others cannot see what is happening.

    Read More

  • Cybersecurity & Infrastructure Security Agency (CISA) Malware Alert (AA22 054A)

     “Sandworm”, a Russian state-backed hacker group within the GRU (Russian military intelligence organization) has released new malware called ‘Cyclops Blink’….’Cyclops Blink’ can lead to a complete network compromise, by allowing attackers to gain access to the external perimeter firewall.

    Read More

  • How the Events in Ukraine Could Impact U.S. Businesses

    As we watch history unfold in the Ukraine, it’s important to think about how these events can impact you and your business.  One way in which you could be impacted is by a cyber-attack.  The Russian government has used cyber as a key component of their force projection over the last decade.  The last week has seen an unprecedented level of disruptive activity including activation of the new “HermeticWiper” malware attack discovered on February 23.  While these attacks are currently focused outside the US, it is generally believed that sanctions imposing on Russia by Ukraine’s western allies, including the United States may cause retaliatory cyber-attacks here in our homeland.

    Read More

Subscribe to Blog   

Protecting your data from cyber threats starts with confidentiality, integrity, and availability. CLA’s cybersecurity team understands the threats you face — and how to help keep your organization safe. Check back often to learn about risks, trends, IT security attack and defense, and mitigation and response techniques.