Entries by admin@cystel

Are You Vulnerable to Supply Chain Attacks?

A supply chain attack, sometimes referred to as a “value-chain” or “third-party attack”, occurs when someone penetrates your systems via an external partner or supplier who already has access to your systems, information and data. Due to the number of suppliers that companies are working with, as well as the recent increase in remote working across supply chains, the attack surface has increased drastically.

Cloud Technologies: Easy Solution or Security Nightmare?

The adoption of these technologies is quick and simple. Cloud services enable organizations’ processes, improve quality, increase productivity and speed to market, but it also creates vulnerabilities that must be addressed before it is too late.

Adobe Releases Security Updates

Original release date: February 9, 2021 Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Magento APSB21-08  Acrobat and Reader […]

Apple Releases Security Updates

Original release date: February 9, 2021 Apple has released security updates to address vulnerabilities in macOS Big Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the Apple security update and apply the necessary updates.  This […]

Microsoft Launches Phase 2 Mitigation for Netlogon Remote Code Execution Vulnerability (CVE-2020-1472)

Original release date: February 10, 2021 Microsoft addressed a critical remote code execution vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. Beginning with the February 9, 2021 Security Update release, Domain Controllers will be placed in enforcement mode. This will require all Windows and non-Windows devices to use secure Remote Procedure Call (RPC) […]

Microsoft Releases February 2021 Security Updates

Original release date: February 9, 2021 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s February 2021 Security Update Summary and Deployment Information and apply the necessary updates. This […]

North Korean Malicious Cyber Activity: AppleJeus

Original release date: February 17, 2021 CISA, the Federal Bureau of Investigation, and the Department of the Treasury have released a Joint Cybersecurity Advisory and seven Malware Analysis Reports (MARs) on the North Korean government’s dissemination of malware that facilitates the theft of cryptocurrency—referred to by the U.S. Government as “AppleJeus.” The U.S. Government refers […]

Compromise of U.S. Water Treatment Facility

Original release date: February 11, 2021 In response to recent events where unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility, CISA, the Federal Bureau of Investigation, the Environmental Protection Agency, and the Multi-State Information Sharing and Analysis Center have released joint […]

Verify Your Valentine

Original release date: February 11, 2021 This Valentine’s Day, before you go looking for love in all the wrong chat rooms, CISA reminds users to be wary of internet romance scams. At first, cyber criminals promise the reward of romance after adopting an alias to appear as a potential partner. Once your heart is hooked […]