Industries: Small Business

Card image

Vulnerability Alert: High-Severity JsonWebToken Library Vulnerability

Michelle Drolet

What You Need to Know: A vulnerability was found in the open source JsonWebToken (JWT) library. According to Palo Alto Networks Unit 42, CVE-2022-23529 it could allow an attacker to achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token request. The vulnerability impacts JsonWebToken package version 8.5.1 and earlier.

Read more

1 Minute 59 Second Read

Card image

6 Cybersecurity Trends You Can Expect In 2023

Michelle Drolet

It’s that time of year again when we try to predict what’s ahead of us in terms of cybersecurity. 2022 has already become a record-breaker for the sheer volume of phishing scams, cyberattacks, data breaches and crypto heists. There was also a rise in hacktivism cases where state-sponsored cyber legions disrupted critical infrastructure and services,

Read more

4 Minute 28 Second Read

Card image

Eight Best Practices For Ransomware Threat Hunting

Michelle Drolet

Ransomware attacks and ransomware attackers are both evolving, becoming much more complex and damaging with each passing year. Attackers are moving in and out of victims swiftly, encrypting systems or exfiltrating data well before security teams can detect their presence. What organizations need is an offensive approach in which cyber threats and adversaries are hunted down

Read more

4 Minute 15 Second Read

Card image

Vulnerability Alert: Microsoft Exchange Double Zero-Day Vulnerabilities

Michelle Drolet

What You Need to Know: There are two zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability and CVE-2022-41082 is a vulnerability that allows for remote code execution when PowerShell is accessible to a threat actor. Microsoft stated that the current attacks are limited but the

Read more

3 Minute 1 Second Read

Card image

Four Essential Cybersecurity Services Every SMB Should Know

Michelle Drolet

SMBs face the same threats as larger companies but are challenged with limited resources, budgets and security talent. Organizations that outsource with an experienced security partner can make up for shortfalls in expertise and resources. In 2021, 40% of SMBs experienced a security breach partly because they are low-hanging fruit and attractive targets for leapfrogging to a

Read more

4 Minute 39 Second Read

Card image

Vulnerability Alert: Apple Releases Security for Zero-Day Vulnerabilities Exploited by Attackers

Michelle Drolet

What You Need to Know: Apple released security updates for vulnerabilities found in iOS, iPadOS, MacOS Big Sur, and macOS Monterey. CVE-2022-32894 and CVE-2022-32893 are zero-day flaws that have code execution vulnerabilities being exploited by attackers in the wild. There are few details surrounding the vulnerabilities or how they were used, but the flaws are

Read more

1 Minute 37 Second Read

Card image

Urgent Vulnerability/Phishing Notice: Large Scale Phishing Attack Targeting Microsoft Email Servers

Michelle Drolet

What You Need to Know: A large-scale phishing campaign was disclosed by ThreatLabz this week. The researchers observed the use of advanced phishing kits in a large campaign primarily targeting corporate enterprise users of Microsoft email servers. The threat actors behind the campaign have not been identified, but researchers observed the attackers using an adversary-in-the

Read more

2 Minute 30 Second Read

Card image

Urgent Vulnerability Notice: Atlassian Confluence Critical Hardcoded Password Vulnerability Under Active Exploitation

Michelle Drolet

What You Need to Know: A hardcoded credentials vulnerability was found in the Questions for Confluence app and is under active exploitation. The vulnerability allows remote, unauthenticated attackers that know the hardcoded password for specific accounts in the app, to gain access to non-restricted pages in Confluence. CVE-2022-26138 was observed to be under active exploitation

Read more

1 Minute 52 Second Read

Card image

Janelle Drolet presents at AWS re:Inforce Boston

#Managed Detection & Response

Michelle Drolet

We were honored to have our Director of Sales, Janelle Drolet, present at the AWS re:Inforce yesterday in Boston. We were excited to share the unique partnership of Towerwall, Alert Logic, and AWS. Learn more about the Towerwall and Alert Logic MDR difference.  

Read more

0 Minute 13 Second Read

Card image

Urgent Vulnerability Notice: Microsoft Zero Day Actively Exploited, Impacting Server and Client Windows Platforms

Michelle Drolet

What You Need to Know: A zero-day vulnerability was found in the latest Widows 11 and Windows Server 2022 releases. CVE-2022-22047 is a local privilege escalation vulnerability found in the Windows Client and Windows Server Runtime Subsystem. Although Microsoft has issued a patch, the vulnerability is actively being exploited by attackers and has a CVSS

Read more

2 Minute 57 Second Read