Two Common Vulnerability and Exposures (CVEs) were released for Apache Log4j on December 10th, 2021, and have dominated headlines in the Information Technology and Security industries. Log4j, a Java-based 'logging utility' within the Apache Logging Services, is embedded throughout widespread technologies and products depended on every day by businesses and consumers alike. The initial discovery stemmed from the popular video game, Minecraft. These particular CVEs are not only trivial to exploit, but are actively being exploited in the wild via a race condition and allow remote attackers to gain control of compromised systems.

Cyber Advisors Inc. has created a list of recommendations and a services package in response to Log4Shell vulnerability, that affects a significant number of systems and applications. More information can be found here.

Windows 11 is here! With plenty of innovation and new features, Windows 11 boasts an all-new simplified, yet modernized interface that was designed to inspire productivity and creativity. Not sure where to start? Check out the highlighted features below and tips for upgrading.

International Fraud Awareness Week is observed globally and aims to raise awareness of fraud through fraud prevention campaigns and education.

Operational Technology (OT) has become a very common talking point around the Cyber Advisors office. For starters, let’s define OT.

OT is industrial level control systems that are typically outside of the IT realm. Some examples of OT are Energy Grids, video recording systems, security badges/fobs, elevators, fire sprinkler systems, and gas pipelines. Many of these systems are IoT based. Some are much more industrial based such as PLC controls for turning a switch on and off.

The new Exchange Server component, aptly named Microsoft Exchange Emergency Mitigation (EM) service, builds on Microsoft's Exchange On-premises Mitigation Tool (EOMT) released in March to help customers minimize the attack surface exposed by the ProxyLogon bugs.

A vulnerability has been identified in the VMware vCenter Server product that could allow a threat actor to execute malicious code. The vulnerability exists in the Analytics service and can be attacked by an unauthenticated user via port 443. There are both patches and temporary workarounds available by VMware. This vulnerability can be exploited regardless of current configuration settings.

This vulnerability exists in:

• VMware vCenter 6.7x/7.0x
• VMware Cloud Foundation 3.x/4.x, which bundles vCenter

On Monday, September 13th Google released security updates for the Chrome web browser to address a total of 11 security issues, two of which are zero-days actively being exploited in the wild. Chrome users are advised to update to the latest version (93.0.4577.82 or later) for Windows, Mac, and Linux by heading to Settings > Help > 'About Google Chrome' to mitigate the risk associated with the flaws. 

Security threats are constant and it's hard to know where to start when it comes to protecting your organization. Taking the first step in the journey of security can be very overwhelming, but our team of security experts are here to help. No matter the size of the organization, we recommend starting with a Threat Assessment followed by a Business Impact Analysis.

Threat Assessment: The first step is engaging our team of security experts to perform a self-assessment survey to understand where your organization currently stands. Our team works with you to conduct a solid inventory of your business and understand key assets to operations. This process evaluates and verifies perceived threats and assesses their likelihood. After the initial assessment, our team reviews the severity of the threats and creates a plan to address the underlying vulnerabilities. Our team works with your organization to prioritize based on impact, cost and likelihood.

Business Impact Analysis: If you had all the money in the world, you could have a lot of security tools in your pocket and the resources to manage them - Unfortunately, in the real world, you have a limited budget and need to prioritize. This is where having a solid Business Impact Analysis (BIA) comes into play.

Mark Blanco joined the Cyber Advisors team as a Project Manager in March 2020, just days into the pandemic when work and life changed drastically. 

Mark worked hard to streamline many internal processes on the Project Team. His work has allowed the Project Team to be more efficient and create a better client experience. He also works closely with the Cyber Advisors Security Team where he has been an integral component to the growth and success of the department.

Cyber Advisors co-founders, Shane Vinup and Igor Bogachev, were recently featured on the What are YOU Doing? podcast hosted by Michael Beach. Both Shane and Igor are honored to be a part of such an incredible series. 

Michael Beach Coaching and Consulting  prepares clients and their teams to become strong and courageous leaders. Michael's podcast is a series featuring thought leaders who are investing in the next generation of leadership for their organization. These thought leaders are developing the emerging leaders who will take their organization to the next level and the level after that.

Listen to the podcast: Direct Download URL or Permalink URL