Vigilant Technologies

Happy Earth day!

Today is an ideal time to consider how the technology we use every day affects our environmental friendliness, whether it's a computer, phone, tablet, or gaming console.

Reminder to responsibly recently or dispose of any tech devices and keep our environment in mind when using and purchasing technology.

2021 was a record year for the number of zero-day flaws in Chrome that attackers were exploiting before Google knew about them.

Adrian Taylor, a technical program manager on the Chrome Security Team, says in a recent blog post that the increase in zero-days "may initially seem concerning", but he argues it could be a good thing because it means more zero-days are being caught and fixed.

https://security.googleblog.com/2022/03/whats-up-with-in-wild-exploits-plus.html

What's up with in-the-wild exploits? Plus, what we're doing about it. Posted by Adrian Taylor, Chrome Security Team If you are a regular reader of our Chrome release blog , you may have noticed that phrases l...

Adobe has released an emergency patch to tackle a critical bug that is being exploited in the wild.

Tracked as CVE-2022-24086, the vulnerability has been issued a CVSS severity score of 9.8 out of 10, the maximum severity rating possible. The exploit does not require any administrator privileges to trigger. Adobe says the critical, pre-auth bug can be exploited in order to execute arbitrary code.

The patches can be downloaded and applied manually here:

https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12-

Beware strange PowerPoint attachments that may appear in your inbox!

Cyber attackers are deploying emails with .ppam (PowerPoint) file attachments that can hide malware capable of rewriting Windows registry settings on targeted devices.

This campaign represents one of several stealthy ways that threat actors target desktop users via trusted applications. These emails can evade security detections and appear legitimate.

https://threatpost.com/powerpoint-abused-take-over-computers/178182/

PowerPoint Files Abused to Take Over Computers Attackers are using socially engineered emails with .ppam file attachments that hide malware that can rewrite Windows registry settings on targeted machines.

Microsoft warns that Log4j attack levels remain high.

Log4Shell will likely take years to remediate because of how widely the error-logging software component is used in applications and services.

Stay Vigilant and ensure you continue to patch affected software.

https://www.zdnet.com/article/log4j-flaw-attacks-are-causing-lots-of-problems-microsoft-warns/

Log4j flaw attack levels remain high, Microsoft warns | ZDNet Organizations might not realize their environments are already compromised.

2021 has been the year of cybersecurity issues. It's clear that cybersecurity was a major concern in 2021, and will continue to be a key concern for businesses going into the new year. Let's review the major cybersecurity incidents that took place throughout the year.

https://www.forbes.com/sites/emilsayegh/2021/12/28/2021-a-cyber-year-to-remember/?ss=cloud&sh=6c3ab84b4d00

2021: A Cyber Year To Remember One thing that seems certain for 2022 is that it will be even more essential than ever before to keep your guard up. We'll have new cybersecurity regulations further in place by then, which means there’s a higher likelihood of compliance issues with these rules.

Happy Holidays from the Vigilant team! We hope you are enjoying this season safely with family and friends.

🚨 New blog post! 🚨

We are all well aware of external threats to our organization, such as malware or hackers.

Are you aware of what internal threats are to your organization? Don't worry, we're here to break it down for you.

Click the link in our bio to read now!

Vigilant Technologies updated their phone number.

With more team members working from home, more devices are accessing your network, along with new technologies and tools being utilized to make at-home offices function properly.

This blurs the lines between the personal and professional use of devices. All of this points to a very real and potentially dangerous threat - an insider threat.

In our latest blog post, we cover what insider threats are, and how to spot and mitigate these attacks.

https://blog.vigilant1.com/insider-threats

How to Prevent Insider Attacks Insider threats present a complex risk affecting the public and private domains of all critical infrastructure sectors. Learn how to spot a potential attack and how to mitigate it.

Critical Security Warning - Over 150 models of HP printers are exposed to hacking attacks.

The most serious of the vulnerabilities could enable a remote attacker to execute code following a buffer overflow exploit. The researchers at F-Secure Labs highlighted several exploit examples, including tricking the target organization into visiting a malicious website.

https://lnkd.in/eNgm9MWc

Critical HP Printer Security Warning: 150 Models Exposed To Hack Attack Researchers reveal 'printing shellz' vulnerabilities impacting 150 HP printers: update your firmware now.

Get hooked on good deals - don't get phished this holiday season!

Know how to avoid phishing and other scams this time of year by learning about the history of phishing, and current methods cybercriminals are using to target you.

https://blog.vigilant1.com/phishing-and-social-engineering

The Evolution of Phishing Phishing was the most common type cyberattack in 2020. In our latest blog we explore why phishing is so successful, and how to prevent employees from falling for it.

Our November round-up is here!

We are excited to share our recent work with the U.S. Space Force and other teams at the SACT, information about Infrastructure Security Month, Small Business Saturday, and more!

https://www.vigilant1.com/Resources/News/tabid/243/ID/213/November-2021-Newsletter.aspx

November 2021 Newsletter November not only means that the holidays are just around the corner, it's also infrastructure security month, and small Business Saturday is not far away! We also have exciting news to share regarding our partnership with the U.S. Space Force, and tips to stay cybe

A privacy policy is meant to be a contract between you and a company that ensures that the companies are keeping your data safe. One company that holds an enormous amount of data on you is Google.

There are ways to take control over what Google has on you. Read our latest blog to learn how to toggle some of the most important privacy settings Google has, and start taking back control of your data.

https://blog.vigilant1.com/minimize-your-online-footprint

Thank you veterans for your service and sacrifice in the defense of our nation. We are honored to work alongside many Veterans and we are deeply grateful for their service.

Happy Veteran's day all!

Cybersecurity researches with the firm Randori have discovered a remote code ex*****on vulnerability in Palo Alto Networks firewalls using the GlobalProtect Portal VPN.

The zero-day has a severity rating of 9.8 and allows for unauthenticated, remote code ex*****on on vulnerable installations of the product.

https://www.zdnet.com/article/palo-alto-networks-patches-zero-day-affecting-firewalls-using-globalprotect-portal-vpn/

Palo Alto Networks patches zero-day affecting firewalls using GlobalProtect Portal VPN | ZDNet The issue affects multiple versions of PAN-OS 8.1 prior to 8.1.17 and Randori said it found numerous vulnerable instances exposed on internet-facing assets, in excess of 70,000 assets.

CISA issued a new directive today that will force federal civilian agencies to remediate over 300 vulnerabilities commonly exploited during attacks. Each of the vulnerabilities has a different due date attached to them, with some due to be mitigated by November 17, and others set for May 3, 2022.

Read the full statement for more details.

https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities

CISA Releases Directive on Reducing the Significant Risk of Known Exploited Vulnerabilities | CISA Today the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to drive urgent and prioritized remediation of vulnerabilities that are being actively exploited by adversaries. The d...