CrowdStrike Services recently investigated several Play ransomware intrusions where the common entry vector was suspected to be the Microsoft Exchange ProxyNotShell vulnerabilities CVE-2022-41040 and CVE-2022-41082. In each case, CrowdStrike reviewed the relevant logs and determined there was no evidence of exploitation of CVE-2022-41040 for initial access.

According to the 2022 IBM Cost of a Data Breach Report, the global average cost of a data breach is $4.35 million. Data breaches in the US are even more costly, averaging over $9 million. However, it isn’t just the big players caught in the line of fire. IBM’s report also found that 83% of companies will experience a data breach soon, meaning financial institutions of all sizes — from local credit unions to Fortune 500s — are at risk.

The central issue behind the latest headline-grabbing security breach – an incident that directly impacted several major US government agencies – highlights pervasive issues related to many organizations’ use of the popular Office 365 and Azure Microsoft cloud platforms.

When we speak of necessary evils, some images readily spring to mind. A dental appointment, automobile insurance, and many others. In cybersecurity, audits fit this image quite well. There are many uncomfortable aspects of audits, including the need to maintain accurate records, as well as finding the time to perform all the work required to satisfy the auditors.

There were so many notable things that have happened in 2022, here’s some to name a few. We have gotten back to a “normal” state of being or have accepted the new “normal”. While ThreatQuotient enjoyed meeting some new faces on the Hangin’ with Haig episodes.

Many organizations today have strict data privacy regulations that they must comply with. These privacy regulations can often clash with the requirements of security, application and operations teams who need detailed log information. At Graylog, many of the organizations who use our tool are logging sensitive data that may contain personally identifiable information, health related data or financial data.

‍ 2022 has been quite the year in cybersecurity. For the first time in a long while, I’m seeing positive developments in the space, including improved cybersecurity education for end-users and adoption of IT Security protection by smaller organizations. As a Cybersecurity Evangelist, education is extremely important to me. So I’ve combined my 2023 cybersecurity predictions with practical resources that you can review now to improve your cyber preparedness.

As organizations strive for more nimble operations through digital transformation, many are taking a hybrid cloud approach. But ensuring proper security and adhering to compliance regulations can prove difficult - especially at scale. Compliance frameworks may shift annually, making the process of achieving and maintaining compliant procedures intensely laborious, with frequent retraining cycles involving significant time and investment.

The holiday season is the perfect time to rewatch some favorite festive movies! While some prefer their holiday movies to be as sappy as possible (Hallmark, we’re looking at you), others relish the annual opportunity to watch an 8-year-old boy exact his revenge on two bumbling bad guys in the 1990 classic Home Alone.

Software is responsible for connecting everything by running millions of lines of code- whether it is your workplace, home, or virtually anywhere. If you are a software developer or publisher, you already know how important it is to get a Code Signing certificate for all the software you develop. It helps the users authenticate the software’s publisher or source and get an assurance that the signed software has not been subjected to alteration since its signing.