Network Security
-
How the Events in Ukraine Could Impact U.S. Businesses
As we watch history unfold in the Ukraine, it’s important to think about how these events can impact you and your business. One way in which you could be impacted is by a cyber-attack. The Russian government has used cyber as a key component of their force projection over the last decade. The last week has seen an unprecedented level of disruptive activity including activation of the new “HermeticWiper” malware attack discovered on February 23. While these attacks are currently focused outside the US, it is generally believed that sanctions imposing on Russia by Ukraine’s western allies, including the United States may cause retaliatory cyber-attacks here in our homeland.
-
The Art of Exploitation: Domain Admin from the Internet via eTRAKiT
In this post, we will look at a SQL injection vulnerability within the eTRAKiT web application without authenticating to the web application and resulting in obtaining a remote connection to the backend database.
-
Cybersecurity in Higher Education – People, Process, and Associated Risks
Authored by Jacob Paullus
Information Technology and Information Security are some of the most important yet most complicated ecosystems to construct in a Higher Education environment. Between students, staff, and faculty, many of these institutions have a larger technological footprint than some of the largest companies in the world.
-
Preventing a Password Compromise
Authored by Zoran Jovic
Password compromise is one of the most serious threats organizations face today. Attackers are attempting to gain access to your credentials 24/7, and tailor many, if not most attacks with the main goal of gaining access to credentials. Once the attacker has a username and a password, they become an authenticated user with access to systems and applications! While it may be hard to expect you to never make a mistake, a combination of user awareness training and effective security controls can help minimize the risk of a compromise. Whether you already have implemented mitigating controls, or are just starting on your journey, CLA can help verify and enhance your security posture.
-
Ransomware? – Tips to Mitigate Against Ransomware
I presume that you are also aware of the most recent attack on one of the nation’s largest pipelines that carries gas from Texas to New York. This was also as a result of ransomware. On May 13, 2021 the National Institute of Standards and Technology (NIST) released some tips and tricks for dealing with ransomware.
-
Web Application Security – API Data Exposure
In this age of technology, APIs arguably have become the core essential piece of web-based services and applications. APIs are used to make “calls” or “requests” to send or receive information between two systems. Some APIs are utilized to transmit sensitive data, such as credit card numbers or medical information. It is important that organizations evaluate their applications to gain confidence that the APIs are secured and hardened.
-
Change Your Password If You Use The ParkMobile Parking App – Your Information May Be Compromised
The data for approximately 21 million customers who use the ParkMobile parking app has been compromised. If you use this app some of the potential information that is being sold right now includes your mailing address, license plate number, email address, passwords and phone numbers.
-
Does Your Business Continuity & Disaster Recovery Plan Protect You In The Current Pandemic Environment?
With the pandemic we have seen an increase in inquiry to assist with the development or review of business continuity plans (BCP) and Disaster Recovery plans (DRP). Business continuity focuses on your process for recovering critical functions, while disaster recovery is more narrow in focus and most times is a subset of your BCP.
-
Splash Pages/Captive Portals for Corporate Guest Wireless Networks
Authored By: Jennifer Friel What is a Splash Page/Captive Portal? A Splash Page/Captive Portal is a page which users are directed to prior to connecting to a Guest Wireless Network. On this page, the user is required to view and interact with the page prior to being allowed access to any other sites or web connections through the network. Why a Splash Page /Captive Portal? While […]
-
CLA Cybersecurity Alert: Microsoft Email Server Attack Update
On March 2, Microsoft first announced a series of vulnerabilities that enabled hackers to break into the company’s Exchange email, calendar programs, and in some cases integrated voice messaging. China — among others — has allegedly used this vulnerability to spy on a wide range of industries in the United States ranging from medical research to law firms to defense contractors.