On November 4, 2023, QNAP published security advisories for two critical command injection vulnerabilities impacting multiple versions of QNAP operating systems and applications related to the vendor’s network-attached storage (NAS) devices. Both vulnerabilities have been given critical CVSS scores (CVE-2023-23368: 9.8, CVE-2023-23369: 9.0) and both can lead to unauthenticated, remote threat actors executing commands if successfully exploited.

The City of Huber Heights is in east Ohio, north of Dayton. The suburban area has a population of around 50,000, but other populated areas are nearby. Sunday morning, November 12th, 2023, the City of Huber Heights was subject to a ransomware attack; the investigation is ongoing, as the attack disrupted many City divisions.

On November 2, 2023, SysAid was notified by Microsoft of a zero-day path traversal vulnerability allowing for remote code execution, which affects their on-premises ITSM solution. In the investigation conducted by SysAid, it was determined that the vulnerability was being actively exploited by a ransomware affiliate group known as Lace Tempest (DEV-0950), a group known for deploying the CL0P ransomware payload.

As you may have seen in the press earlier this year, Stripe OLT recently achieved two crucial Microsoft certifications, in both Modern Work and Security. These certifications (also known as designations) are important to Microsoft solution partners because they signify a deep understanding and proficiency of specific Microsoft technologies.

More decision-makers are investing in grid modernization efforts, knowing that doing so is necessary for keeping pace with modern demands. For example, smart grid fault-detection sensors could warn utility company providers of problems in real time, preventing costly and inconvenient outages. Technologies like the Internet of Things (IoT) can also improve stability. An IoT grid-monitoring approach allows authorized parties to oversee electrical infrastructure from anywhere.

As discussed in the previous blog, the insurance sector, like other financial institutions, face various unique cybersecurity challenges. Of primary concern is its responsibility for safeguarding sensitive customer data. This data has long been a prime target for cybercrime — a trend that has endured even as today’s IT landscape, and the threats against it, continue to evolve.