NetStandard’s Security Minute Series We have all seen the “fake tech support” scams, or the various similar ones that all involve talking to a scammer in a (usually foreign) datacenter somewhere. KnowBe4 called one of these scammers and documented the…

NetStandard’s Security Minute Series Since the release of ransomware targeting the new Exchange vulnerabilities (which Scott discussed last week), the number of attacks has grown by 10X. This has become the most significant software vulnerability in a very long time: Exploits…

NetStandard’s Security Minute Series So the Exchange attacks just keep getting worse. The estimated number of affected Exchange servers is up into the tens of thousands (I’ve seen some estimates in the hundreds of thousands!), and there are at least…

Last week, it was widely reported that four previously unknown or “zero-day” vulnerabilities in Microsoft’s Exchange Server software were being actively exploited by groups of cyber attackers. These defects could allow attackers to steal data or deploy malicious software to…

NetStandard’s Security Minute Series The biggest news of the week: Microsoft announced emergency out-of-band patches for Exchange Server, to fix 4 actively exploited 0-day vulnerabilities. There are many, many reports of hundreds of servers being compromised – basically every security…

NetStandard’s Security Minute Series There’s a new critical vulnerability in vCenter, allowing an attacker to use port 443 to gain root access to vCenter. Even if you don’t have port 443 exposed to the internet, an attacker that breaches an…

NetStandard’s Security Minute Series  This is scary: The IT monitoring software Centreon was attacked, and allowed the Sandworm group access to Centreon for 3 years. IT monitoring software is generally very trusted software, with visibility to everything inside a network,…

NetStandard’s Security Minute Series This week was Patch Tuesday! Microsoft released patches for 58 different bugs (the smallest number in a year!), but called out 4 as being especially noteworthy – an actively-exploited zero-day, two remote code executions, and a denial of…

Consider keeping your business safe with email filtering Trickbot Targeting Legal and Insurance Providers One of the most active sources of malicious emails over the past couple of years has been Trickbot. Trickbot has been a major target from Microsoft, and went dormant…

NetStandard’s Security Minute Series An interesting thought I read in a book the other day: “You win more by not being stupid, than you do from being smart.” This is very applicable to cyber security. Cyber criminals are most often…