Microsoft recently came out with a list of updates to boost your Office 365 and enhance its performance along with many of its features. The latest updates rolled out included major security updates, brand new features, and bug fixes for Office 365 and Microsoft 365 for Windows.
Cybersecurity is a significant issue facing all small and large businesses across the globe. This week’s cyber news headlines highlight the major cybersecurity incidents that have occurred recently.
The latest study from the FTC (Federal Trade Commission) has shocked the world, with consumers exposing social media as the next top target of fraud. In 2021, according to the most recent Data Spotlight report for consumer protection, scam artists cheated approximately 100,000 people via social media. A rise of more than twofold over the previous year.
This week’s cyber headlines consist of some very significant developments, updates, and patches. Read on to know about the top cybersecurity headlines from the bygone week.
Managed services is a highly competitive industry that offers tremendous opportunities along with a unique set of challenges. Clients today expect managed service providers to provide increasingly seamless solutions using virtual interfaces. Quick, efficient responses to queries and technical support are also a must for retaining clients and ensuring satisfaction. Along with all this, MSPs must also contend with a scenario of rising cybercrime where a single incident can lead to catastrophic breaches and massive losses. To survive and thrive in such an environment, MSSPs need to leverage tools that will allow them to achieve all their stated goals while mitigating risks and meeting client expectations.
SSRF attacks have gained momentum in recent years. They have been used as a break-in technique in significant attacks on organizations like Capital One and Microsoft. Because of the growing threat of SSRF attacks, the OWASP Top 10 document on web application security has listed them as a separate vulnerability category for the first time in its 2021 list (A10:2021).
Server Side Request Forgery (SSRF) attacks can pose a significant threat for organizations and unsuspecting users. Therefore, it is crucial to stay informed about these attacks and take necessary security measures.
Cybersecurity is a dynamic field, and the attacks cannot be stopped. Therefore, it is paramount to know the updates on the current attack patterns to plan safety in the best possible ways. To this end, here are the primary cybersecurity headlines this week.
Sending and receiving emails have been essential in communication between and within organizations over the past few decades. Rapid digitalization of businesses and startups entering the digital information web made emails one of the commonly used media to share information. Naturally, email security is a significant concern for any organization with a high email user base. The sensitive information shared between organizations and within them increases the critical data getting intercepted and compromised. And to manage this problem, organizations adopt security strategies like encryption and digital signatures in emails. Securing emails is vital, but pairing it with the Best Browser Security Software adds extra protection, ensuring safer web access and fewer vulnerabilities. Below is an examination of what makes conventional email security vulnerable and prone to breaches and solutions to mitigate the threats.
This week’s updates would tell you why it is crucial to patch vulnerabilities in your applications if you’re a business owner, and similarly, why it is essential to have the latest versions of these applications and software installed for the end-users. Here are the weekly cyber headlines.
The education sector is often a lucrative and easy target for malicious actors as they provide various access points and vast volumes of data. Moreover, the student body often keeps changing, making it difficult to train them in email security. A successful cyber-attack can damage the brand name and cause a substantial financial impact. Hence, maintaining a robust email security posture is essential to provide adequate protection for students and staff from email threats and attacks. This article looks at the various email security threats the educational sector faces and steps to prevent them.
The first week of the year is not without cybersecurity updates, and we bring to you the most relevant of these security headlines. Here are the updates from this past week.
Supply Chain Attacks Target Real Estate Websites
Supply chain attacks are known to sabotage organizational networks, and these attacks have increased late. The most recent targets of these attacks are real estate websites. Popular real estate listing website Sotheby’s was a victim of a supply chain attack where attackers deployed a skimmer on the cloud video platform it uses – Brightcove. Consequently, all videos projected on its website (via Brightcove video player) were infected. All websites importing real estate property videos from Sotheby also had their websites compromised by the payment card details stealing skimmer. Interestingly, this scam has been ongoing for a year and has only recently come to light.
