Apache Log4j

Posted by Kate Drankoff on Dec 23, 2021 9:30:41 AM

Two Common Vulnerability and Exposures (CVEs) were released for Apache Log4j on December 10th, 2021, and have dominated headlines in the Information Technology and Security industries. Log4j, a Java-based 'logging utility' within the Apache Logging Services, is embedded throughout widespread technologies and products depended on every day by businesses and consumers alike. The initial discovery stemmed from the popular video game, Minecraft. These particular CVEs are not only trivial to exploit, but are actively being exploited in the wild via a race condition and allow remote attackers to gain control of compromised systems.

 

Cyber Advisors Inc. has created a list of recommendations and a services package in response to Log4Shell vulnerability, that affects a significant number of systems and applications. More information can be found here.

Read More

Topics: security, MSP, Log4j

Windows 11 New Changes and Features

Posted by Kate Drankoff on Dec 21, 2021 2:07:12 PM

Windows 11 is here! With plenty of innovation and new features, Windows 11 boasts an all-new simplified, yet modernized interface that was designed to inspire productivity and creativity. Not sure where to start? Check out the highlighted features below and tips for upgrading.

Read More

Topics: security, Microsoft, Managed IT, MSP

International Fraud Awareness Week

Posted by Kate Drankoff on Nov 17, 2021 9:16:36 AM

International Fraud Awareness Week is observed globally and aims to raise awareness of fraud through fraud prevention campaigns and education.

Read More

Topics: security, cybersecurity

What’s with Operational Technology?

Posted by Dan Sanderson on Oct 19, 2021 9:06:10 AM

Operational Technology (OT) has become a very common talking point around the Cyber Advisors office. For starters, let’s define OT.

OT is industrial level control systems that are typically outside of the IT realm. Some examples of OT are Energy Grids, video recording systems, security badges/fobs, elevators, fire sprinkler systems, and gas pipelines. Many of these systems are IoT based. Some are much more industrial based such as PLC controls for turning a switch on and off.

Read More

Topics: security, Fortinet, cybersecurity, Operational Technology, OT

Automated Protection for Vulnerable Exchange Servers

Posted by Kate Drankoff on Sep 29, 2021 12:06:42 PM

The new Exchange Server component, aptly named Microsoft Exchange Emergency Mitigation (EM) service, builds on Microsoft's Exchange On-premises Mitigation Tool (EOMT) released in March to help customers minimize the attack surface exposed by the ProxyLogon bugs.

Read More

Topics: security

vCenter Server File Upload Vulnerability

Posted by Kate Drankoff on Sep 29, 2021 9:00:28 AM

A vulnerability has been identified in the VMware vCenter Server product that could allow a threat actor to execute malicious code. The vulnerability exists in the Analytics service and can be attacked by an unauthenticated user via port 443. There are both patches and temporary workarounds available by VMware. This vulnerability can be exploited regardless of current configuration settings.

This vulnerability exists in:

  • VMware vCenter 6.7x/7.0x
  • VMware Cloud Foundation 3.x/4.x, which bundles vCenter
Read More

Topics: security

Why Do We Need to Do So Many Chrome Updates!?!

Posted by Kate Drankoff on Sep 16, 2021 10:38:00 AM

On Monday, September 13th Google released security updates for the Chrome web browser to address a total of 11 security issues, two of which are zero-days actively being exploited in the wild. Chrome users are advised to update to the latest version (93.0.4577.82 or later) for Windows, Mac, and Linux by heading to Settings > Help > 'About Google Chrome' to mitigate the risk associated with the flaws. 

Read More

Topics: security, cybersecurity, Google Chrome

Getting Started on the Road to Security

Posted by Kate Drankoff on Jul 27, 2021 8:49:58 AM

Security threats are constant and it's hard to know where to start when it comes to protecting your organization. Taking the first step in the journey of security can be very overwhelming, but our team of security experts are here to help. No matter the size of the organization, we recommend starting with a Threat Assessment followed by a Business Impact Analysis.

Threat Assessment: The first step is engaging our team of security experts to perform a self-assessment survey to understand where your organization currently stands. Our team works with you to conduct a solid inventory of your business and understand key assets to operations. This process evaluates and verifies perceived threats and assesses their likelihood. After the initial assessment, our team reviews the severity of the threats and creates a plan to address the underlying vulnerabilities. Our team works with your organization to prioritize based on impact, cost and likelihood.

Business Impact Analysis: If you had all the money in the world, you could have a lot of security tools in your pocket and the resources to manage them - Unfortunately, in the real world, you have a limited budget and need to prioritize. This is where having a solid Business Impact Analysis (BIA) comes into play.

Read More

Topics: security, Threat Assessment, Business Impact Analysis

Humans of Cyber: Mark Blanco, Project Manager

Posted by Kate Drankoff on Jul 26, 2021 10:16:54 AM

Mark Blanco joined the Cyber Advisors team as a Project Manager in March 2020, just days into the pandemic when work and life changed drastically. 

 

Mark worked hard to streamline many internal processes on the Project Team. His work has allowed the Project Team to be more efficient and create a better client experience. He also works closely with the Cyber Advisors Security Team where he has been an integral component to the growth and success of the department.

Read More

Topics: Managed Services, security, Managed IT, MSP

Nuggets of Advice From the Two Successful Leaders: What Are You Doing Podcast

Posted by Kate Drankoff on Jul 26, 2021 9:29:39 AM

Cyber Advisors co-founders, Shane Vinup and Igor Bogachev, were recently featured on the What are YOU Doing? podcast hosted by Michael Beach. Both Shane and Igor are honored to be a part of such an incredible series. 

 

Michael Beach Coaching and Consulting  prepares clients and their teams to become strong and courageous leaders. Michael's podcast is a series featuring thought leaders who are investing in the next generation of leadership for their organization. These thought leaders are developing the emerging leaders who will take their organization to the next level and the level after that.

 

Listen to the podcast: Direct Download URL or Permalink URL 

Read More

Topics: Managed Services, security, Managed IT, MSP, Leadership, podcast

About this blog

Welcome to the Cyber Advisors Blog.  Please take a moment to read through our content.  If you would like more information on any of these topics, simply reach out to us via contact information below.  If you find our content valuable, please subscribe.  

 

 
 
Would you like to hear from us? Click Below!
Learn More

Subscribe Here!

Recent Posts

Posts by Tag

See all