Cybersecurity Blog

Cybersecurity Blog

  • Critical Vulnerabilities Found on Exchange Server 2019, 2016, and 2013

    Microsoft released several security updates for Microsoft Exchange Server to address vulnerabilities that have already been used in limited targeted attacks. Due to the critical nature of these vulnerabilities, it is recommended that customers apply the updates to affected systems immediately to protect against these exploits and to prevent future abuse across the ecosystem.

    Read More

  • CIS and Akamai to Offer No-Cost Malicious Domain Blocking and Reporting Service for U.S. Hospitals

    Authored By: John Hoffoss The Center for Internet Security (CIS), together with Akamai, is offering a service called Malicious Domain Blocking and Reporting (MDBR), which prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block most ransomware infections just by preventing […]

    Read More

  • Thoughts on SolarWinds Incident for FedGov

    The Information Technology community is in the midst of one of the most far-reaching cybersecurity failures in history. The supply chain for SolarWinds updates provided an opportunity for attackers to gain entrance into a broad customer base without directly attacking fortified defenses. The next steps for potential victims include recognition of the breach, remediation of the affected network assets, and recovery. Recovery would be achieved to a level of assurance for confidence, integrity, and availability of an organization’s data and operations.

    Read More

  • ManageEngine ServiceDesk Plus Password Extraction

    In a recent internal penetration test performed for one of our clients, we were able to compromise their network by chaining vulnerabilities together that allowed us to acquire domain administrator credentials.

    Read More

  • Increase in Cyber Attacks on K-12 Schools in Remote Environment

    K-12 schools continues to be a target for cyber attacks. Cybersecurity & Infrastructure Security Agency (CISA) shared an alert regarding the increase in attack due to the remote work environment and some mitigations to reduce your risk.

    Read More

  • SolarWinds Orion Vulnerability

    SolarWinds, a popular software company used by organizations big and small, was the target of an advanced cyber attack that allowed fraudsters to implant a backdoor in one of their popular software products.

    Read More

  • Secure the Zone When You’re at Home

    Often, we only think of good cybersecurity practices in the workplace, and when we get home it’s not as important to us. Good cyber safety practices should start at home. With the ever-increasing number of connected devices, we must be vigilant in ensuring we protect ourselves and children and truly have comfort at home. Below […]

    Read More

  • To Pay or Not Pay the Ransom

    There has been an increase in ransomware demands since COVID and this sometimes encourage future ransomware payment demands. This could result in sanctions.

    Read More

  • Cybersecurity Webinar Series

    October is National Cybersecurity Awareness Month (NCSAM). Mark the occasion by learning how to reduce cyber risks for yourself and your organization. Join us for a complimentary series of webinars in October.

    Read More

  • Think! Before You Click The Link.

    Statistics show that over 90% of cyber-attacks are a result of successful email phishing campaigns.

    Read More

Subscribe to Blog   

Protecting your data from cyber threats starts with confidentiality, integrity, and availability. CLA’s cybersecurity team understands the threats you face — and how to help keep your organization safe. Check back often to learn about risks, trends, IT security attack and defense, and mitigation and response techniques.