The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) recently released a free tool that will assist organizations with identifying indicators of compromise following threat activity in Microsoft 365 and Azure Environments.

The new CISA Hunt and Incident Response Program (CHIRP) tool, “is a forensics collection tool that CISA developed to help network

On April 6, 2021, DocuSign issued an Alert notifying users of a new malicious hacking tool that is mimicking DocuSign to drop malware into victims’ systems. According to the Alert, the document building tool, dubbed “EtterSilent,” “creates Microsoft Office documents containing malicious macros or attempts to exploit a known Microsoft Office vulnerability (CVE-2017-8570) to download

State and local governments have been hammered with business email compromise (BEC) attacks over the past few years and the onslaught does not appear to be abating.

Last week, the Federal Bureau of Investigation (FBI) issued a Private Industry Notification to state, local, tribal, and territorial governments that they are being targeted by BEC attackers.

Speaking of security education and training, the National Cybersecurity Center this week launched a new initiative to offer cyber-hygiene and IT security sessions to elected state government officials and their staff for FREE. The training sessions are getting a financial boost from Google and bipartisan support from Secretaries of State Frank LaRose (R-Ohio) and

Although many students are returning to in-class learning, many others are still in a hybrid situation or fully remote at their own request. The rapid transition from in-school to the at-home learning setting has necessitated the use of classroom management software to manage online learning programs. The software of one of those companies, Netop Vision

Cyber-hygiene and prevention are sometimes hard to fit in when there are so many vulnerabilities, zero-day attacks and third-party incidents that keep us busy every day. During the pandemic, many companies put their Incident Response Plans and tabletop exercises on the back burner as they were migrating an entire workforce from office to home, and

I continue to be amazed in my day-to-day virtual conversations by how many people are unaware of one of the most devastating compromises ever to happen—the recent compromise of Microsoft’s Exchange versions 2013-2019. It is critically important for all Microsoft Exchange users that are using Exchange On-Premises (such as those using Office 365) to be

What do you do if your HR benefits and payroll vendor suffers a cyber-attack and payroll can’t be run? Do you have a backup plan for running payroll? How will you communicate with your employees? And if your benefits and payroll vendor has a cyber-incident and your employees’ highly sensitive data is exfiltrated, what will

In what the New York Department of Financial Services (NYDFS) is touting as the first guidance by a U.S. regulator on cyber insurance, NYDFS announced on February 4, 2021, in Insurance Circular Letter No. 2 (2021), that it has issued a new Cyber Insurance Risk Framework (Framework) addressed to authorized property/casualty insurers that write cyber