Cybersecurity Blog

Cybersecurity Blog

  • Cybersecurity Education Series for Nonprofits – Security Basics

    Please check out the post below written by Javier Young where he highlights how to protect your hard drives, hardware and software decommissioning, and device configuration. Cybersecurity Education Series for Nonprofits – Security Basics

    Read More

  • Discord Users Beware of Server Hijacks

    Users of the popular messaging platform Discord have been targeted recently with threat actors hijacking servers and stealing assets.  This has been particularly problematic in the Non-Fungible Token (NFT) space where CLA’s incident response team has recently responded to a rash of NFT’s being compromised resulting in tremendous losses.  These compromises have allowed threat actors to use legitimate accounts to announce fake drops or links, where participating victims end up losing assets in fake transactions.   To evade detection, sometimes these announcements are made via direct message (DM) so others cannot see what is happening.

    Read More

  • GLBA Safeguards Rule Update

    An updated rule for GLBA safeguards may mean some financial institutions need to review their security and handling practices. Is your organization prepared to navigate these complex decisions by the December 2022 deadline? Check out this article by Kadian Douglas that explains the FTC GLBA Safeguards Rule.

    Read More

  • FBI-Ransomware Impacting Local Governments

    The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) last week related to new and evolving cybersecurity threats. In particular, the FBI confirmed that ransomware attacks have been specifically targeted against local government entities.  The impact could be “significant due to the Public’s dependency on critical utilities, emergency services, educational facilities and other services overseen by local government”.

    Read More

  • Cybersecurity & Infrastructure Security Agency (CISA) Malware Alert (AA22 054A)

     “Sandworm”, a Russian state-backed hacker group within the GRU (Russian military intelligence organization) has released new malware called ‘Cyclops Blink’….’Cyclops Blink’ can lead to a complete network compromise, by allowing attackers to gain access to the external perimeter firewall.

    Read More

  • How the Events in Ukraine Could Impact U.S. Businesses

    As we watch history unfold in the Ukraine, it’s important to think about how these events can impact you and your business.  One way in which you could be impacted is by a cyber-attack.  The Russian government has used cyber as a key component of their force projection over the last decade.  The last week has seen an unprecedented level of disruptive activity including activation of the new “HermeticWiper” malware attack discovered on February 23.  While these attacks are currently focused outside the US, it is generally believed that sanctions imposing on Russia by Ukraine’s western allies, including the United States may cause retaliatory cyber-attacks here in our homeland.

    Read More

  • Gramm-Leach-Bliley Act (GLBA) Final Ruling Presentation

    What is included in the final GLBA rule published on October 2021? How might this impact you? When does the rule take effect? We will be presenting on the updated rule at the Higher Education virtual conference on 2/22/22. Here is the link if you are interested. 2022 Higher Education Virtual Conference : 2022 : […]

    Read More

  • Build Your Own OSINT APIs for Pen Testers

    tend to rely heavily on open-source intelligence (OSINT) data sources and APIs. This blog post is all about the value of mining OSINT data ourselves, and shows how to index very large datasets for quick searches.

    Read More

  • Higher Ed – Cybersecurity Webinar

    Please join us for our latest webinar in our Higher Education Webinar Series. Zoran Jovic, a senior cybersecurity consultant, will be covering cybersecurity topics, such as email phishing and passwords attacks, and discussing mitigation strategies to better protect your environment. Date: October 27, 2021 Time: 1:00 pm – 2:00 pm central Link to Webinar https://www.claconnect.com/events/2021/webinar-series-higher-education-hot-topics-and-updates […]

    Read More

  • The Art of Exploitation: Domain Admin from the Internet via eTRAKiT

    In this post, we will look at a SQL injection vulnerability within the eTRAKiT web application without authenticating to the web application and resulting in obtaining a remote connection to the backend database.

    Read More

Subscribe to Blog   

Protecting your data from cyber threats starts with confidentiality, integrity, and availability. CLA’s cybersecurity team understands the threats you face — and how to help keep your organization safe. Check back often to learn about risks, trends, IT security attack and defense, and mitigation and response techniques.