Cybersecurity threats are becoming increasingly sophisticated and prevalent. In 2022, ransomware attacks jumped by 93%. The introduction of ChatGPT will only increase the potential damage of cyber-attacks. Protecting sensitive data and systems requires a comprehensive approach. One that goes beyond a single security solution. This is where a defense-in-depth cybersecurity strategy comes into play. In […]
Companies both large and small share this one cybersecurity problem. They have computers that are still running older operating systems. Staff might use these devices only occasionally. Or the company may be running customized software that won’t run on newer OS versions. The problem is that when the OS becomes outdated, the system is open […]
The new year has begun and it’s a time of renewal as we plan for the possibilities to come in 2023. It’s also a time when you need to plan for resiliency in the face of ever-present cyberattacks. Sixty-eight percent of surveyed business leaders feel that cybersecurity risks are getting worse. They have a good […]
❗ Security alert ❗ Citrix has just announced a vulnerability discovered in Citrix Gateway and Citrix ADC. Citrix ADC or Citrix Gateway appliances configured as a SAML SP or a SAML IdP are affected by the CVE-2022-27518 vulnerability, which allows unauthenticated remote arbitrary code execution. The following supported versions of Citrix ADC and Citrix Gateway are affected by this […]
Nearly all organisations own some form of NAS storage device that they use for various purposes. Firstly, as a backup destination which is the most common usage. Secondly, as a Web Server, and thirdly, as a hypervisor to host Virtual Machines. In this post, we focus on applying the best practices to such devices regardless […]
What is an MFA Fatigue Attack? An MFA Fatigue attack is a strategy used by threat actors to abuse sign-in security by forcing users to grant them access to get relief from the MFA flood. The method is also known as MFA bombing and is considered a high-profile attack. How it works This strategy, combined […]
Have you ever heard of the Air Gap Backups? This blog post discusses Air Gap Backups and how you can use them to your benefit. What is an Air Gap Backup? Air Gap Backup is an effective data protection strategy used to take backup copies off infrastructure and keep them offline, thus, making them inaccessible […]
It appears two new Microsoft Exchange Zero-Day vulnerabilities are being exploited in the wild. While the exploitation is not yet confirmed, attacks have been launched on fully patched Exchange servers affecting companies and organisations. If you run Microsoft Exchange on-premises and have Outlook Web App (OWA) facing the internet, the chances are you are impacted. […]
This infographic is about the 10 top types of Phishing Attacks as of today, September 2022.
Two weeks have been left for Australian businesses to make use of the priority registration period and register their domain names under the .au extension. From 20th September 2022, the way we register domain names in Australia is changing, and below is what you should know. What you should know about the change After this […]
This infographic is about the 6 most common Phishing Attacks and how they can be detected.
This blog post discusses the SPF, DKIM and DMARC mechanisms and how organisations can use them to their benefit. Contrary to popular belief, their role is not to protect a mail system against threats. Instead, they act as protection mechanisms for the mail exchange worldwide, adding to the Cyber Hygiene of this ecosystem. Did we […]
The landscape is changing so does the legislation. NIS2 Directive is now a reality for European Union and its members. The Directive comes as a response to the increased exposure of Europe to cyber threats and now covers medium and large entities from more critical sectors of the economy and society. A Cyber Security programme and Incident […]
On Monday, May 30, 2022, Microsoft disclosed the “Follina” dubbed remote code execution (RCE) CVE-2022-30190 zero-day vulnerability, affecting Microsoft Office products. Zero-day means no patch is available yet, and our InfoSec department here at COMPTEC I.T acted quickly and worked overnight to provide a response for our clientele and partner network. Once we got them […]
