My TechDecisions

Search Results: cisa

CNA Cyber Attack

CISA: Hackers Using Vulnerability Chaining to Target Government Networks

According to U.S. cybersecurity officials, malicious cyber attackers are using multiple vulnerabilities to infiltrate government networks.

October 12, 2020 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency, along with the FBI, have released a joint advisory warning that threat actors are actively exploiting vulnerabilities as they target government networks. The joint advisory, released last Friday, says these recent attacks are directed at federal, state, local, tribal and territorial government networks, and there is some risk […]

Read More
Proofpoint CISO, CISOs cyberattack

CISA: Patch Windows Server Vulnerability Now

CISA is demanding federal agencies to upgrade Windows Server to protect against a known vulnerability. Enterprises should do the same.

September 21, 2020 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency directive to federal agencies demanding that they apply an August update to Windows Server before Tuesday to address a critical vulnerability that could allow an attacker to compromise all Active Directory identity services. The vulnerability – CVE-2020-1472 – is an elevation of privilege vulnerability […]

Read More
cyber-attack-skull

Spike in Cyberattacks Exposes Vulnerabilities in University Security Measures

No matter an institution’s budgetary limitations, there are proven measures that institutions can adopt to enhance campus security and safeguard their resources.

August 21, 2023 Kevin Kirkwood Leave a Comment

Note: The views expressed by guest bloggers and contributors are those of the authors and do not necessarily represent the views of, and should not be attributed to My TechDecisions. As expected from authorities anticipating an increase in threats to the education sector, cyberattacks are continuing to wreak havoc on colleges and universities across the United States. As […]

Read More
Progress MOVEit vulnerability

Progress Software Urges Further Action to Prevent MOVEit Exploitation

Defending against exploitation of MOVEit vulnerabilities gets more complicated as Progress Software issues another patch.

June 16, 2023 Zachary Comeau Leave a Comment

The MOVEit Transfer story continues to plague IT departments and security professionals as Progress Software has issued another advisory, urging organizations to apply yet another patch to address a privilege escalation flaw in its Transfer product. The company’s update comes amid reports of widespread exploitation, including several at several U.S. agencies that were breached as […]

Read More
MOVEit, ransomware, CVE-2023-34362,

BianLian Ransomware Group Skips Encryption and Goes Straight to Exfiltration

The BianLian group is a ransomware actor that is targeting organizations with a data extortion model, bypassing traditional encryption.

May 17, 2023 Zachary Comeau Leave a Comment

Cybersecurity officials the, FBI, Microsoft and Sophos are warning organizations to limit their use of some legitimate tools as they are being leveraged by the BianLian group, a ransomware group that has targeted organizations with a data extortion model, bypassing the need to encrypt victims’ data. According to a joint advisory from CISA, its Australian […]

Read More
Microsoft Exchange Throttling Blocking

What is Going on With Microsoft Exchange Server Throttling and Blocking?

Microsoft will begin throttling and blocking emails from unsupported, unpatched Exchange servers over the next two months. Here's why.

April 17, 2023 Zachary Comeau Leave a Comment

Microsoft is hoping to address the security issue of emails sent to Exchange online from unsupported and unpatched Exchange Servers by enabling a transport-based enforcement system in Exchange Online that will throttle and then block emails from an unsupported server. The end goal is to encourage Microsoft customers to stop using persistently vulnerable versions of […]

Read More
CISA Software Security

Software Manufacturers Urged to Think Security Before Features, Speed to Market

CISA and other cybersecurity agencies are urging tech companies to think more about security of their products.

April 13, 2023 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency along with its counterpart agencies from several different countries have published a new guide urging software manufacturers to take steps to ship products that are built with security from the ground up. The guidance, “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default, comes […]

Read More
Genesis Market

Check to See If Your Organization’s Credentials Were on Genesis Market

Dark web initial access marketplace Genesis Market has been seized, and organizations can check to see if they were compromised.

April 6, 2023 Zachary Comeau Leave a Comment

Genesis Market, online criminal marketplace that advertised and sold packages of stolen credentials that threat actors use to compromise accounts in the financial sector, critical infrastructure and federal, state and local government agencies, has been dismantled by a coalition of international law enforcement agencies. According to a news release from the U.S. Department of Justice, […]

Read More
Log4j, Older Vulnerabilities, CISA KEV

Older, Unpatched Vulnerabilities Are Still Wreaking Havoc

Older vulnerabilities that remain unpatched are still the primary vehicle for cyberattacks, Tenable report finds.

February 28, 2023 Zachary Comeau Leave a Comment

Older vulnerabilities for which patches have already been made available by the vendor are still the primary vehicle for cyberattacks, suggesting that organizations are still behind in practicing good cyber hygiene, according to new data from Tenable. The Columbia, M.D.-based provider of vulnerability management software finds in its 2022 Threat Landscape Report that the number […]

Read More
Royal Ransomware

DPRK Ransomware Group Targets Healthcare Sector, Agencies Say

U.S. agencies are warning healthcare organizations and others to be aware of new ransomware activity from a North Korean nation-state group.

February 13, 2023 Zachary Comeau Leave a Comment

U.S. agencies are warning healthcare organizations and other critical infrastructure organizations to be aware of recent activity from a North Korean nation-state ransomware group that is leveraging older vulnerabilities–including Log4Shell– to gain access into victim environments. The advisory from the FBI, U.S. Cybersecurity and Infrastructure Security Agency and other agencies gives an overview of the […]

Read More