Observed each October, National Cybersecurity Awareness Month (NCSAM) was first launched in a collaborative effort between the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security. Today, it continues to be an important collaboration between government and industry in the months up to and throughout October. Each year focuses on core themes to raise awareness about cybersecurity issues and explain what resources can help.

Maybe it’s the changing of the seasons, the start of a new school year, or just something in the air, but September’s cybersecurity landscape was marked with high-energy hacks that seem to have served as twisted amusements for their perpetrators. This month’s round-up is full of criminals who weren’t content just to collect a ransom or sell some private data. These hackers wanted to scorch the earth and hurt their victims with an extra layer of malice and humiliation.

On Thursday, September 29th, 2022, GTSC–a Vietnam-based cybersecurity company–published a blog detailing intrusion they investigated that chained together two exploits for Microsoft Exchange zero-day vulnerabilities to achieve remote code execution (RCE). Technical details around how to exploit these vulnerabilities were not provided.

Healthcare leaders are embracing cloud technologies to connect information across the continuum of care, engage more patients, and unlock the potential of health data. While the cloud streamlines healthcare operations, it also presents challenges for organizations that must meet the stringent data security requirements of HIPAA and other security standards.

Welcome to October, the spookiest month of the year! No, we’re not talking cute kids dressed as their favorite cartoon character on a mission to collect a mountain of candy. That’s a treat. We’re here to talk about the tricks, and how you can keep from falling for them. That’s right, it’s Cybersecurity Awareness Month!

Arctic Wolf Labs regularly collects and analyzes data and insights from the incident response activities of Arctic Wolf’s incident response business unit, Tetra Defense. These insights, as laid out in the charts and graphs in this blog, enhance the threat detection capabilities of the Arctic Wolf Security Operations Cloud, and are leveraged by Arctic Wolf’s community of partners.

Ah, the CISO. In the past decade no job title has become more fashionable. At the same time, no job title has carried more of an air of mystery. What, exactly, is a CISO? What do they do? How do they do it? And how can you become one? Let’s find out.

On Friday, September 23, 2022, Sophos disclosed a critical code injection vulnerability impacting Sophos Firewall. This vulnerability, assigned CVE-2022-3236, affects Sophos Firewall versions v19.0 MR1 (19.0.1) and older and could lead to remote code execution. In order for a threat actor to exploit this vulnerability, WAN access would need to be enabled for the Webadmin and User Portal consoles.

Understanding the ins and outs of threat intelligence can be complicated for an organization. If your business is anything but cyber, it’s understandable to be overwhelmed by terms like ransomware, cryptocurrency, and DDoS attacks, especially in relation to your systems and assets. That’s okay.

Signed into law in March of 2022, the Strengthening American Cybersecurity Act (SACA) gives federal authorities an overview of all cyber attacks against critical infrastructure in the United States for the very first time. SACA has three parts: SACA comes at a time when governments are facing a significant paradigm shift.