New insight from Accenture Security highlights specific ways attackers are changing their tactics to make Microsoft’s email platform a tool rather than an obstacle for phishing attacks. We all tend to think of our email platform as something that helps create a more secure environment four our networks. But new disturbing information found in Accenture’s […]
The Geography of Business Email Compromise
Researchers at Agari have released a report on the global distribution of business email compromise (BEC) actors, and determined that 25% of these criminals are operating from within the United States. This makes the US the second-largest hub for BEC actors in the world. Criminals in Nigeria still account for the vast majority of BEC […]
Domain controller patch alert! Vulnerability grants domain admin access in 10 seconds
A critical Active Directory vulnerability (CVE-2020-1472) has been making headlines for being the most notorious elevation of privilege bug because it can affect all computers and domain controllers in an organization. This high-risk vulnerability, dubbed Zerologon, gives threat actors easy, instant access to domain controllers without requiring any additional privileges. This attack does not even […]
Dealing with data glut: Why ROT data is an issue, and how to manage it
“Unstructured data accounts for as much as 80 percent of an organization’s data footprint.” – Gartner As file storage grows rapidly year after year, new challenges arise around keeping data safe and maintaining control over data storage systems. Who owns which files? Whose files take up what volume of enterprise storage? Which files have become […]
6 top risk factors to triage vulnerabilities effectively
Common Vulnerability Scoring System (CVSS) scores have been viewed as the de facto measure to prioritize vulnerabilities. Vulnerabilities are assigned CVSS scores ranging from one to 10, with 10 being the most severe. However, they were never intended as a means of risk prioritization. If you’ve relied on CVSS scores alone to safeguard your organization, […]
New design, layout, and features—the all-new UI of ServiceDesk Plus Cloud is here
We are excited to launch the all new user interface for ServiceDesk Plus Cloud, the flagship ITSM software from ManageEngine. This latest UI update takes cues from the minimal design language and features restructured layouts that puts the user at the center of every module interaction. The new user experience is based on four dimensions: […]
October Patch Tuesday fixes 87 vulnerabilities, 6 of them publicly disclosed
October Patch Tuesday is here. While the next two weeks are going to be busy for system administrators as they hustle to test and deploy updates, once the cyberthreats are handled, we can all enjoy the fall festivities in peace. This Patch Tuesday has Microsoft releasing security fixes to address 87 vulnerabilities, out of which 12 […]
Five worthy reads: Every month should be Cybersecurity Awareness Month!
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. Organizations on a global scale observe Cybersecurity Awareness Month to educate and instruct their employees on cybersecurity best practices. This week we highlight some cybersecurity trends that are shaping the industry today. Now in its 17th […]
[Heads up] Paying Ransomware Criminals Might Land You A Steep Federal Fine
The US Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned multiple ransomware criminals over the last few years, most notably the Russian cybercrime syndicate aptly named Evil Corp. However, not only Eastern European hackers were sanctioned, various North Korean and Iranian actors are also on the list. Oct 1st, 2020 OFAC made it […]
Healthcare Sector Still Sustains Phishing Campaigns
No one should take too seriously the high-minded things criminals sometimes say about how they’re restraining themselves during the pandemic, and that they’re going to avoid hitting hospitals and biomedical research organizations. If anything, attacks on such targets have increased in recent months, and phishing is the usual approach. The goal of the phishing attacks […]