❗ Security alert ❗ Citrix has just announced a vulnerability discovered in Citrix Gateway and Citrix ADC. Citrix ADC or Citrix Gateway appliances configured as a SAML SP or a SAML IdP are affected by the CVE-2022-27518 vulnerability, which allows unauthenticated remote arbitrary code execution. The following supported versions of Citrix ADC and Citrix Gateway are affected by this […]
Nearly all organisations own some form of NAS storage device that they use for various purposes. Firstly, as a backup destination which is the most common usage. Secondly, as a Web Server, and thirdly, as a hypervisor to host Virtual Machines. In this post, we focus on applying the best practices to such devices regardless […]
What is an MFA Fatigue Attack? An MFA Fatigue attack is a strategy used by threat actors to abuse sign-in security by forcing users to grant them access to get relief from the MFA flood. The method is also known as MFA bombing and is considered a high-profile attack. How it works This strategy, combined […]
Have you ever heard of the Air Gap Backups? This blog post discusses Air Gap Backups and how you can use them to your benefit. What is an Air Gap Backup? Air Gap Backup is an effective data protection strategy used to take backup copies off infrastructure and keep them offline, thus, making them inaccessible […]
It appears two new Microsoft Exchange Zero-Day vulnerabilities are being exploited in the wild. While the exploitation is not yet confirmed, attacks have been launched on fully patched Exchange servers affecting companies and organisations. If you run Microsoft Exchange on-premises and have Outlook Web App (OWA) facing the internet, the chances are you are impacted. […]
This infographic is about the 10 top types of Phishing Attacks as of today, September 2022.
Two weeks have been left for Australian businesses to make use of the priority registration period and register their domain names under the .au extension. From 20th September 2022, the way we register domain names in Australia is changing, and below is what you should know. What you should know about the change After this […]
This infographic is about the 6 most common Phishing Attacks and how they can be detected.
This blog post discusses the SPF, DKIM and DMARC mechanisms and how organisations can use them to their benefit. Contrary to popular belief, their role is not to protect a mail system against threats. Instead, they act as protection mechanisms for the mail exchange worldwide, adding to the Cyber Hygiene of this ecosystem. Did we […]
The landscape is changing so does the legislation. NIS2 Directive is now a reality for European Union and its members. The Directive comes as a response to the increased exposure of Europe to cyber threats and now covers medium and large entities from more critical sectors of the economy and society. A Cyber Security programme and Incident […]
On Monday, May 30, 2022, Microsoft disclosed the “Follina” dubbed remote code execution (RCE) CVE-2022-30190 zero-day vulnerability, affecting Microsoft Office products. Zero-day means no patch is available yet, and our InfoSec department here at COMPTEC I.T acted quickly and worked overnight to provide a response for our clientele and partner network. Once we got them […]