Cyber Security Threat Center

5 Good Cybersecurity Lessons Learned From FTC Law Enforcement Actions

• Post Author:Frank Crast
• Post published:April 5, 2020
• Post Category:Cybercrime / Cybersecurity Articles / Regulations & Laws / Standards & Guidelines

Several years ago, the Federal Trade Commission (FTC) released a good video that is still highly relevent today. The video explains how companies can leverage NIST's Cybersecurity Framework to greatly improve security in their organization. In this article, we highlight the five key tenants from the framework and how they could have possibly prevented FTC action and penalties.

Continue Reading 5 Good Cybersecurity Lessons Learned From FTC Law Enforcement Actions

FBI warns of video-teleconferencing hijacking “Zoom-bombing”

• Post Author:Frank Crast
• Post published:April 4, 2020
• Post Category:Cybersecurity Attacks / Network Security / Security Updates & Patches / Vulnerabilities & Exploits

As the COVID-19 crisis continues to spread, larger numbers of enterprises and learning organizations are moving meetings and classrooms online via video-teleconferencing (VTC) platforms. The FBI has issued a new warning of recent VTC attacks and also offered guidance on how to better security VTC platforms.

Continue Reading FBI warns of video-teleconferencing hijacking “Zoom-bombing”

Firefox security update (74.0.1) patches two zero-day critical vulnerabilities

• Post Author:Frank Crast
• Post published:April 4, 2020
• Post Category:Security Updates & Patches / Vulnerabilities & Exploits

The Mozilla Foundation released a new security update for Firefox 74.0.1 that patches two zero-day Critical vulnerabilities (CVE-2020-6819 and CVE-2020-6820) under active attack.

Continue Reading Firefox security update (74.0.1) patches two zero-day critical vulnerabilities

APT41 launches broad cyber campaign with multiple exploits

• Post Author:Frank Crast
• Post published:April 1, 2020
• Post Category:Network Security / Security Updates & Patches / Vulnerabilities & Exploits

Researchers from FireEye have discovered Chinese cyber threat group APT41 carry out a broad cyber campaign between January 20 and March 11, 2020. The actors have attempted to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central products against 75 FireEye customers.

Continue Reading APT41 launches broad cyber campaign with multiple exploits

Google releases Chrome security update (80.0.3987.162)

• Post Author:Frank Crast
• Post published:April 1, 2020
• Post Category:Mobile Security / Security Updates & Patches / Vulnerabilities & Exploits

Google has released Chrome 80.0.3987.162 for Windows, Mac and Linux, as well as a new version of Chrome for Android.

Continue Reading Google releases Chrome security update (80.0.3987.162)

GE third party data breach exposes employee personal data

• Post Author:Frank Crast
• Post published:March 27, 2020
• Post Category:Data Breach / Third-Party Security

In a breach notification letter posted online, General Electric (GE) said one of their service providers Canon Business Process Services experienced a data breach last month. The breach exposed certain personal data on past and present GE employees, as well as their beneficiaries.

Continue Reading GE third party data breach exposes employee personal data

Upgrade now: Apple security updates for iOS 13.4, macOS Catalina 10.15.4 and other products

• Post Author:Frank Crast
• Post published:March 25, 2020
• Post Category:Security Updates & Patches / Vulnerabilities & Exploits

Apple has released security updates for iOS 13.4, macOS Catalina 10.15.4, Safari 13.1 and other products.

Continue Reading Upgrade now: Apple security updates for iOS 13.4, macOS Catalina 10.15.4 and other products

Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated)

• Post Author:Frank Crast
• Post published:March 24, 2020
• Post Category:Security Updates & Patches / Zero-days

Microsoft has issued a new security advisory for two remote code execution (RCE) vulnerabilities in Adobe Type Manager (ATM) Library exploited in the wild. Microsoft also published several workarounds to reduce risk until a patch is rolled out.

Continue Reading Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated)

Drupal patches third-party library CKEditor vulnerabilities

• Post Author:Frank Crast
• Post published:March 20, 2020
• Post Category:Security Updates & Patches / Vulnerabilities & Exploits

Drupal has released a critical security update to address third-party library CKEditor XSS vulnerabilities in Drupal 8.7.x and 8.8.x.

Continue Reading Drupal patches third-party library CKEditor vulnerabilities

Google releases Chrome security update (80.0.3987.149)

• Post Author:Frank Crast
• Post published:March 19, 2020
• Post Category:Mobile Security / Security Updates & Patches / Vulnerabilities & Exploits

Google has released Chrome 80.0.3987.149 for Windows, Mac and Linux, as well as a new version of Chrome for Android. The update addresses 13 security fixes to include 9 High severity vulnerabilities.

Continue Reading Google releases Chrome security update (80.0.3987.149)