DHS orders agencies to urgently patch or disconnect Exchange servers

The Department of Homeland Security's cybersecurity unit has ordered federal agencies to urgently update or disconnect Microsoft Exchange on-premises products on their networks. The Cybersecurity and Infrastructure Security Agency (CISA) issued the Emergency Directive 21-02 Wednesday after Microsoft patched four zero-day Exchange bugs in emergency out-of-band security updates and shared info on active exploitation in … Continue reading DHS orders agencies to urgently patch or disconnect Exchange servers

New Jailbreak Tool Works on Most iPhones

The Unc0ver team has released a tool that works on iOS 11 and later, and exploits a vulnerability that was recently under attack. Unc0ver, a team of hackers behind the jailbreak tool, released a new tool that works on nearly every iPhone model and exploits a flaw that Apple reported was under active attack last … Continue reading New Jailbreak Tool Works on Most iPhones

Microsoft Concludes Internal Investigation into Solorigate Breach

The software giant found no evidence that attackers gained extensive access to services or customer data. Microsoft, which calls the SolarWinds supply chain attack a "moment of reckoning," declared on Thursday it had completed an internal investigation of its own compromised network. It advises companies to strengthen security by adopting a zero trust mindset and … Continue reading Microsoft Concludes Internal Investigation into Solorigate Breach

Data Risk, Intelligence and Insider Threats

When it comes to securing networks in today’s business environment, the single biggest challenge firms must contend with is that of the insider threat. While the term is typically associated with corporate espionage or perhaps disgruntled workers, this threat is mostly not caused by malicious actors. The insider threat simply refers to the damage caused … Continue reading Data Risk, Intelligence and Insider Threats

North Korean Malicious Cyber Activity: AppleJeus

CISA, the Federal Bureau of Investigation, and the Department of the Treasury have released a Joint Cybersecurity Advisory and seven Malware Analysis Reports (MARs) on the North Korean government’s dissemination of malware that facilitates the theft of cryptocurrency—referred to by the U.S. Government as “AppleJeus.” The U.S. Government refers to malicious cyber activity by the … Continue reading North Korean Malicious Cyber Activity: AppleJeus