One more year is over, and there is no respite from cybercrimes across the globe yet. It is a never-ending battle, and 2022 opens up yet another chapter in the cybersecurity space. Ransomware attacks continued to cause havoc for businesses in 2021, along with the infamous attacks, such as the SolarWinds hack and the Log4j vulnerability. This article examines the cybersecurity and email security trends to watch out for in 2022. (more…)
Here are the top cybersecurity headlines this week to help you understand what’s going on in the cyber world and how you can plan to strengthen your organization’s security posture in 2022.
K-12 Cybersecurity Act Becomes Law
US President Joe Biden recently signed the K-12 Cybersecurity Act into law which will add to the efforts at strengthening the cybersecurity of the K-12 educational institutions. The newly passed law will require the CISA director to analyze the cybersecurity risks facing K-12 schools within 120 days of the act being passed. The CISA director will also have to explore the possible cybersecurity challenges faced by these K-12 schools, including securing information systems, implementing cybersecurity protocols, and protecting sensitive employee and student and employee data.
Cybersecurity threats and data breaches will be among the most significant predicaments enterprises face in 2022. Below is an examination of the most critical data breaches of 2021 and a few areas where you should concentrate your efforts to defend yourself from such risks as you move into the new year. (more…)
The global managed services market is expected to hit $274 billion by 2026. With over 40,000 operational managed service providers (MSPs) in the US alone, there can be intense competition among providers at times. If you are an MSP business or plan to offer managed email security, this article discusses some crucial aspects of managed service offerings to help you do a profitable business.
The Christmas holidays are a fragile period in the world of cybersecurity. Many organizations undergo unfortunate cyber incidents during this time, and the simplest way to avoid such instances is to learn from the mistakes of others. Here are the top cybersecurity headlines the world over to help you plan your cyber moves better.
A zero-day vulnerability was recently detected in the popular logging library, Apache Log4j. Such an attack on your organization would enable the perpetrators to remotely carry out a complete code execution. While you must have already invested in anti-phishing services and other solutions, you need to consult professional IT teams to keep your digital assets secure from such new forms of cyber threats, too.
This week’s major cyber news headlines reflect the cybersecurity warnings being circulated ahead of the Christmas holidays and a host of other significant updates. Here are the most important of those security updates.
Imperva Reports a Surge in Web Application Attacks
Renowned security vendor Imperva recently released a cybersecurity analysis report highlighting that there have been over 4.7 million web application attacks since October 2019. Imperva’s findings reveal that web-app attacks are increasing by 22% every quarter. Data breaches in the UK have increased significantly because of the rising attacks on businesses (increased by 250% between October 2019 and the present day).
Microsoft Exchange Server primarily helps organizations send, receive, and store organizational email messages. However, there are many more functions that Microsoft Exchange Server provides to its users. It is deployed on the Windows Server Operating System and is primarily used for business purposes.
A few of the leading collaborative features are calendaring and integrating with other Microsoft applications. Microsoft Exchange Server is widely used by organizations around the world, which makes it highly vulnerable to malicious actors, who are always on the lookout to exploit one vulnerability or another. For instance, earlier this year, Chinese threat actors were reported to exploit vulnerabilities of the Exchange Server to attack organizations throughout the United States that were using Exchange Server for their email operations or other activities.
On Friday December 10, 2021 we observed the announcement of the unknown zero day vulnerability (CVE-2021-44228) for the commonly used logging library for Java-based software called log4j.
DuoCircle uses the Log4j in AWS ElasticSearch for our email message logging service. Amazon has issued a patch for the service and it has been applied to our system.
As a security measure, our team has conducted a full impact assessment since the vulnerability was initially documented, and we have found other component or service offered by DuoCircle to be affected.
Components analyzed and identified as secure:
Applications, RESTful APIs, API Gateways
DuoCircle Web (Public Website)
DuoCircle Support (Freshdesk)
Backup Services (AWS Backup, AWS S3)
At this moment there are no additional components that were identified as vulnerable to the exploit.
We are constantly monitoring the response of security researchers to observe the further discovery of this vulnerability and others that may arrive. Further updates will be posted on this page as necessary.
