Kaseya Attack: What You Should Know and How You Should Respond WHAT HAPPENED? It was recently discovered that Kaseya’s VSA software had an unknown, zero-day vulnerability in the software which was exploited for an attack. The software is used by managed service providers (MSPs) and their clients for remote [...]
Cisco ASA & Firepower Threat Defense Vulnerability Exploited WHAT HAPPENED? On June 24, 2021, a cybersecurity firm published a Proof of Concept (PoC) exploit on Cisco's Adaptive Security Appliance, showing security weaknesses in the software. While PoC’s are intended for information sharing and not for harm, the published vulnerability [...]
Phishing Warning: Virginia State Corporation Commission Issues Alert WHAT HAPPENED? On June 24, 2021, the Virginia State Corporation Commission’s Division of Securities and Retail Franchising (the Division) issued an alert to registered investment advisers of an ongoing phishing campaign whereby the attackers claim to be from the Division.Like most phishing attempts, [...]
DarkSide, Ransomware, and the Colonial Pipeline Attack: 8 Practical Ways to Lock Down Your Data WHAT HAPPENED? When bad actors initiated a ransomware attack on the Colonial Pipeline network earlier this month, panic-struck consumers emptied gas pumps across the Southeast. The pipeline, a critical infrastructure resource, ultimately paid attackers [...]
The New Virginia Consumer Data Protection Act - What Does It Mean for My Firm? WHAT HAPPENED? On March 2, 2021, Virginia governor Ralph Northam signed into law the Consumer Data Privacy Act (CDPA), which will take effect in 2023. The CDPA is similar to an existing data privacy [...]
How bad is the Microsoft Exchange attack, and should I be worried? WHAT HAPPENED? On Tuesday, March 2, 2021, Microsoft issued an uncommon “out-of-band,” or off schedule patch for Microsoft Exchange servers. By the following day, Microsoft announced findings that the China-based hacker group Hafnium was actively exploiting a [...]
Six New Data Privacy Bills That Could Become Law in 2021 WHAT HAPPENED? State mandated data privacy regulations are constantly evolving to meet the needs of the changing cybersecurity landscape. Staying up to date with these rules is critical to maintaining a compliant and functional cybersecurity program at your [...]
Lessons from the SolarWinds Breach to Enhance Your Cybersecurity and Vendor Management Programs WHAT HAPPENED? Remediation efforts have been underway for nearly two months following the burgeoning SolarWinds attack. Initial findings indicated that the breach affected an estimated 1,800 companies, including major cybersecurity vendors like Mimecast and Qualys. While [...]
SonicWall Issues and Retracts Alert of Hackers Exploiting Zero-Day Vulnerability Within SonicWall VPN SonicWall, a company providing firewalls and other cybersecurity solutions, issued an alert indicating that it had found a probable zero-day vulnerability with its SMA 100 series products on Jan. 22, 2021. A zero-day vulnerability is a software [...]
Hackers Use Mimecast Certificate to Access Microsoft Accounts On Jan. 12, 2021, the cloud-based email security and management provider Mimecast disclosed that one of its digital certificates, used by approximately 10 percent of its customers, was hacked and used to access some of its client’s Microsoft 365 accounts. A digital [...]